Squid.conf question



  • I have been doing a bit of tinkering with my squid3 setup and pfsense just looking for some feedback on my squid.conf as far as i can tell it is working pretty well but any suggestions or comments would be more than appricated.

    #debug_options ALL,3
    http_port LAN_IP:3128
    http_port 127.0.0.1:3128 intercept
    icp_port 0
    icp_access deny all
    dns_nameservers 127.0.0.1 #unbound package listening on loopback and LAN_IP
    dns_v4_first on
    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_default_language en
    icon_directory /usr/local/etc/squid/icons
    visible_hostname MY_ROUTER_HOSTNAME
    cache_mgr MY_EMAIL
    logformat combined %Ss:%Sh [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %>Hs %<st "%{referer}="">h" "%{User-Agent}>h"
    access_log /var/squid/logs/access.log combined
    cache_log /var/squid/logs/cache.log
    cache_store_log /var/squid/logs/store.log
    sslcrtd_children 5
    logfile_rotate 7
    shutdown_lifetime 10 seconds
    forwarded_for off
    via off
    httpd_suppress_version_string on
    uri_whitespace strip
    cache_mem 512 MB
    maximum_object_size 524288 KB
    maximum_object_size_in_memory 131072 KB
    minimum_object_size 0 KB
    memory_replacement_policy heap LRU
    cache_replacement_policy heap LRU
    cache_dir diskd /var/squid/cache 10240 16 256 Q1=64 Q2=72
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95
    strip_query_terms off
    #pipeline_prefetch on
    fqdncache_size 16384
    ipcache_low 90
    ipcache_high 95
    retry_on_error on
    range_offset_limit 0
    quick_abort_min 16 KB
    quick_abort_max 16 KB
    quick_abort_pct 95
    positive_dns_ttl 24 hours
    #balance_on_multiple_ip on
    mime_table /usr/local/etc/squid/mime.conf
    append_domain MY_.LOCAL_DOMAIN
    
    url_rewrite_program /usr/local/bin/python /usr/share/videocache/videocache.py
    url_rewrite_children 10
    
    acl videocache_allow_url url_regex -i stream\.aol\.com\/(.*)/[a-zA-Z0-9]+\/(.*)\.(flv|mp4)
    acl videocache_allow_url url_regex -i videos\.5min\.com\/(.*)/[0-9_]+\.(mp4|flv)
    acl videocache_allow_url url_regex -i msn\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i msn\.(.*)\.(com|net)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i msnbc\.(.*)\.(com|net)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i \.blip\.tv\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_deny_url  url_regex -i \.blip\.tv\/(.*)filename
    acl videocache_allow_url url_regex -i \.break\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i cdn\.turner\.com\/(.*)/(.*)\.(flv)
    acl videocache_allow_url url_regex -i \.dailymotion\.com\/video\/[a-z0-9]{5,9}_?(.*)
    acl videocache_allow_url url_regex -i proxy[a-z0-9\-]?[a-z0-9]?[a-z0-9]?[a-z0-9]?\.dailymotion\.com\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i vid\.ec\.dmcdn\.net\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i video\.(.*)\.fbcdn\.net\/(.*)/[0-9_]+\.(mp4|flv|avi|mkv|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i \.mccont\.com\/ItemFiles\/(.*)?\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i (.*)\.myspacecdn\.com\/(.*)\/[a-zA-Z0-9]+\/vid\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i (.*)\.myspacecdn\.(.*)\.footprint\.net\/(.*)\/[a-zA-Z0-9]+\/vid\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i \.youtu\.be\/feeds\/api\/videos\/[0-9a-zA-Z_-]{11}\/
    acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.com\/feeds\/api\/videos\/[0-9a-zA-Z_-]{11}\/
    acl videocache_allow_url url_regex -i \.youtu\.be\/(videoplayback|get_video|watch|watch_popup|user_watch)\?
    acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.com\/(videoplayback|get_video|watch|watch_popup|user_watch)\?
    acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.[a-z][a-z]\/(videoplayback|get_video|watch|watch_popup|user_watch)\?
    acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.[a-z][a-z]\.[a-z][a-z]\/(videoplayback|get_video|watch|watch_popup|user_watch)\?
    acl videocache_allow_url url_regex -i \.youtu\.be\/(v|e|embed)\/[0-9a-zA-Z_-]{11}
    acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.com\/(v|e|embed)\/[0-9a-zA-Z_-]{11}
    acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.[a-z][a-z]\/(v|e|embed)\/[0-9a-zA-Z_-]{11}
    acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.[a-z][a-z]\.[a-z][a-z]\/(v|e|embed)\/[0-9a-zA-Z_-]{11}
    acl videocache_allow_url url_regex -i \.vimeo\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i \.amazonaws\.com\/(.*)\.vimeo\.com(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i v\.imwx\.com\/v\/wxcom\/[a-zA-Z0-9]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)\?(.*)videoId=[0-9]+&
    acl videocache_allow_url url_regex -i c\.wrzuta\.pl\/wv[0-9]+\/[a-z0-9]+/[0-9]+/
    acl videocache_allow_url url_regex -i c\.wrzuta\.pl\/wa[0-9]+\/[a-z0-9]+
    acl videocache_allow_url url_regex -i (((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))\/youku\/[0-9A-Z]+\/[0-9A-Z\-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.extremetube\.phncdn\.com\/(.*)\/[a-zA-Z0-9_-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i vs[a-z0-9]?[a-z0-9]?[a-z0-9]?\.hardsextube\.com\/(.*)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_deny_url  url_regex -i \.hardsextube\.com\/videothumbs
    acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.keezmovies\.phncdn\.com\/(.*)\/[0-9a-zA-Z_\-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.keezmovies\.com\/(.*)\/[0-9a-zA-Z_\-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i nyc-v[a-z0-9]?[a-z0-9]?[a-z0-9]?\.pornhub\.com\/(.*)/videos/[0-9]{3}/[0-9]{3}/[0-9]{3}/[0-9]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i \.video\.pornhub\.phncdn\.com\/videos/(.*)/[0-9]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i video(.*)\.redtubefiles\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i \.slutload-media\.com\/(.*)\/[a-zA-Z0-9_.-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.spankwire\.com\/(.*)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.spankwire\.phncdn\.com\/(.*)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i \.tube8\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_allow_url url_regex -i ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(.*)key=[a-z0-9]+(.*)\.flv
    acl videocache_allow_url url_regex -i \.xtube\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    acl videocache_deny_url  url_regex -i \.xtube\.com\/(.*)(Thumb|videowall)
    acl videocache_allow_url url_regex -i \.xvideos\.com\/videos\/flv\/(.*)\/(.*)\.(flv|mp4)
    acl videocache_allow_url url_regex -i \.public\.youporn\.phncdn\.com\/(.*)\/[a-zA-Z0-9_-]+\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
    
    #video Cache Refresh Patterns
    refresh_pattern \.youtube\.com\/videoplayback\? 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern stream\.aol\.com\/(.*)/[a-zA-Z0-9]+\/(.*)\.(flv|mp4) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern videos\.5min\.com\/(.*)/[0-9_]+\.(mp4|flv) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern proxy[a-z0-9\-]?[a-z0-9]?[a-z0-9]?[a-z0-9]?\.dailymotion\.com\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern vid\.akm\.dailymotion\.com\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern vid\.ec\.dmcdn\.net\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern video\.(.*)\.fbcdn\.net\/(.*)/[0-9_]+\.(mp4|flv|avi|mkv|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern (.*)\.myspacecdn\.com\/(.*)\/[a-zA-Z0-9]+\/vid\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern (.*)\.myspacecdn\.(.*)\.footprint\.net\/(.*)\/[a-zA-Z0-9]+\/vid\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern c\.wrzuta\.pl\/wv[0-9]+\/[a-z0-9]+/[0-9]+/ 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern c\.wrzuta\.pl\/wa[0-9]+\/[a-z0-9]+ 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    refresh_pattern vs[a-z0-9]?[a-z0-9]?[a-z0-9]?\.hardsextube\.com\/(.*)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
    
    # Windows Update refresh_pattern
    range_offset_limit -1
    refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
    
    # Symantec refresh_pattern
    range_offset_limit -1
    refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
    refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
    
    #ADs
    refresh_pattern ^.*safebrowsing.*google 10080 95% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate 
    refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10080 95% 43200 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate
    
    # Everything Else
    refresh_pattern -i \.(7z|arj|bin|bz2|cab|dmg|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|z(ip|[0-9]{2})|r(ar|[0-9]{2})|rpm|tar|tgz|rtp|rpz|nui|kom|stg)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims  ignore-must-revalidate ignore-no-store ignore-reload
    refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtf|txt|wpl|xls|xlsx)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims  ignore-must-revalidate ignore-no-store ignore-reload
    refresh_pattern -i \.(3gp|ac4|acc|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims  ignore-must-revalidate ignore-no-store ignore-reload
    refresh_pattern -i \.(jp(e?g|e|2)|tiff?|bmp|gif|png)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims  ignore-must-revalidate ignore-no-store ignore-reload
    
    refresh_pattern ^ftp: 10080 100% 43200 
    refresh_pattern ^gopher: 10080 100% 43200
    refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
    refresh_pattern \.(php|jsp|cgi|asx)\? 0 0% 0
    refresh_pattern . 10080 20% 43200
    
    request_header_access Allow allow all
    request_header_access Authorization allow all
    request_header_access WWW-Authenticate allow all
    request_header_access Proxy-Authorization allow all
    request_header_access Proxy-Authenticate allow all
    request_header_access Cache-Control allow all
    request_header_access Content-Encoding allow all
    request_header_access Content-Length allow all
    request_header_access Content-Type allow all
    request_header_access Date allow all
    request_header_access Expires allow all
    request_header_access Host allow all
    request_header_access If-Modified-Since allow all
    request_header_access Last-Modified allow all
    request_header_access Location allow all
    request_header_access Pragma allow all
    request_header_access Accept allow all
    request_header_access Accept-Charset allow all
    request_header_access Accept-Encoding allow all
    request_header_access Accept-Language allow all
    request_header_access Content-Language allow all
    request_header_access Mime-Version allow all
    request_header_access Retry-After allow all
    request_header_access Title allow all
    request_header_access Connection allow all
    #request_header_access All deny all #WIP
    
    reply_header_access Allow allow all
    reply_header_access Authorization allow all
    reply_header_access WWW-Authenticate allow all
    reply_header_access Proxy-Authorization allow all
    reply_header_access Proxy-Authenticate allow all
    reply_header_access Cache-Control allow all
    reply_header_access Content-Encoding allow all
    reply_header_access Content-Length allow all
    reply_header_access Content-Type allow all
    reply_header_access Date allow all
    reply_header_access Expires allow all
    reply_header_access Host allow all
    reply_header_access If-Modified-Since allow all
    reply_header_access Last-Modified allow all
    reply_header_access Location allow all
    reply_header_access Pragma allow all
    reply_header_access Accept allow all
    reply_header_access Accept-Charset allow all
    reply_header_access Accept-Encoding allow all
    reply_header_access Accept-Language allow all
    reply_header_access Content-Language allow all
    reply_header_access Mime-Version allow all
    reply_header_access Retry-After allow all
    reply_header_access Title allow all
    reply_header_access Connection allow all
    #reply_header_access All deny all #WIP
    
    #Video Cache ACLs
    acl videocache_deny_url url_regex -i crossdomain.xml
    acl videocache_method method GET
    #acl videocache_other src all
    acl videocache_deny_header req_header X-Requested-With -i videocache
    
    # Setup some default acls
    acl allsrc src all
    acl localhost src 127.0.0.1/32
    acl localnet src  LAN_IP_RANGE
    acl allowed_subnets src INBOUND_VPN_RANGE
    acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
    acl sslports port 443 563  
    acl manager proto cache_object
    acl purge method PURGE
    acl connect method CONNECT
    acl vpn src "/var/squid/acl/vpn.acl" #Just A txt FILE WITH NET BLOCKS TO GOOGLE
    
    tcp_outgoing_address VPN_IP vpn #JUST TO SEND SPECIFIED TRAFFIC TO OUTBOUND VPN (US IP)
    tcp_outgoing_address 127.0.0.1 !vpn  #SENDS EVERYTHING ELSE TO LOAD BALANCING RULE
    
    #video Cache URL Rewrite
    url_rewrite_access deny videocache_deny_url
    url_rewrite_access deny videocache_deny_header
    url_rewrite_access allow videocache_method videocache_allow_url
    url_rewrite_access deny allsrc
    url_rewrite_bypass on
    
    http_access allow manager localhost
    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports
    http_access deny to_localhost
    
    # Always allow localhost connections
    http_access allow localhost
    
    # Allow local network(s) on interface(s)
    http_access allow allowed_subnets
    http_access allow localnet
    # Default block all to be sure
    http_access deny allsrc</st> 
    


  • Hi Jacob81286

    Could I ask if you could put up the process or link you followed to install video cache?

    Thanks



  • :o I Had Planned On Doing This, I Can't Give You The Software As Its Paid (A Bit Of Google Searching You Can Find It) But I Will Do A Write-up On The Process Give Me A Few Days As It Is A Pain In The Butt Most Guides Are Pretty Outdated.


Log in to reply