Skip to content

Minimalist Squid configuration

Squid is one of the first open-source programs I got into. I have spent a lot of time looking at squid.conf The default squid.conf (reference copy in /usr/share/doc/squid/examples/squid.conf) is about 5000 lines by default. It’s great that everything is well-documented but who wants to deal with a massive config file like that? Not me. This was generated with Squid 2.7STABLE9:


acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 873 # rsync
acl purge method PURGE
acl CONNECT method CONNECT
http_access deny manager
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access allow localnet
icp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
hosts_file /etc/hosts
coredump_dir /var/spool/squid
useragent_log /var/log/squid/useragent.log
cache_mgr squid@yummypi.com

That is basically the default squid.conf with the comments removed. I removed some of the safe_ports. (Who uses Gopher anymore?) I added in two options that I like to use. The last one is useful in a corporate environment where you want feedback from users (which you can promptly redirect to /dev/null).

I have placed this file at unixsysadmin.org/squid.small.conf and a copy of the default file at unixsysadmin.org/squid.conf if you’d like to wget it or whatever.

Post a comment Trackback URI RSS 2.0 feed for these comments This entry (permalink) was posted on Thursday, July 14, 2011, at 8:36 am by aleida. Filed in Security, Squid and tagged , , , , , , .

One Comment

  1. Chuck

    2600 just had an article about Squid where the daunting config file was referenced. Thanks for the shorter version and try checking out the article in 2600!

    Posted on 14-Jul-11 at 5:09 pm | Permalink

Post a Comment

Your email is never published nor shared. Required fields are marked *
*
*