Tips & Tricks |
|
2024-11-25 |
|
|
20 |
|
|
Make it listen to port 80 on our external interface:
http_port 198.186.203.51:80
If we don't do cgi-bin stuff, comment these out:
#acl QUERY urlpath_regex cgi-bin
#no_cache deny QUERY
If we have plenty of RAM, bump this up a bit:
cache_mem 16MB
maximum_object_size 14096 KB
Specify where to store cached files (size in Megs, level 1 subdirs, level 2 subdirs)
cache_dir ufs /local/squid/cache 500 16 256
Get rid of the big store.log file:
Set our SNMP public community string:
acl snmppublic snmp_community public
Get rid of "allow all" and use list of hosts we are blocking (1 ip per line):
#http_access allow all
acl forbidden src "/local/squid/etc/forbidden"
http_access allow !forbidden
Set user/group squid should run as:
cache_effective_user squid
cache_effective_group daemon
Single-server reverse proxy setup (set up Apache to listen to port 80 on the loopback):
httpd_accel_host 127.0.0.1
httpd_accel_port 80
httpd_accel_single_host on
httpd_accel_uses_host_header on
Only allow localhost access through snmp:
snmp_access allow snmppublic localhost