alekc · February 27, 2018 09:33 · justinhpw111 · Feb 27, 2020 · alekc · Feb 27, 2020
diff --git a/squid.conf b/squid.conf
 #
 acl SSL_ports port 443
 acl Safe_ports port 80          # http
 acl Safe_ports port 21          # ftp
 acl Safe_ports port 443         # https
 acl Safe_ports port 70          # gopher
 acl Safe_ports port 210         # wais
 acl Safe_ports port 1025-65535  # unregistered ports
 acl Safe_ports port 280         # http-mgmt
 acl Safe_ports port 488         # gss-http
 acl Safe_ports port 591         # filemaker
 acl Safe_ports port 777         # multiling http
 acl CONNECT method CONNECT
 acl custom_ads  dstdom_regex "/etc/squid/ads.acl"
 acl ads dstdom_regex "/etc/squid/ad_block.txt"


 http_access deny custom_ads
 http_access deny ads
 deny_info TCP_RESET ads

 http_access deny !Safe_ports
 http_access deny CONNECT !SSL_ports
 #http_access allow localhost manager
 #http_access allow localhost
 #http_access deny all
 http_access allow all
 icp_access allow all

 cache_mem 512 MB
 maximum_object_size_in_memory 128 KB

 access_log /var/log/squid/access.log squid

 http_port 3128

 coredump_dir /var/spool/squid
 refresh_pattern ^ftp:           1440    20%     10080
 refresh_pattern ^gopher:        1440    0%      1440
 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
 refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
 refresh_pattern .               0       20%     4320


 cache_replacement_policy heap GDSF
 cache_dir ufs /var/spool/squid 15360 16 256
 maximum_object_size 4 MB
 cache_swap_low 85
 cache_swap_high 90

 #Squid can not tell the difference between a half-closed and a fully-closed TCP connection. Therefore sends a connection-close to clients that leave a half open connection:
 half_closed_clients off

 memory_pools off

 via off
 forwarded_for off
 follow_x_forwarded_for deny all
 request_header_access X-Forwarded-For deny all
 header_access X_Forwarded_For deny all

 #https://calomel.org/squid_adservers.html
	#
	acl SSL_ports port 443
	acl Safe_ports port 80 # http
	acl Safe_ports port 21 # ftp
	acl Safe_ports port 443 # https
	acl Safe_ports port 70 # gopher
	acl Safe_ports port 210 # wais
	acl Safe_ports port 1025-65535 # unregistered ports
	acl Safe_ports port 280 # http-mgmt
	acl Safe_ports port 488 # gss-http
	acl Safe_ports port 591 # filemaker
	acl Safe_ports port 777 # multiling http
	acl CONNECT method CONNECT
	acl custom_ads dstdom_regex "/etc/squid/ads.acl"
	acl ads dstdom_regex "/etc/squid/ad_block.txt"


	http_access deny custom_ads
	http_access deny ads
	deny_info TCP_RESET ads

	http_access deny !Safe_ports
	http_access deny CONNECT !SSL_ports
	#http_access allow localhost manager
	#http_access allow localhost
	#http_access deny all
	http_access allow all
	icp_access allow all

	cache_mem 512 MB
	maximum_object_size_in_memory 128 KB

	access_log /var/log/squid/access.log squid

	http_port 3128

	coredump_dir /var/spool/squid
	refresh_pattern ^ftp: 1440 20% 10080
	refresh_pattern ^gopher: 1440 0% 1440
	refresh_pattern -i (/cgi-bin/\|\?) 0 0% 0
	refresh_pattern (Release\|Packages(.gz)*)$ 0 20% 2880
	refresh_pattern . 0 20% 4320


	cache_replacement_policy heap GDSF
	cache_dir ufs /var/spool/squid 15360 16 256
	maximum_object_size 4 MB
	cache_swap_low 85
	cache_swap_high 90

	#Squid can not tell the difference between a half-closed and a fully-closed TCP connection. Therefore sends a connection-close to clients that leave a half open connection:
	half_closed_clients off

	memory_pools off

	via off
	forwarded_for off
	follow_x_forwarded_for deny all
	request_header_access X-Forwarded-For deny all
	header_access X_Forwarded_For deny all

	#https://calomel.org/squid_adservers.html