Този конфигурационен файл на Squid 3 кешира файлове от 1KB до 100MB и е прозрачен(transparent), може и да не бъде разбира се :
##### Squid 3 conf by amri ##### # Iptables Rulez # iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 # iptables -t nat -A POSTROUTING -s 44.44.44.2 -o $EXTIF -j MASQUERADE ################################################ access_log /var/log/squid3/access.log squid # 150000MB max cache size (default is 100GB): cache_dir ufs /hdd1/squid3 150000 16 256 coredump_dir /hdd1/squid3 visible_hostname proxy.dcable.net #mrejata localnet koqto ima access do squid acl localnet src 0.0.0.0/0.0.0.0 ################################################# http_port 3128 transparent hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? cache deny QUERY acl apache rep_header Server ^Apache hosts_file /etc/hosts refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 4320000 90% 4320000 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(iso|avi|wva|mpg|wav|mp3|mp4|mpeg|swf|flv|x-flv|pdf)$ 4320000 90% 4320000 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 4320000 90% 4320000 override-expire ignore-no-cache ignore-no-store ignore-private refresh_pattern -i \.index.(html|htm)$ 0 1% 10080 refresh_pattern -i \.(html|htm|css|js)$ 10000 1% 40320 refresh_pattern . 0 20% 4320 maximum_object_size 100 MB minimum_object_size 1 KB acl QUERY urlpath_regex index \? no_cache deny QUERY # Novite wersii sled Squid 3 ne iziskwat da se deklarira "all" #acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 # https, snews acl SSL_ports port 873 # rsync acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow localhost http_access allow localnet http_access deny all http_reply_access allow all icp_access allow all always_direct allow all
PS 1: Ако е необходимо конкретно IP въобще да не минава през Squid може да се ползва следното iptables правило:
iptables -t nat -A PREROUTING -i eth4 -p tcp -d ! 111.112.113.114 --dport 80 -j REDIRECT --to-port 3128
PS 2: Ако е необходимо да се забраняват повече IP-та може да се направи верига в iptables и ще си работи, но ако на едно IP отговарят два хоста и е необходимо единия да минават през SQUID, а другия да го прескача то тогава най- добре е да се направи през SQUID цялата операция. Дори и PS1 препоръчвам да се спре през Squid, но на мен само едно им ми трябва да прескача Squid и затова го правя така, ако някои има друго решение може да го сподели.