Updated Squid 3 configuration

Here is the updated version of my previous authenticating/forwarding Squid 3 config. It adds some things and fixes some things. In particular, the peer exclusion rules from the previous config were not working - this one should correctly not use the parent proxies when querying "local addresses". As before, the configuration file contains two proxy servers for load balancing; it can be extended easily to include more. Here it is for your enjoyment:

cache_effective_user proxy
cache_effective_group proxy

http_port 3128
http_access allow all

acl local_ips dst
acl local_servers dstdomain localhost my.local.domain
never_direct allow all
always_direct allow local_ips
always_direct allow local_servers

acl http-only port 80
cache_peer firstProxy.site.com parent 3128 3190 no-query proxy-only login=Username:Password name=prx1
cache_peer secondProxy.site.com parent 3128 3190 no-query proxy-only login=Username:Password default name=prx2

# This makes only HTTP load balanced
cache_peer_access prx1 deny all
cache_peer_access prx1 allow http-only
cache_peer_access prx2 allow all

# Reinforcement of direct rules
cache_peer_access prx1 deny local_ips
cache_peer_access prx1 deny local_servers
cache_peer_access prx2 deny local_ips
cache_peer_access prx2 deny local_servers

# Some timeouts
connect_timeout 8 seconds
peer_connect_timeout 3 seconds

hierarchy_stoplist cgi-bin ?

cache_mem 64 MB
maximum_object_size_in_memory 64 KB

cache_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid3 6000 16 256  # Make sure to check this path
maximum_object_size 16384 KB

access_log /var/log/squid3/access.log squid  # Make sure to check this path

shutdown_lifetime 3 seconds

debug_options ALL,1


comments powered by Disqus