# $Id: master.m4,v 1.37 2003/01/28 21:18:06 wessels Exp $ # # squid.conf - Squid Object Cache configuration file # # Host: bo1.us.ircache.net # Description: NLANR Root Cache in Boulder, Colorado # # For more information about the Squid Object Cache, refer to # http://www.nlanr.net/Squid/ # # $Id: trailer.m4,v 1.489 2006/08/10 05:46:40 wessels Exp $ http_port 127.0.0.1:3128 http_port 192.43.244.42:3128 http_port 192.43.244.42:3120 icp_port 3130 htcp_port 4827 udp_incoming_address 192.43.244.42 snmp_incoming_address 192.43.244.42 # nlanr_peers ACL is referenced by mk-acl.pl # pb acl nlanr_peers src 128.182.77.190 acl nlanr_peers src 209.249.12.186 # uc acl nlanr_peers src 141.142.30.135 # bo1 acl nlanr_peers src 192.43.244.42 # bo2 acl nlanr_peers src 12.160.37.20 # sv # alias pa1 acl nlanr_peers src 192.6.19.202 # sd acl nlanr_peers src 192.172.226.121 # sj acl nlanr_peers src 204.29.239.20 # rtp acl nlanr_peers src 128.109.131.47 # pa acl nlanr_peers src 192.6.19.203 # ny acl nlanr_peers src 216.66.24.58 acl nlanr_peers src 64.90.188.50 cache_peer bo2.us.ircache.net sibling 3128 3130 cache_peer_access bo2.us.ircache.net deny nlanr_peers cache_peer uc.us.ircache.net sibling 3128 4827 htcp cache_peer_access uc.us.ircache.net deny nlanr_peers cache_mem 10 MB cache_swap_low 90 cache_swap_high 95 cache_dir diskd /cache0 3500 16 64 Q1=72 Q2=64 cache_dir diskd /cache1 3500 16 64 Q1=72 Q2=64 cache_dir diskd /cache2 3500 16 64 Q1=72 Q2=64 cache_dir diskd /cache3 3500 16 64 Q1=72 Q2=64 store_dir_select_algorithm round-robin cache_access_log /usr/local/squid2/var/logs/access.log cache_log /usr/local/squid2/var/logs/cache.log cache_store_log /usr/local/squid2/var/logs/store.log #cache_dns_program /usr/local/squid2/bin/dnsserver pid_filename /usr/local/squid2/squid.pid useragent_log none hierarchy_stoplist cgi-bin hierarchy_stoplist ? acl QUERY urlpath_regex cgi \? no_cache deny QUERY # quick abort: # always finish if less than 10k # finish if more than 50% # always abort if more tan 1024k quick_abort_min 20 kb quick_abort_pct 50% quick_abort_max 1024 kb #quick_abort_min -1 KB emulate_httpd_log off refresh_pattern . 0 20% 4320 maximum_object_size 16384 kb acl all2 src 0/0 reply_body_max_size 500000000 allow all2 read_timeout 30 minutes client_lifetime 3 hours pconn_timeout 15 seconds request_timeout 1 minute shutdown_lifetime 10 seconds positive_dns_ttl 53 seconds negative_dns_ttl 29 seconds ipcache_size 10240 ipcache_low 98 ipcache_high 99 cache_mgr wessels@bo1.us.ircache.net cache_effective_user squid announce_host tracker.ircache.net announce_port 3131 announce_period 4 hours visible_hostname bo1.us.ircache.net hostname_aliases bo1.cache.nlanr.net hostname_aliases bo.us.ircache.net bo.cache.nlanr.net minimum_direct_hops 5 minimum_direct_rtt 50 log_fqdn off #ident_lookup off memory_pools off forwarded_for on icp_hit_stale on logfile_rotate 0 #referer_log /usr/local/squid/var/logs/referer.log store_objects_per_bucket 10 store_avg_object_size 13 kb netdb_high 10000 netdb_low 9900 netdb_ping_period 30 seconds log_icp_queries off #test_reachability off query_icmp on debug_options ALL,1 98,2 max_open_disk_fds 55 error_directory /usr/local/squid2/share/local-errors acl ircache.net src 12.160.37.6 snmp_access allow ircache.net high_memory_warning 400 mb high_response_time_warning 2000 high_page_fault_warning 2 auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/etc/passwd auth_param basic children 5 auth_param basic realm IRCache Proxy Access acl NCSAPasswd proxy_auth REQUIRED strip_query_terms off ignore_only_if_cached off icp_false_hit_ratio 5 coredump_dir /usr/local/squid/var redirect_children 20 redirect_program /usr/local/squid/libexec/myredir.pl redirector_bypass on range_offset_limit 50 KB acl peers src 127.0.0.1 acl peers src 134.147.0.0/16 acl peers src 142.90.100.0/24 acl peers src 195.242.9.17 acl peers src 193.233.46.0/24 acl peers src 216.173.217.56/29 acl peers src 195.110.0.0/16 acl peers src 206.168.0.0/26 acl peers src 128.84.0.0/16 acl peers src 157.252.10.0/24 acl peers src 128.182.0.0/16 acl peers src 129.162.0.0/16 acl peers src 129.10.116.0/24 acl peers src 155.33.248.0/22 acl peers src 137.132.0.0/16 acl peers src 204.29.239.0/24 acl peers src 199.201.159.0/24 acl peers src 202.155.14.192/26 acl peers src 195.250.64.0/24 acl peers src 199.221.98.4 acl peers src 202.101.28.0/25 acl peers src 193.233.9.0/24 acl peers src 217.76.96.32/27 acl peers src 213.234.0.128/25 acl peers src 202.91.161.0/24 acl peers src 209.78.192.139/32 acl peers src 212.49.151.0/24 acl peers src 208.188.247.0/24 acl peers src 192.58.220.0/24 acl peers src 210.212.160.192/28 acl peers src 213.176.161.200/31 acl peers src 193.233.44.0/24 acl peers src 213.237.11.67 acl peers src 212.57.139.32/28 acl peers src 206.246.138.130 acl peers src 193.233.1.61 acl peers src 193.232.212.50/32 acl peers src 210.192.0.0/16 acl mgr src 132.249.40.200 127.0.0.1 206.168.0.0/26 12.160.37.0/24 192.52.106.29 192.52.106.12 acl Manager proto cache_object acl all src 0.0.0.0/0.0.0.0 acl post method POST acl ssl method CONNECT acl purge method PURGE acl IRCACHE dst 206.168.0.6 12.160.37.6 acl BADPORTS port 7 9 11 19 22 23 25 53 110 119 513 514 acl VIRUS urlpath_regex winnt/system32/cmd.exe? acl VIRUS urlpath_regex ^/osa..gif acl VIRUS urlpath_regex ^/./fils.php acl VIRUS urlpath_regex ^/./999.jpg acl VIRUS urlpath_regex ^/w.php acl YAHOOATTACK urlpath_regex akamai.*yahoo.*config/login acl INADDR_ANY dst 0.0.0.0/32 acl IpAddrProbeUA browser ^Mozilla/4.0.\(compatible;.MSIE.5.5;.Windows.98\)$ acl IpAddrProbeURL url_regex //[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/$ icp_access deny post icp_access allow all # okay to remove this if chg.ru cleans up its act acl chg.ru src 193.232.212.50 193.233.46.21 acl cvsweb url_regex cvsweb http_access deny chg.ru cvsweb http_access deny IpAddrProbeUA IpAddrProbeURL deny_info TCP_RESET IpAddrProbeURL acl OriginsThatComplainOfAbuse dstdomain .fencing101.com http_access deny OriginsThatComplainOfAbuse deny_info TCP_RESET OriginsThatComplainOfAbuse http_access allow purge mgr http_access deny purge http_access allow Manager mgr http_access deny Manager http_access deny BADPORTS http_access deny ssl http_access deny VIRUS http_access deny YAHOOATTACK http_access deny INADDR_ANY http_access allow nlanr_peers http_access allow peers http_access allow IRCACHE http_access allow NCSAPasswd http_access deny all # END configuration for host bo1.us.ircache.net