Syed Jahanzaib Personal Blog to Share Knowledge !

June 1, 2011

Working SQUID.CONF 2.7 Example! [Ubuntu]


More update and high tunned squid.conf example can be found here.

https://aacable.wordpress.com/2012/01/19/youtube-caching-with-squid-2-7-using-storeurl-pl/

UPDATED: JULY , 2013]

Below is an example of good (aggressively) working squid.conf tested in Ubuntu v9.10 / 10.4]
I was doing some experiments on squid, it was just for lab testing but you can modify it according to your need. To get good performance from squid cache, make sure you put as much RAM as you can afford.
My recommendation is to use at least 8-16 GB of ram in the squid box.

I tested this configuration on the following hardware/OS:
XEON 3.6Ghz Dual / 8 GB RAM / 320 GB
Ubuntu Desktop 10.4

I got very good cache HIT RATIO using this customized configuration. Following snapshot shows the hit ratio captured by customized MRTG graph.

Warning: Make sure that you understand each parameter’s function before applying / modifying.

Regard’s
Syed Jahanzaib
x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x-x

# SQUID 2.7 CONFIG FILE
# By - Syed Jahanzaib
# Email: aacable@hotmail.com
# Web  : https://aacable.wordpress.com

# PORT and Transparent Option
http_port 8080 transparent
server_http11 on
icp_port 0

# Cache Directory , modify it according to your system.
# but first create directory in root by
# mkdir /cache1
# chown proxy:proxy /cache1
# [for ubuntu user is proxy, in Fedora user is SQUID]
# I have set 100 GB for caching, Adjust it according to your need.
# My recommendation is to have one cache_dir per drive. zzz

store_dir_select_algorithm round-robin
cache_dir aufs /cache1 100000 16 256
#cache_dir ufs /mnt/hdd2/cache2 200000 16 256 # If you have secondary HDD
memory_replacement_policy heap GDSF
cache_replacement_policy heap GDSF

# If you want to enable DATE time n SQUID Logs,use following
emulate_httpd_log on
logformat squid %tl %6tr %>a %Ss/%03Hs %<st %rm %ru %un %Sh/%<A %mt
log_fqdn off

# How much days to keep users access web logs
# You need to rotate your log files with a cron job. For example:
# 0 0 * * * /usr/local/squid/bin/squid -k rotate
logfile_rotate 14
debug_options ALL,1
cache_access_log /var/log/squid/access.log
cache_log none
cache_store_log none

# Block Ads [zaib]
#acl adsites dstdomain url_regex "/etc/squid/adslist.txt"
#http_access deny adsites
#deny_info http://192.168.6.1/psb.htm adsites

#I used DNSAMSQ service for fast dns resolving
#so install by using "apt-get install dnsmasq" first
dns_nameservers 127.0.0.1 8.8.8.8
ftp_user anonymous@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on

#ACL Section mylan myacl
acl all src 0.0.0.0/0.0.0.0
#acl all src 192.168.50.0/255.255.255.0
#acl all2 src 10.0.0.0/255.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager all
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow all
#http_access allow all2
http_reply_access allow all
#http_reply_access allow all2
icp_access allow all

#==========================
# Administrative Parameters
#==========================

#============================================================$
# SNMP , if you want to generate graphs for SQUID via MRTG
#============================================================$
#acl snmppublic snmp_community zaib
#snmp_port 3401
#snmp_access allow snmppublic all
#snmp_access allow all

# I used UBUNTU so user is proxy, in FEDORA you may use use squid
cache_effective_user proxy
cache_effective_group proxy
cache_mgr SYED_JAHANZAIB
visible_hostname aacable.wordpress.com
unique_hostname aacable@hotmail.com

# Memory
cache_mem 128 MB
minimum_object_size 0 bytes
maximum_object_size 700 MB
maximum_object_size_in_memory 32 KB

tcp_outgoing_tos 0x30 all
zph_mode tos
zph_local 0x30
zph_parent 0
zph_option 136

acl store_rewrite_list urlpath_regex            \/(get_video|videoplayback\?id|videoplayback.*id)
acl store_rewrite_list urlpath_regex            \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|wmv|3gp|mp(4|3)|exe|msi|zip|on2|mar)\?
acl store_rewrite_list_domain url_regex         ^http:\/\/([a-zA-Z-]+[0-9-]+)\.[A-Za-z]*\.[A-Za-z]*
acl store_rewrite_list_domain url_regex         (([a-z]{1,2}[0-9]{1,3})|([0-9]{1,3}[a-z]{1,2}))\.[a-z]*[0-9]?\.[a-z]{3}
acl store_rewrite_list_path urlpath_regex       \.(jp(e?g|e|2)|gif|png|tiff?|bmp|ico|flv|avc|zip|mp3|3gp|rar|on2|mar|exe)$
acl store_rewrite_list_domain_CDN url_regex     \.rapidshare\.com.*\/[0-9]*\/.*\/[^\/]* ^http:\/\/(www\.ziddu\.com.*\.[^\/]{3,4})\/(.*) \.doubleclick\.net.*
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[.a-z0-9]*\.photobucket\.com.*\.[a-z]{3}$ quantserve\.com
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/[a-z]+[0-9]\.google\.co(m|\.id)
acl store_rewrite_list_domain_CDN url_regex     ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(rar|zip|flv|wm(a|v)|3gp|mp(4|3)|exe|msi|avi|(mp(e?g|a|e|1|2|3|4))|cab|exe)
acl dontrewrite url_regex redbot\.org \.php
acl getmethod method GET

storeurl_access deny dontrewrite
storeurl_access deny !getmethod
storeurl_access allow store_rewrite_list_domain_CDN
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_domain
storeurl_access allow store_rewrite_list_path
storeurl_access deny all
# First add storeurl.pl to enable below, see my other guides
# e.g: https://aacable.wordpress.com/2012/01/19/youtube-caching-with-squid-2-7-using-storeurl-pl/
#storeurl_rewrite_program /etc/squid/storeurl.pl
#storeurl_rewrite_children 7
#storeurl_rewrite_concurrency 0

##
refresh_pattern -i \.htm 120 50% 10080 reload-into-ims
refresh_pattern -i \.html 120 50% 10080 reload-into-ims
refresh_pattern ^http://*.facebook.com/* 720 100% 4320
refresh_pattern ^http://mail.yahoo.com/.* 720 100% 4320
refresh_pattern ^http://*.yahoo.*/.* 720 100% 4320
refresh_pattern ^http://*.yimg.*/.* 720 100% 4320
refresh_pattern ^http://*.gmail.*/.* 720 100% 4320
refresh_pattern ^http://*.google.*/.* 720 100% 4320
refresh_pattern ^http://*.kaskus.*/.* 720 100% 4320
refresh_pattern ^http://*.googlesyndication.*/.* 720 100% 4320
refresh_pattern ^http://*.plasa.*/.* 720 100% 4320
refresh_pattern ^http://*.telkom.*/.* 720 100% 4320
##

# 1 year = 525600 mins, 1 month = 43800 mins
refresh_pattern imeem.*\.flv  0 0% 0     override-lastmod override-expire
refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]*   161280    90%    161280 ignore-reload

refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?)    10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?)    10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
#refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?)       10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern \.(ico|video-stats) 10800 80% 10800    override-expire ignore-reload ignore-no-cache  ignore-private ignore-auth override-lastmod  negative-ttl=10080
refresh_pattern \.etology\?                       10800 80% 10800    override-expire ignore-reload ignore-no-cache
refresh_pattern galleries\.video(\?|sz)               10800 80% 10800    override-expire ignore-reload ignore-no-cache
refresh_pattern brazzers\?                       10800 80% 10800    override-expire ignore-reload ignore-no-cache
refresh_pattern \.adtology\?                      10800 80% 10800    override-expire ignore-reload ignore-no-cache
refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10800 20% 10800 ignore-no-cache  ignore-private override-expire ignore-reload ignore-auth   negative-ttl=40320 max-stale=10
refresh_pattern ^.*safebrowsing.*google  10800 80% 10800 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth  negative-ttl=10080
refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 10800 80% 10800 override-expire ignore-reload   ignore-private  negative-ttl=10080
refresh_pattern ytimg\.com.*\.jpg                   10800 80% 10800    override-expire ignore-reload
refresh_pattern images\.friendster\.com.*\.(png|gif)           10800 80% 10800    override-expire ignore-reload
refresh_pattern garena\.com                                   10800 80% 10800     override-expire reload-into-ims
refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)  10800 80% 10800     override-expire ignore-reload
refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\?           10800 80% 10800 ignore-no-cache override-expire override-lastmod
refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png)    10800 80% 10800 reload-into-ims override-expire ignore-private
refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\.      10800 80% 10800 reload-into-ims ignore-no-cache  ignore-reload override-expire
refresh_pattern ^http:\/\/www.onemanga.com.*\/           10800 80% 10800 reload-into-ims ignore-no-cache  ignore-reload override-expire

# ANTI VIRUS
refresh_pattern guru.avg.com/.*\.(bin)                      10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
refresh_pattern (avgate|avira).*(idx|gz)$                           10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
refresh_pattern kaspersky.*\.avc$                                   10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
refresh_pattern kaspersky                                           10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
refresh_pattern update.nai.com/.*\.(gem|zip|mcs)                    10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims
refresh_pattern ^http:\/\/liveupdate.symantecliveupdate.com.*\(zip)     10800 80% 10800 ignore-no-cache  ignore-reload  reload-into-ims

refresh_pattern windowsupdate.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims
refresh_pattern update.microsoft.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe)             10800  80%  10800 ignore-no-cache  ignore-reload  reload-into-ims

#images facebook
refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(jpg|png|gif)      10800 80% 10800 ignore-reload  override-expire ignore-no-cache
refresh_pattern -i \.fbcdn.net.*\.(jpg|gif|png|swf|mp3)                  10800 80% 10800 ignore-reload  override-expire ignore-no-cache
refresh_pattern  static\.ak\.fbcdn\.net*\.(jpg|gif|png)                  10800 80% 10800 ignore-reload  override-expire ignore-no-cache
refresh_pattern ^http:\/\/profile\.ak\.fbcdn.net*\.(jpg|gif|png)      10800 80% 10800 ignore-reload  override-expire ignore-no-cache

#banner IIX
refresh_pattern ^http:\/\/openx.*\.(jp(e?g|e|2)|gif|pn[pg]|swf|ico|css|tiff?) 10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/ads(1|2|3).kompas.com.*\/           10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/img.ads.kompas.com.*\/           10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
refresh_pattern .kompasimages.com.*\.(jpg|gif|png|swf)       10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/openx.kompas.com.*\/           10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
refresh_pattern kaskus.\us.*\.(jp(e?g|e|2)|gif|png|swf)        10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache
refresh_pattern ^http:\/\/img.kaskus.us.*\.(jpg|gif|png|swf)       10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache

#IIX DOWNLOAD
refresh_pattern ^http:\/\/\.www[0-9][0-9]\.indowebster\.com\/(.*)(mp3|rar|zip|flv|wmv|3gp|mp(4|3)|exe|msi|zip) 10800 99999% 10800 reload-into-ims  ignore-reload override-expire ignore-no-cache    ignore-auth

#All File
refresh_pattern -i \.(3gp|7z|ace|asx|avi|bin|cab|dat|deb|divx|dvr-ms)      10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(rar|jar|gz|tgz|bz2|iso|m1v|m2(v|p)|mo(d|v))          10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(jp(e?g|e|2)|gif|pn[pg]|bm?|tiff?|ico|swf|css|js)     10800 80% 10800 ignore-no-cache  ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(mp(e?g|a|e|1|2|3|4)|mk(a|v)|ms(i|u|p)|og(x|v|a|g)|rar|rm|r(a|p)m|snd|vob|wav) 10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t))     10800 80% 10800 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims

refresh_pattern (cgi-bin|\?)       0      0%      0
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern ^ftp:         10080     95%     10800 override-lastmod reload-into-ims
refresh_pattern         .     180     95% 10800 override-lastmod reload-into-ims

global_internal_static off
max_stale 10 years
retry_on_error on
buffered_logs on
read_ahead_gap 32 KB

#header_access Accept-Encoding deny  all
client_persistent_connections off
server_persistent_connections on
half_closed_clients off
strip_query_terms off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
vary_ignore_expire on
reload_into_ims on
pipeline_prefetch on
read_timeout 30 minutes
client_lifetime 6 hours
$negative_ttl 30 seconds
positive_dns_ttl 6 hours
$negative_dns_ttl 60 seconds
pconn_timeout 15 seconds
request_timeout 1 minute
$store_avg_object_size 13 KB
log_icp_queries off
ipcache_size 16384
ipcache_low 98
ipcache_high 99
log_fqdn off
fqdncache_size 16384
memory_pools off
forwarded_for on
client_db off
max_filedescriptors 8192

Note: The refresh pattern on this config are very aggressive and sometimes a user will get old cached pages even for those sites which updates on daily basis,
if you face such issues, remove following directives from refresh pattern.

ignore-reload override-expire ignore-no-cache ignore-no-store ignore-must-revalidate store-stale

What can I do to reduce Squid’s memory usage?

Squid uses a lot of memory for performance reasons. It takes much, much longer to read something from disk than it does to read directly from memory. As a rule of thumb on Squid uses approximately 10 MB of RAM per GB of the total of all cache_dirs (more on 64 bit servers such as Alpha), plus your cache_mem setting and about an additional 10-20MB. It is recommended to have at least twice this amount of physical RAM available on your Squid server.

If you have a low memory server, and a large disk, then you will not necessarily be able to use all the disk space, since as the cache fills the memory available will be insufficient, forcing Squid to swap out memory and affecting performance. A very large cache_dir total and insufficient physical RAM + Swap could cause Squid to stop functioning completely. The solution for larger caches is to get more physical RAM; allocating more to Squid via cache_mem will not help.

If your cache performance is suffering because of memory limitations, you might consider buying more memory. But if that is not an option, There are a number of things to try:

# Reduce the cache_mem parameter in the config file. This controls how many “hot” objects are kept in memory. Reducing this parameter will not significantly affect performance, but you may receive some warnings in cache.log if your cache is busy.

# Turn the memory_pools off in the config file. This causes Squid to give up unused memory by calling free() instead of holding on to the chunk for potential, future use.

# Reduce the cache_swap parameter in your config file. This will reduce the number of objects Squid keeps. Your overall hit ratio may go down a little, but your cache will perform significantly better.

# Reduce the maximum_object_size parameter. You won’t be able to cache the larger objects, and your byte volume hit ratio may go down, but Squid will perform better overall.

My Squid becomes very slow after it has been running for some time.

This is most likely because Squid is using more memory than it should be for your system. When the Squid process becomes large, it experiences a lot of paging. This will very rapidly degrade the performance of Squid. Memory usage is a complicated problem. There are a number of things to consider.

Then, examine the Cache Manager Info ouput and look at these two lines:
( squidclient -r -p 8080 mgr:info |more )

       Number of HTTP requests received: 121104 Page faults with physical i/o: 16720 

Divide the number of page faults by the number of connections. In this case 16720 /  121104 = 0.14. Ideally this ratio should be in the 0.0 – 0.1 range. It may be acceptable to be in the 0.1 – 0.2 range. Above that, however, and you will most likely find that Squid’s performance is unacceptably slow.

If the ratio is too high, you will need to make some changes to lower the amount of memory Squid uses. See above paragraphs “What I do to reduce Squid memroy usage”.

(Thanks to http://www.comfsm.fm/computing/squid/FAQ-8.html for some theoretical and statical reference.)

I hope it will help you in brief.

Regard’s

SYED JAHANZAIB

18 Comments »

  1. Dear Syed

    do you now why squid is getting to much memory , can i do anything to take just for example 2Gb of memory .
    i have 3.5Gb memory how much is it better to get the squid server .

    Hostname : nori Uptime : 08:14:18 Date : 2012-01-08 17:47:23

    Load 1 : 0.29 CPU Idle : 97.52% Running : 1 Zombie : 0
    Load 5 : 0.69 CPU System: 1.49% Sleeping : 151 Total : 153
    Load 15 : 0.62 CPU User : 0.99% Stopped : 1 No. Users : 2

    Mem Total : 3520M Swap Total: 1609M Mem Used : 89.92% Paging in : 8
    Mem Used : 3165M Swap Used : 0B Swap Used : 0.00% Paging out: 0
    Mem Free : 354M Swap Free : 1609M Total Used: 61.70%

    Disk Name Read Write Network Interface rx tx
    sda 8192B 0B lo 862B 862B
    eth1 0B 0B
    Total 8192B 0B eth0 519K 533K

    Mount Point Free Used

    my squid looks so it’s from this example :

    # If you have 4GB memory in Squid box, we will use formula of 1/3
    # You can adjust it according to your need. I used 2GB however 😀
    cache_mem 2 GB
    maximum_object_size 1000 MB
    maximum_object_size_in_memory 5000 KB

    what do i need to do …

    Comment by Nori Gashi — January 8, 2012 @ 9:53 PM

  2. Use the following.

    cache_mem 1 GB
    maximum_object_size 100 MB
    maximum_object_size_in_memory 128 KB

    Restart Squid after changes.

    I have updated the article and the squid.conf,
    Please Read it again.

    Comment by Syed Jahanzaib / Pinochio~:) — January 8, 2012 @ 11:03 PM

  3. What do i need to change to disable caching .flv files and files that are larger than for example 50 MB
    is there a way to do a restriction like that

    Comment by Timi — January 23, 2012 @ 1:16 AM

    • # To restrict file size for cache, use the following directive
      maximum_object_size 256 MB

      # To disable caching for specific file extension, use the following directives, place them at appropriate location.

      hierarchy_stoplist cgi-bin ?
      acl QUERY urlpath_regex cgi-bin \? \.flv
      no_cache deny QUERY

      Comment by Syed Jahanzaib / Pinochio~:) — January 23, 2012 @ 11:38 AM

  4. How about this one? found it on the web 🙂

    ;# 1 year = 525600 mins, 1 month = 43800 mins;
    refresh_pattern ^.*(utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 5259487 20% 5259487 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate store-stale negative-ttl=40320 max-stale=10;
    refresh_pattern imeem.*\.flv 0 0% 0 override-lastmod override-expire;
    refresh_pattern ^ftp: 40320 20% 40320 override-expire reload-into-ims store-stale;
    refresh_pattern ^gopher: 1440 0% 1440;
    refresh_pattern \.rapidshare.*\/[0-9]*\/.*\/[^\/]* 161280 90% 161280 ignore-reload store-stale;
    refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 5259487 99999999% 5259487 override-expire ignore-reload store-stale;
    refresh_pattern \.(ico|video-stats) 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth override-lastmod ignore-must-revalidate negative-ttl=10080 store-stale;
    refresh_pattern \.etology\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale;
    refresh_pattern galleries\.video(\?|sz) 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale;
    refresh_pattern brazzers\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale;
    refresh_pattern \.adtology\? 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache store-stale;
    refresh_pattern ^.*safebrowsing.*google 5259487 999999% 5259487 override-expire ignore-reload ignore-no-cache ignore-private ignore-auth ignore-must-revalidate negative-ttl=10080 store-stale;
    refresh_pattern ^http://((cbk|mt|khm|mlt)[0-9]?)\.google\.co(m|\.uk) 5259487 999999% 5259487 override-expire ignore-reload store-stale ignore-private negative-ttl=10080;
    refresh_pattern ytimg\.com.*\.jpg 5259487 999999% 5259487 override-expire ignore-reload store-stale;
    refresh_pattern (avgate|avira).*(idx|gz)$ 5259487 999999% 5259487 ignore-no-cache reload-into-ims store-stale;
    refresh_pattern kaspersky.*\.avc$ 5259487 999999% 5259487 ignore-reload store-stale;
    refresh_pattern kaspersky 1440 50% 161280 ignore-no-cache store-stale;
    refresh_pattern images\.friendster\.com.*\.(png|gif) 5259487 999999% 5259487 override-expire ignore-reload store-stale;
    refresh_pattern ((facebook.com)|(85.131.151.39)).*\.(png|gif) 5259487 999999% 5259487 override-expire ignore-reload store-stale;
    refresh_pattern garena\.com 5259487 999999% 5259487 override-expire reload-into-ims store-stale;
    refresh_pattern photobucket.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 override-expire ignore-reload store-stale;
    refresh_pattern vid\.akm\.dailymotion\.com.*\.on2\? 5259487 999999% 5259487 ignore-no-cache override-expire override-lastmod store-stale;
    refresh_pattern .fbcdn.net.*\.(jpg|gif|png) 40320 20% 40320 ignore-reload store-stale negative-ttl=5;
    refresh_pattern ^http:\/\/images|pics|thumbs[0-9]\. 5259487 999999% 5259487 ignore-no-cache ignore-no-store ignore-reload override-expire store-stale;
    refresh_pattern ^http:\/\/www.onemanga.com.*\/ 5259487 999999% 5259487 reload-into-ims override-expire store-stale;
    refresh_pattern mediafire.com\/images.*\.(jp(e?g|e|2)|tiff?|bmp|gif|png) 5259487 999999% 5259487 reload-into-ims override-expire ignore-private store-stale;
    refresh_pattern \.(jp(e?g|e|2)|gif|png|bmp|tiff?) 5259487 999999% 5259487 ignore-no-cache ignore-no-store reload-into-ims override-expire store-stale;
    refresh_pattern \.(z(ip|[0-9]{2})|r(ar|[0-9]{2})|jar|bz2|gz|tar|rpm|vpu) 5259487 999999% 5259487 override-expire reload-into-ims store-stale;
    refresh_pattern \.(mp3|wav|og(g|a)|flac|midi?|rm|aac|wma|mka|ape) 5259487 999999% 5259487 override-expire reload-into-ims ignore-reload store-stale;
    refresh_pattern \.(exe|msi|dmg|bin|xpi|iso|swf|mar|psf|cab) 5259487 999999% 5259487 override-expire reload-into-ims store-stale;
    refresh_pattern \.(mpeg|ra?m|avi|mp(g|e|4)|mov|divx|asf|wmv|m\dv|rv|vob|asx|ogm|flv|3gp|on2|ipa) 5259487 9999999% 5259487 override-expire reload-into-ims store-stale;
    refresh_pattern -i (cgi-bin) 0 0% 0;
    refresh_pattern \.(php|jsp|cgi|asx)\? 0 0% 0;
    refresh_pattern \.(php|jsp)$ 0 0% 0;
    refresh_pattern . 0 50% 161280 store-stale;

    Comment by ahmad.almosawi — April 2, 2012 @ 12:13 PM

  5. good day mr,syed,
    i would like to thank every thing about the conversation in site because this is very usefull for my little knowledge in server i ask one thing regarding with my squid proxy iptables to establish with my mikrotik pppoe server,this is my configuration.
    eth1-proxy
    eth2-dsl
    eth3-user
    pls.help me to configure my iptables squid proxy install on ubuntu server 10.04.

    thanks a lot
    sorry for my bad english

    Comment by Francis Huiden — August 27, 2012 @ 7:25 PM

  6. Hello Sr,

    I used your example and I keep getting TCP_MISS in most requests in access.log. I checked for possible Disk IO but seems fine. I use dnsmasq, so no DNS problem.

    Do you have any suggestion?

    Thanks,

    Comment by Badr — October 24, 2012 @ 6:17 PM

  7. Dear sir,

    I am facing one issue that IDM does not download on multi thread mode, only one thread is used and it kills the bandwith, plz help me in this matter also there is no resume capibility.
    Thanks

    Comment by basit — November 5, 2012 @ 11:31 PM

  8. sir help.. after i implemented this squid.conf i can’t opened youtube.com “access denied”

    Comment by Taufiq Muslih — November 21, 2012 @ 9:10 PM

    • oke sir done i just installed dnsmasq.. well done okay..
      i want to ask
      how to detected client ip in proxy when i using mikrotik hotspot
      my nat config im place in the end line

      9 ;;; nat proxy
      chain=dstnat action=dst-nat to-addresses=10.10.10.2 to-ports=3128
      protocol=tcp src-address=!10.10.10.0/28 dst-port=80

      Comment by Taufiq Muslih — November 22, 2012 @ 5:34 AM

  9. Reblogged this on SHERY's BLOG ON COMPUTER NETWORKING/I.T TIPS.

    Comment by Shery — April 4, 2013 @ 10:39 PM

  10. […] Reblogged from Syed Jahanzaib Personnel Blog to Share Knowledge !: […]

    Pingback by Working SQUID.CONF 2.7 Example! [Ubuntu] | What is a router? — April 29, 2013 @ 6:49 AM

  11. hi, is there any new config with radius server for ubuntu 12.4 server?
    thanks

    Comment by raco — June 8, 2013 @ 3:04 AM

  12. Hi Bro, i follwing your steps but i see 3 tutorials. I instlled squid, i add 2 NICS . 1 Lan 1 wan(both are in squid PC) now when i do the conection to rb750. It wont cache. My Wan is 192.168.25.1, Lan 192.168.5.1 .I see the squid is set up correctly. because i can restart with codes. Just not forwarding. I have 2 wans in mikrotik 1 lan. Thank you. Greatness upon you

    Comment by Alex — July 27, 2013 @ 10:25 AM

  13. Brother Syed
    El Sallamo Aliko
    I have Q, it’s not recommended to have Squid Server on ESXi 5.5 on local HD with RAID 5 ????

    Comment by akha666 — May 23, 2014 @ 5:32 PM


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: