The name ” Squid ” !!
Two days ago, I start Squid installation whit the help of friends, originally we decide to install a cache an squid rulz !!, now we have a better performance of our network, I made like 5 installations in different servers, the problem began when people in the warehouse can not acces some nasty pages :P, well for two days my telephone was ringing ’cause of this, actually there are some a few of people in the organization that continues calling me, because they can not acces “hotmail, yahoo” and some other services.
Let me know that in personal I has been used some other cache systems but squid rulz !! it works nice.
What I did was create a transparent proxy in my IpTables configuration file, this are some config s:
-A PREROUTING -s 192.168.50.0/24 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
NOTE: 192.168.50.0/24 is my Network
Config file /etc/squid/squid.conf
# WELCOME TO SQUID 2
# ------------------
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 30 MB
refresh_pattern http://.*\.windowsupdate\.microsoft\.com/.*\.(cab|exe) 0 80% 20160 reload-into-ims
refresh_pattern http://office\.microsoft\.com/.*\.(cab|exe) 0 80% 20160 reload-into-ims
refresh_pattern http://windowsupdate\.microsoft\.com/.*\.(cab|exe) 0 80% 20160 reload-into-ims
refresh_pattern http://download\.windowsupdate\.com/.*\.(cab|exe) 0 80% 20160 reload-into-ims
refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/.*\.(cab|exe) 0 80% 20160 reload-into-ims
refresh_pattern http://w2ksp[0-9]\.microsoft\.com/.*\.(cab|exe) 0 80% 20160 reload-into-ims
refresh_pattern http://download\.microsoft\.com/.*\.(cab|exe) 0 80% 20160 reload-into-ims
refresh_pattern http://download\.macromedia\.com/ 0 80% 20160 reload-into-ims
refresh_pattern . 0 50% 4320
cache_access_log /var/log/squid/access.log
cache_store_log none
client_netmask 255.255.255.255
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl mtmotors dstdomain .mtmotors.com
acl badUrl url_regex -i sex|gai|lesb|malaspalabras|mas|PIPELINE|aqui
http_access allow manager localhost
http_access deny manager
\http_access deny !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow mtmotors
http_access deny badUrl
http_access allow all
acl our_networks src 192.168.50.0/24
http_access allow our_networks
http_access allow localhost
http_reply_access allow all
http_reply_access allow all
icp_access allow all
miss_access allow all
cache_mgr correo@deladmin.com
visible_hostname www.red-interior.blabla.com
httpd_accel_port 80
httpd_accel_host virtual
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
error_directory /usr/lib/squid/errors/Spanish
coredump_dir /var/spool/squid
ie_refresh on
sleep_after_fork 0