acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 # Rule to represent query strings in a url path acl QUERY urlpath_regex cgi-bin \? # Rule to represent your domain acl DOMAIN dstdomain www.yoursite.com # Rule for some std ports acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # allow access via http from localhost and any safe ports http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # allow access (to reverse proxying) from your domain name http_access allow localhost http_access allow DOMAIN http_access deny all http_port 80 accel vhost defaultsite=127.0.0.1 # setup the reverse parodying for roundrobin between dns your_first_web_server and your_second_web_server cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=your_first_web_server login=PASS front-end-https=auto round-robin cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=your_second_web_server login=PASS front-end-https=auto round-robin # allow cache storage for results coming back from the webservers cache_peer_access your_first_web_server allow DOMAIN cache_peer_access your_first_web_server deny all cache_peer_access your_second_web_server allow DOMAIN cache_peer_access your_second_web_server deny all # Don't put query string urls in the cache. cache deny QUERY # Your rewrite program (not sure how well this part scales) url_rewrite_program /etc/squid/rewrite.py # Everything below is pretty std don't worry too much about it ################################################################################ #Allow ICP queries from everyone icp_access allow all hierarchy_stoplist cgi-bin ? cache_mem 50 MB maximum_object_size_in_memory 200 KB cache_dir ufs /var/spool/squid 1000 16 256 access_log /var/log/squid/access.log squid cache_log /var/log/squid/cache.log cache_store_log /var/log/squid/store.log #logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh refresh_pattern . 5 100% 5 ignore-reload negative_ttl 1 second acl apache rep_header Server ^Apache broken_vary_encoding allow apache # remove a lot of random headers sent out be squid header_access Server deny all header_access X-Powered-By deny all header_access X-Cache deny all header_access X-Cache-Lookup deny all header_access Via deny all # Leave coredumps in the first cache dir coredump_dir /var/spool/squid