Make it listen to port 80 on our external interface: http_port 198.186.203.51:80 If we don't do cgi-bin stuff, comment these out: #acl QUERY urlpath_regex cgi-bin #no_cache deny QUERY If we have plenty of RAM, bump this up a bit: cache_mem 16MB maximum_object_size 14096 KB Specify where to store cached files (size in Megs, level 1 subdirs, level 2 subdirs) cache_dir ufs /local/squid/cache 500 16 256 Get rid of the big store.log file: cache_store_log none Set our SNMP public community string: acl snmppublic snmp_community public Get rid of "allow all" and use list of hosts we are blocking (1 ip per line): #http_access allow all acl forbidden src "/local/squid/etc/forbidden" http_access allow !forbidden Set user/group squid should run as: cache_effective_user squid cache_effective_group daemon Single-server reverse proxy setup (set up Apache to listen to port 80 on the loopback): httpd_accel_host 127.0.0.1 httpd_accel_port 80 httpd_accel_single_host on httpd_accel_uses_host_header on Only allow localhost access through snmp: snmp_access allow snmppublic localhost