Oi pessoal,
Hoje tenho um servidor proxy transparente na minha rede que serve p/ meu radio, eu mesmo fiz as configurações do squid, como não sei muita coisa, gostaria que a galera me ajudasse a melhora o desempenho do meu squid.
############# Inicio do meu squid.conf ##############
# CONFIGURACAO DEFAULT
http_port 3128
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
# SERVIDOR USA 196Mb
cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 16 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 10 MB
cache_dir ufs /cache/squid 5600 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
icon_directory /usr/share/squid/icons/
error_directory /usr/share/squid/errors/Portuguese
coredump_dir /var/spool/squid
announce_period 5 day
cache_mgr [email protected]
visible_hostname proxy.bogus.com.br
# PROXY TRANSPARENTE
httpd_accel_port 80
httpd_accel_host virtual
#httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# CONFIGURACAO DO SNMP
#acl snmppublic snmp_community public
#snmp_port 3401
#snmp_access allow snmppublic macaunet
# BASE DE DADOS
#client_db on
#netdb_low 900
#netdb_high 1000
# SERVIDORES DE DNS
dns_nameservers 200.210.33.3
dns_nameservers 200.210.33.5
dns_nameservers 200.163.120.226
dns_nameservers 200.163.120.227
dns_nameservers 200.xxx.xxx.xxx
dns_nameservers 200.xxx.xxx.xxx
dns_nameservers 200.xxx.xxx.xxx
# PADROES DE REFRESH
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# ACL'S DEFAULT
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
# ACL'S BOGUS
acl bogus src 200.xxx.xxx.xxx/26
acl discados src 200.xxx.xxx.xxx/26
acl class_ip1 src 10.10.1.0/24
acl class_ip2 src 10.10.2.0/24
acl class_ip3 src 10.10.3.0/24
# ACL'S BOGUS REDE INTERNA LIBERADO
acl lib_escola src "/etc/squid/ip-eth1_liberado.txt"
acl lib_wireless src "/etc/squid/ip-eth2_liberado.txt"
acl lib_escritorio src "/etc/squid/ip-eth3_liberado.txt"
# ACL'S BOGUS REDE INTERNA RESTRITO
acl res_escola src "/etc/squid/ip-eth1_restrito.txt"
acl res_wireless src "/etc/squid/ip-eth2_restrito.txt"
acl res_escritorio src "/etc/squid/ip-eth3_restrito.txt"
# ACL'S QUE LIBERA PORTAS
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# HTTP_ACCESS DEFAULT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
# BLOQUEADO POR DEFAULT
acl sites_proibidos dstdomain "/etc/squid/regras/sites_proibidos.txt"
acl palavras_proibidas url_regex -i "/etc/squid/regras/palavras_proibidas.txt"
acl download_proibidos url_regex -i "/etc/squid/regras/download_proibidos.txt"
acl multimidia_proibidos url_regex -i "/etc/squid/regras/multimidia_proibidos.txt"
# CORRIGE O BUG DO SITE HOTMAIL.COM
acl hotmail_domains dstdomain .hotmail.msn.com
header_access Accept-Encoding deny hotmail_domains
# LIBERANDO O USO DO MSN ATRAVES DO PROXY
acl msn_ip src 10.10.2.0/24
acl libmsn dstdomain loginnet.passport.com
acl libmsnmessenger url_regex -i gateway.dll
acl lib_msn req_mime_type -i ^application/x-msn-messenger$
http_access allow libmsn msn_ip
http_access allow libmsnmessenger msn_ip
http_access allow lib_msn msn_ip
# BLOQUEANDO O USO DO MSN ATRAVES DO PROXY
acl bloqmsn dstdomain loginnet.passport.com
acl bloqmsnmessenger url_regex -i gateway.dll
acl bloq_msn req_mime_type -i ^application/x-msn-messenger$
http_access deny bloqmsn
http_access deny bloqmsnmessenger
http_access deny bloq_msn
# SITES QUE NAO FAZ CACHE
acl sites_nocache url_regex "/etc/squid/regras/sites_nocache.txt" \?
acl files_nocache url_regex "/etc/squid/regras/download_proibidos.txt"
acl files2_nocache url_regex "/etc/squid/regras/multimidia_proibidos.txt"
# HTTP_ACCESS LIBERADOS REDE EXTERNA
http_access allow macaunet
http_access allow discados
# HTTP_ACCESS LIBERADO DIRETO
http_access allow lib_escola
http_access allow lib_wireless
http_access allow lib_escritorio
# HTTP_ACCESS BLOQUEADO
http_access deny sites_proibidos
http_access deny palavras_proibidas
http_access deny download_proibidos
http_access deny multimidia_proibidos
# HTTP_ACCESS LIBERADO SOBRE REGRAS
http_access allow res_escola
http_access allow res_wireless
http_access allow res_escritorio
# HTTP_ACCESS NO CACHE
no_cache deny sites_nocache
no_cache deny files_nocache
no_cache deny files2_nocache
# HTTP_ACCESS DEFAULT BLOQUEANDO TUDO
http_access deny all
# CONFIGURACAO DEFAULT
http_reply_access allow all
icp_access allow all
#icp_access allow discados
#icp_access allow lib_wireless