一个功能较全的squi配置文件

#用户认证

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/password

auth_param basic children 5

auth_param basic realm Squid proxy-caching web server

auth_param basic credentialsttl 1 hours

auth_param basic casesensitive off

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

#本网段用户可以上网

acl our_networks src 192.168.1.0/24 192.168.2.0/24

http_access deny !our_networks

#绑定mac和ip

acl userip src 192.168.1.3

acl usermac arp 00:0C:29:4E:F5:92

http_access deny usermac !userip

http_access deny !usermac userip

http_access allow localhost

#每个人的连接限制为一个

acl onlyone maxconn 2

http_access deny onlyone

#一个用户只能从一个ip登录代理服务器

acl perip max_user_ip -s 1

http_access allow perip

#阻拦某些关键字开头的网址

acl badhead dstdom_regex -i ^news ^game ^pic ^xxx

http_access deny badhead

#阻拦带有某些关键的网址

acl badurl urlpath_regex -i news game pic sex mp3 xxx

http_access deny badurl

#阻拦具体网站

acl badsite url_regex -i www.msn.com www.xxx.com xxx.com

http_access deny badsite

#禁止下载某些类型的文件

acl badfile url_regex -i \.mp3$ \.vbs$ \.rmvb$ \.rm \.exe$ \.mpg$ \.mpeg$

http_access deny badfile

#授权用户可以访问web

acl userauth proxy_auth REQUIRED

http_access allow userauth

#其他用户连接一律拒绝

http_access deny all

icp_access allow all

log_uses_indirect_client on

http_port 3128

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY

cache_mem 16 MB

cache_dir ufs /var/spool/squid 100 16 256

access_log /var/log/squid/access.log squid

mime_table /etc/squid/mime.conf

pid_filename /var/run/squid.pid

ftp_telnet_protocol on

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern . 0 20% 4320

acl apache rep_header Server ^Apache

broken_vary_encoding allow apache

half_closed_clients on

cache_mgr root@lrq.com

mail_program mail

cache_effective_user squid

cache_effective_group squid

visible_hostname fc8.lrq.com

delay_pools 1

error_directory /usr/share/squid/errors/Simplify_Chinese

check_hostnames on

dns_timeout 2 minutes

dns_nameservers 192.168.1.254 202.96.134.133

fqdncache_size 1024

forwarded_for on

client_db on

uri_whitespace strip

coredump_dir /var/spool/squid