Siamcafe Community
หมวดหมู่หก => Proxy Cache , Security ,firewall => ข้อความที่เริ่มโดย: alexanderz ที่ สิงหาคม 03, 2007, 05:25:21 am
-
#dns_nameservers 192.168.0.100 192.168.1.2
icp_port 0
#http_port 3128
http_port 8080
#cache_peer 203.144.143.6 parent 8080 0 no-query
#cache_peer 192.168.0.1 sibling 3128 0 no-query
#cache_peer 192.168.0.100 parent 800 0 no-query
#peer_connect_timeout 5 seconds
# Round-Robin คือ การที่เรามี proxy หลายๆตัวอยากจะทำ proxy แบบ Load Balance ก็เอา ตัวอย่างด้านล่างนี้ไปแก้ไขดัดแปลงกันได้เลยครับ
#เพราะมันจะไปเกาะ proxy หลายๆตัว แต่ต้องใช้งานได้จริงๆนะครับ นี่ผมยกตัวอย่างให้เฉยๆเพื่อจะได้ GET
#cache_peer proxy.asianet.co.th parent 8080 3130 round-robin no-query
#cache_peer proxy2.asianet.co.th parent 3128 3130 round-robin no-query
#peer_connect_timeout 5 seconds
hierarchy_stoplist cgi-bin ? .pl .cgi .php .php3 .php4 .shtml
acl QUERY urlpath_regex cgi-bin \? \.pl \.cgi \.php \.php3 \.php4 \.shtml
no_cache deny QUERY
cache_mem 256 MB
maximum_object_size_in_memory 24 Kb
minimum_object_size 0 KB
maximum_object_size 20480 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap GDSF
# ตรงนี้แก้ไขกันเอาเองนะครับว่าจะให้เก็บ cache ไว้ที drive ใหนของผมใช้ hdd 2 ลูกเลย twin cache เลย
cache_dir aufs e:/squidcache/cache1 3413 16 256
cache_dir aufs e:/squidcache/cache2 3413 16 256
access_log none
cache_log none
cache_store_log none
mime_table c:/squid/etc/mime.conf
log_mime_hdrs off
cache_effective_user squid
cache_effective_group squid
refresh_pattern -i .(zip|gz|xfs|exe|arj|npz|lha|lzh|rar|tgz|tar|rar|jar|nup|wz|Z)$ 525960 90% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(class|pdf|rtf|doc|wp|wp5|ps|prn)$ 525960 90% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(mov|avi|mpg|wav|au|mid|mp3)$ 525960 80% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(jpg|gif|jpeg|png|css|js)$ 525960 18000% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(bmp|tif|tiff|xbm)$ 525960 17000% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(swf)$ 525960 20000% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 1440 50% 14400
umask 027
via off
forwarded_for off
coredump_dir c:/squid/var/cache
auth_param basic program c:/squid/libexec/mswin_auth.exe -A proxy_user
auth_param basic children 5
auth_param basic realm Enter your username and password.
auth_param basic credentialsttl 2 hours
acl pass proxy_auth REQUIRED
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl MSN_ports port 1863
acl Safe_ports port 80 21 443 563 70 210 210 1025-65535 280 488 591 777
acl CONNECT method CONNECT
acl localnetwork0 src 127.0.0.0/8
acl localnetwork1 src 192.168.0.0/24
http_access allow pass
http_access allow manager localhost
http_access deny manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow localnetwork0
http_access allow localnetwork1
http_access allow !MSN_ports
http_access deny all
http_reply_access allow all
icp_access deny all
ftp_sanitycheck off
ie_refresh on
visible_hostname
cache_mgr
ลงไว้ที่ server แล้ว connect จากที่บ้านครับ ช่วยดูให้หน่อยครับ ขอบคุณครับ
-
แก้ไขตรงไหนบอกด้วยครับ
icp_port 0
http_port 3128
http_port 800
http_port 8080
hierarchy_stoplist cgi-bin ? .acgi .asp .cgi .css .chtml .htm .html .jhtml .js .jsp .perl .phtml .pl .php .php3 .php4 .shtml .xhtml .xml
acl QUERY urlpath_regex cgi-bin \? \.acgi \.asp \.cgi \.css \.chtml \.htm \.html \.jhtml \.js \.jsp \.perl \.phtml \.pl \.php \.php3 \.php4 \.shtml \.xhtml \.xml
cache deny QUERY
#cache_peer proxy.asianet.co.th parent 8080 0 no-query
#cache_peer 203.144.143 sibling 8080 0 no-query
#peer_connect_timeout 5 seconds
cache_mem 128 MB
#maximum_object_size_in_memory 24 Kb
#half_closed_clients off
minimum_object_size 0 KB
maximum_object_size 25600 KB
#cache_swap_high 98%
#cache_swap_low 95%
memory_replacement_policy heap GDSF
cache_replacement_policy heap GDSF
cache_dir aufs c:/squid/cache/cache1 800 16 256
access_log none
cache_log none
cache_store_log none
mime_table c:/squid/etc/mime.conf
log_mime_hdrs off
cache_effective_user squid
cache_effective_group squid
refresh_pattern -i .(zip|gz|xfs|exe|arj|npz|lha|lzh|rar|tgz|tar|rar|jar|nup|wz|Z)$ 525960 99% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(class|pdf|rtf|doc|wp|wp5|ps|prn)$ 525960 99% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(mov|avi|mpg|wav|au|mid|mp3)$ 525960 95% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(jpg|gif|jpeg|png|css|js)$ 525960 18000% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(bmp|tif|tiff|xbm)$ 525960 17000% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(swf)$ 525960 20000% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern ^ftp: 4320 20% 43200
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 1440 50% 14400
umask 027
via off
forwarded_for off
coredump_dir c:/squid/var/cache
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 210 1025-65535 280 488 591 777
acl CONNECT method CONNECT
acl localnetwork0 src 127.0.0.0/8
acl localnetwork1 src 192.160.0.0/24
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnetwork0
http_access allow localnetwork1
http_access deny all
http_reply_access allow all
icp_access deny all
ie_refresh on
visible_hostname proxyBYsiamcafe.net
cache_mgr [email protected]
ftp_sanitycheck off
-
The similar subject was already observed somewhere at this thread