Updated Squid 3 configuration
November 18 2008, Tuesday
Here is the updated version of my previous authenticating/forwarding Squid 3 config. It adds some things and fixes some things. In particular, the peer exclusion rules from the previous config were not working - this one should correctly not use the parent proxies when querying "local addresses". As before, the configuration file contains two proxy servers for load balancing; it can be extended easily to include more. Here it is for your enjoyment:
cache_effective_user proxy
cache_effective_group proxy
http_port 3128
http_access allow all
acl local_ips dst 127.0.0.0/8 192.168.0.0/24 10.10.0.0/16
acl local_servers dstdomain localhost my.local.domain
never_direct allow all
always_direct allow local_ips
always_direct allow local_servers
acl http-only port 80
cache_peer firstProxy.site.com parent 3128 3190 no-query proxy-only login=Username:Password name=prx1
cache_peer secondProxy.site.com parent 3128 3190 no-query proxy-only login=Username:Password default name=prx2
# This makes only HTTP load balanced
cache_peer_access prx1 deny all
cache_peer_access prx1 allow http-only
cache_peer_access prx2 allow all
# Reinforcement of direct rules
cache_peer_access prx1 deny local_ips
cache_peer_access prx1 deny local_servers
cache_peer_access prx2 deny local_ips
cache_peer_access prx2 deny local_servers
# Some timeouts
connect_timeout 8 seconds
peer_connect_timeout 3 seconds
hierarchy_stoplist cgi-bin ?
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
cache_replacement_policy heap GDSF
cache_dir aufs /var/spool/squid3 6000 16 256 # Make sure to check this path
maximum_object_size 16384 KB
access_log /var/log/squid3/access.log squid # Make sure to check this path
shutdown_lifetime 3 seconds
debug_options ALL,1