/image%2F2647755%2F20190518%2Fob_d3ba56_giphy-2.gif)
# mise à jour 20/07/2018 10:37
# Recommended minimum configuration:
#
# /etc/squid/squid.conf (RedHat) ou /etc/squid.conf (SuSE).
#
# Nom des utilisateurs et groupes sous lesquels tourne Squid. Si ils
# n'existent pas, les creer :
# groupadd -g 999 proxy
# useradd -g proxy -d /usr/local/squid proxy
#
# Repertoire ou stocker les fichiers, taille maximale en Mo a utiliser dans
# ce repertoire, et nombre de repertoires et de sous repertoires a utiliser
# dans le repertoires de cache.
#
# Si le repertoire n'existe pas, il faut le creer :
# mkdir -m 755 /usr/local/squid/cache
# chown squid /usr/local/squid/cache
# chgrp squid /usr/local/squid/cache
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
# acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
# acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
# acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
# acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
# always_direct allow local-servers
# acl localnet src fc00::/7 # RFC 4193 local private network range
# acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
## ssl ports/method allowed
acl SSL_ports port 443
acl CONNECT method CONNECT
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# Squid normally listens to port 3128
http_port 3128
cache_mem 1024 MB
quick_abort_min 1024 KB
maximum_object_size_in_memory 4096 KB
read_ahead_gap 512 KB
maximum_object_size 4096 KB
cache_swap_low 90
cache_swap_high 95
## logs
# logformat combined [%tl] %>A %{Host}>hs "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
logformat combined %>a %[ui %[un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
# chmod -R 755 /var/log/squid
access_log /var/log/squid/access.log combined
# touch /var/log/squid/access.log
# chmod 755 /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
# touch /var/log/squid/store.log
# chmod 755 /var/log/squid/store.log
cache_log /var/log/squid/cache.log
# touch /var/log/squid/cache.log
# chmod 755 /var/log/squid/cache.log
logfile_rotate 8
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/cache/squid 100 16 256
# chown -R proxy:proxy /var/cache/squid
# chmod 755 /var/cache/squid
# et lancer la creation des sous repertoires :
# squid -z
# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid
## general options
dns_v4_first on
cache_mgr not_to_be_disturbed
client_db on
# collapsed_forwarding on
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
forwarded_for off
half_closed_clients off
httpd_suppress_version_string on
ignore_unknown_nameservers on
pipeline_prefetch 1
retry_on_error on
strip_query_terms off
uri_whitespace strip
visible_hostname XXXX
via off
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
cache_effective_user proxy
cache_effective_group proxy
# command squid
# systemctl start squid.service, reload, stop restart squid
# systemctl enable squid (demarrage automatique au boot)
# squid enable
# squid -k parse (vérification fichier conf squid)
# systemctl status squid (status squid)
# squid -k check | echo $? (avertissement squid 0 = ok)
/image%2F2647755%2F20190617%2Fob_782bdf_manjaro-linux-logo2.jpg){kind=logo}
/image%2F2647755%2F20190615%2Fob_25f974_comment-optimiser-et-accelerer-windo.jpg)
/image%2F2647755%2F20190519%2Fob_79b5fe_qcm-linux-800x445.jpg)
/image%2F2647755%2F20190515%2Fob_84cafa_images-1.jpeg)
/image%2F2647755%2F20191213%2Fob_7aeb23_virtualbox-6-1-officially-released-wit.jpg)
/image%2F2647755%2F20191213%2Fob_ea3320_chip.png)
/image%2F2647755%2F20191213%2Fob_7c8939_64063315c2c194e4.jpeg)
/image%2F2647755%2F20191202%2Fob_a3a8f1_opensuse-leap-15-0.jpg)