Strona 1 z 1

Serwer SQUID, czy można coś udoskonalić w konfigu?

: 21 maja 2010, 10:06
autor: 4Tmx
Witam.

Mam taką małą prośbę, chciałbym aby ktoś z Was sprawdził mój plik konfig z squida.
Czy mogę coś poprawić, ulepszyć?

Pozdrawiam i z góry dziękuję

Mój serwer
Dell PowerEdge 1750
2 x 2,5 GHz
4 GB RAM-u
2 x 77 GB HDD

Kod: Zaznacz cały

http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 3000 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 1000 MB
maximum_object_size_in_memory 5120 KB
ipcache_size 10240
ipcache_low 90
ipcache_high 95
cache_replacement_policy lru
cache_dir ufs /var/spool/squid 10000 16 256 
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
request_header_max_size 50 KB

refresh_pattern -i (.*html$|.*htm|.*shtml) 0 20% 1440
refresh_pattern (http://.*/$) 0 20% 1440
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 90% 43200 reload-into-ims
refresh_pattern -i \.(gif|jpg|jpeg|png|js|css|flv|html|bmp) 4320 90% 43200 reload-into-ims
refresh_pattern -i \.(zip|gz|bz2|exe|rar|mp3|mpg|avi|wmv|vqf|ogg) 43200 100% 43200 reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll) 43200 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll) 43200 100% 43200 reload-into-ims
refresh_pattern windowsupdate.com/.*\.(cab|exe) 43200 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe) 43200 100% 43200 reload-into-ims
refresh_pattern eset.com/.*\.(ver|unp|nup) 43200 100% 43200 reload-into-ims
refresh_pattern avast.com/.*\.(vpu|vpaa) 43200 100% 43200 reload-into-ims

collapsed_forwarding off
refresh_stale_hit 100 seconds
half_closed_clients on
ident_timeout 1 seconds
acl block_www url_regex "/etc/squid/block_www.acl"
acl all src 192.168.0.0/255.255.255.0
acl manager proto cache_object
acl localhost src 192.168.0.0/255.255.255.0
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 -- https
acl SSL_ports port 563 -- snews
acl SSL_ports port 873 -- rsync
acl Safe_ports port 80 -- http
acl Safe_ports port 21 -- ftp
acl Safe_ports port 443 -- https
acl Safe_ports port 70 -- gopher
acl Safe_ports port 210 -- wais
acl Safe_ports port 1025-65535 -- unregistered ports
acl Safe_ports port 280 -- http-mgmt
acl Safe_ports port 488 -- gss-http
acl Safe_ports port 591 -- filemaker
acl Safe_ports port 777 -- multiling http
acl Safe_ports port 631 -- cups
acl Safe_ports port 873 -- rsync
acl Safe_ports port 901 -- SWAT
acl purge method PURGE
acl CONNECT method CONNECT
cache deny QUERY
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny block_www
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
miss_access allow all
cache_mgr [EMAIL="[email protected]"][email protected][/EMAIL]
cache_effective_group proxy
visible_hostname d-prox
forwarded_for off
coredump_dir /var/spool/squid
ie_refresh on
vary_ignore_expire on
relaxed_header_parser on