acl manager proto cache_objectacl localhost src 127.0.0.1/32 ::1 # Use this if youre using squid3.acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Use this if youre using squid3.acl localnet4 src 192.168.22.0/24 # our local IPv4 network.http_access allow manager localhosthttp_access deny managerhttp_access deny to_localhosthttp_access allow localnet4http_access allow localhosthttp_access deny allhttp_port 8123hierarchy_stoplist cgi-bin ?cache_mem 1024 MBcache_dir aufs /var/cache/squid_cache 50000 16 256maximum_object_size 5120 MBrefresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern . 0 20% 4320quick_abort_min -1 QBread_ahead_gap 1 MBminimum_expiry_time 600 secondschunked_request_body_max_size 4096 KBdns_nameservers 192.168.0.1 202.134.1.5 203.130.196.155## Recommended minimum configuration:#dns_nameservers 192.168.0.1 202.134.1.5 203.130.196.155acl manager proto cache_objectacl localhost src 127.0.0.1/32 ::1acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks.# Adapt to list your (internal) IP networks from where browsing# should be allowedacl localnet src 192.168.3.0/24 # RFC1918 possible internal networkacl localnet src 192.168.2.0/24 # RFC1918 possible internal networkacl localnet src 192.168.0.0/24 # RFC1918 possible internal networkacl localnet src fc00::/7 # RFC 4193 local private network rangeacl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443acl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl CONNECT method CONNECT ## Recommended minimum Access Permission configuration:## Only allow cachemgr access from localhosthttp_access allow manager localhosthttp_access deny manager # Deny requests to certain unsafe portshttp_access deny !Safe_ports # Deny CONNECT to other than secure SSL portshttp_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent# web applications running on the proxy server who think the only# one who can access services on "localhost" is a local user#http_access deny to_localhost ## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS# # Example rule allowing access from your local networks.# Adapt localnet in the ACL section to list your (internal) IP networks# from where browsing should be allowedhttp_access allow localnethttp_access allow localhost # And finally deny all other access to this proxyhttp_access deny all # Squid normally listens to port 3128# change to 80 for pfSensehttp_port 3128 intercept # Uncomment and adjust the following to add a disk cache directory.cache_mem 384 MBcache_dir aufs /var/cache/squid_cache 50000 16 256maximum_object_size 1000 MBminimum_object_size 0KB # Leave coredumps in the first cache dircoredump_dir /var/spool/squid3 # Add any of your own refresh_pattern entries above these.refresh_pattern ^ftp: 1440 20% 10080refresh_pattern ^gopher: 1440 0% 1440refresh_pattern -i (/cgi-bin/|\?) 0 0% 0refresh_pattern -i (deb|tar|gz|tgz|bz2|zip|rar|msi|exe|rpm)$ 0 90% 1440refresh_pattern . 0 20% 4320