squid.conf

# acl控制是有优先级的, 由于我们学校内部有一个视频网站, 因此看校内网默认放行.

acl school_video dst 10.28.102.174
http_access allow school_video

# 这里就是用来做阻塞的关键部分了, 看不明白不要紧, cp即可
acl media rep_mime_type video/flv video/x-flv
acl media rep_mime_type -i ^video/
acl media rep_mime_type -i ^video\/
acl media rep_mime_type ^application/vnd.ms.wms-hdr.asfv1
acl media rep_mime_type ^application/x-fcs
acl media rep_mime_type ^application/x-mms-framed
acl media rep_mime_type ^video/x-ms-asf
acl media rep_mime_type ^audio/mpeg
acl media rep_mime_type ^audio/x-scpls
acl media rep_mime_type ^video/x-flv
acl media rep_mime_type ^video/mpeg4
acl media rep_mime_type ms-hdr
acl media rep_mime_type x-fcs
acl mediapr urlpath_regex \.flv(\?.*)?$
acl mediapr urlpath_regex -i \.(avi|mp4|mov|m4v|mkv|flv|qsv|f4v)(\?.*)?$
acl mediapr urlpath_regex -i \.(mpg|mpeg|avi|mov|flv|wmv|mkv|rmvb|qsv|f4v)(\?.*)?$

# 这里我们定义一个基于MAC地址的放行策略, 让特权的放行
acl special_client arp "/etc/squid3/special_clients"
http_access allow mediapr special_client
http_reply_access allow media special_client

# 其他人一律杀
http_access deny mediapr

# 常规流量一律放行
http_access allow all


# 作为透明代理, 一定要加上transparent
http_port 8888 transparent

# 这里是squid的基本配置, 详细的需要深入了解, 我是采取默认的参数
hierarchy_stoplist cgi-bin ?
refresh_pattern ^ftp:       1440    20% 10080
refresh_pattern ^gopher:    1440    0%  1440
refresh_pattern (cgi-bin|\?)    0   0%  0
refresh_pattern .       0   20% 4320

# 这里很关键， 可以提高透明代理的速度
dns_children 20
redirect_children 20