Този конфигурационен файл на Squid 3 кешира файлове от 1KB до 100MB и е прозрачен(transparent), може и да не бъде разбира се :

##### Squid 3 conf by amri #####

# Iptables Rulez
# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
# iptables -t nat -A POSTROUTING -s 44.44.44.2 -o $EXTIF -j MASQUERADE

################################################
access_log /var/log/squid3/access.log squid
# 150000MB max cache size (default is 100GB):
cache_dir ufs /hdd1/squid3 150000 16  256
coredump_dir /hdd1/squid3
visible_hostname proxy.dcable.net
#mrejata localnet koqto ima access do squid
acl localnet src 0.0.0.0/0.0.0.0
#################################################

http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache

hosts_file /etc/hosts

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 4320000 90% 4320000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wva|mpg|wav|mp3|mp4|mpeg|swf|flv|x-flv|pdf)$ 4320000 90% 4320000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 4320000 90% 4320000 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 1% 10080
refresh_pattern -i \.(html|htm|css|js)$ 10000 1% 40320
refresh_pattern . 0 20% 4320

maximum_object_size 100 MB
minimum_object_size 1 KB

acl QUERY urlpath_regex index \?
no_cache deny QUERY

# Novite wersii sled Squid 3 ne iziskwat da se deklarira "all"
#acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

http_access allow localhost
http_access allow localnet
http_access deny all
http_reply_access allow all
icp_access allow all

always_direct allow all

PS 1: Ако е необходимо конкретно IP въобще да не минава през Squid може да се ползва следното iptables правило:

iptables -t nat -A PREROUTING -i eth4 -p tcp -d ! 111.112.113.114 --dport 80 -j REDIRECT --to-port 3128

PS 2: Ако е необходимо да се забраняват повече IP-та може да се направи верига в iptables и ще си работи, но ако на едно IP отговарят два хоста и е необходимо единия да минават през SQUID, а другия да го прескача то тогава най- добре е да се направи през SQUID цялата операция. Дори и PS1 препоръчвам да се спре през Squid, но на мен само едно им ми трябва да прескача Squid и затова го правя така, ако някои има друго решение може да го сподели.