Here you go with my squid.conf
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# sqstat
acl manager proto cache_object
acl webserver src 10.51.100.206/255.255.255.255
http_access allow manager webserver
http_access deny manager
# Skype
acl numeric_IPs dstdom_regex
^(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)|(\[([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?\])):443
acl Skype_UA browser ^skype
acl validUserAgent browser \S+
# for cheetah only
#acl usman src 10.51.100.107
#delay_pools 1
#delay_class 1 1
#delay_parameters 1 22000/22000
#delay_access 1 allow usman
#-------------Allow All ACL-------------
acl aci_lan src 10.51.100.0/24
acl aci_general src 10.51.100.0/24
#----My ip
acl my_ip src 10.51.100.240
http_access allow my_ip
# Testing delay pool
delay_pools 1
delay_class 1 1
delay_parameters 1 22000/10240000
delay_access 1 allow aci_general
#---------------------Assurety Whitelist---------------
acl aci_whitelist dstdomain "/blocklist/aci_list/whitelist"
http_access allow aci_whitelist
#--Senior Allow Domainlist------------------------------
acl aci_seniors dstdomain "/blocklist/aci_list/whitelist_seniors"
#---------------------------------------------------------#See
implimentation in ACI implimentation section
#--------------------Assurety Hard_Block--------------
acl aci_hard_block dstdomain "/blocklist/aci_list/hard_block_domains"
http_access deny aci_hard_block
#--------------------Hard_Block EXE and E.T.C---------------------
#acl mime_block_hard rep_mime_type -i "/blocklist/aci_list/hard_mime_block"
#http_reply_access deny mime_block_hard
#--General------Streaming Block------------------------------
acl mime_block rep_mime_type -i "/blocklist/aci_list/time_mime_block"
#--General Domainlist------------------------------
acl aci_dest dstdomain "/blocklist/aci_list/time_block_domains"
#--Seniors MAC list mouting------------------------------
acl aci_mac_seniors arp "/blocklist/aci_list/mac_list_seniors"
#--General Timing------------ Normal Days Working hours--------------
acl aci_working_hours time MTWH 10:04-13:04
acl aci_working_hours time MTWH 14:04-18:04
#--General Timing-------------Friday------------------------
acl aci_working_hours time F 10:04-13:04
acl aci_working_hours time F 15:04-18:04
#--General/Seniors-------------Implimentation------------------
http_access allow aci_seniors aci_mac_seniors
http_access deny aci_dest aci_working_hours aci_general
http_reply_access deny mime_block aci_working_hours aci_general !my_ip
#skype deny
http_access deny numeric_IPS aci_working_hours
http_access deny Skype_UA aci_working_hours
http_access deny !validUserAgent aci_working_hours
#Error Directory by Ykhan
error_directory /usr/share/squid/errors/en-us/
#------------------------TheEnd----------------------
http_access allow aci_lan
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
##ykhan squid redirection to squidguard
#redirect_program /usr/bin/squidGuard
#url_rewrite_program /usr/bin/squidGuard
#url_rewrite_children 5
On Mon, Apr 23, 2012 at 8:42 PM, Eliezer Croitoru <eliezer_at_ngtech.co.il> wrote:
> On 23/04/2012 18:38, Muhammad Yousuf Khan wrote:
>>
>> well i have been experiencing slow Internet browsing. not very slow
>> but comparatively slower then IPCOP firewall. i can not understand how
>> come i diagnose the issue.
>> i mean. i increase the RAM , i checked the DNS every thing is fine but
>> my browser stuck at "connecting" ones it start download it do it fast
>> but then stop for something then start. i am not getting the clear
>> picture. can anyone help
>>
>> i am suing debian 6.0.4 with 2.7 stable squid.
>>
>> Thanks,
>>
>> MYK
>
> what is your exact problem? slow downloads?
> what is your squid setup?transparent ?regular forward proxy?
> what browser are you using?
> do you have some squid logs? or squid.conf?
> what dns server are you using?
>
> Regards,
> Eliezer
>
> --
> Eliezer Croitoru
> https://www1.ngtech.co.il
> IT consulting for Nonprofit organizations
> eliezer <at> ngtech.co.il
Received on Mon Apr 23 2012 - 18:12:41 MDT
This archive was generated by hypermail 2.2.0 : Tue Apr 24 2012 - 12:00:04 MDT