Squid.conf question

jacob81286

I have been doing a bit of tinkering with my squid3 setup and pfsense just looking for some feedback on my squid.conf as far as i can tell it is working pretty well but any suggestions or comments would be more than appricated.

#debug_options ALL,3
http_port LAN_IP:3128
http_port 127.0.0.1:3128 intercept
icp_port 0
icp_access deny all
dns_nameservers 127.0.0.1 #unbound package listening on loopback and LAN_IP
dns_v4_first on
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language en
icon_directory /usr/local/etc/squid/icons
visible_hostname MY_ROUTER_HOSTNAME
cache_mgr MY_EMAIL
logformat combined %Ss:%Sh [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %>Hs %<st "%{referer}="">h" "%{User-Agent}>h"
access_log /var/squid/logs/access.log combined
cache_log /var/squid/logs/cache.log
cache_store_log /var/squid/logs/store.log
sslcrtd_children 5
logfile_rotate 7
shutdown_lifetime 10 seconds
forwarded_for off
via off
httpd_suppress_version_string on
uri_whitespace strip
cache_mem 512 MB
maximum_object_size 524288 KB
maximum_object_size_in_memory 131072 KB
minimum_object_size 0 KB
memory_replacement_policy heap LRU
cache_replacement_policy heap LRU
cache_dir diskd /var/squid/cache 10240 16 256 Q1=64 Q2=72
offline_mode off
cache_swap_low 90
cache_swap_high 95
strip_query_terms off
#pipeline_prefetch on
fqdncache_size 16384
ipcache_low 90
ipcache_high 95
retry_on_error on
range_offset_limit 0
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
positive_dns_ttl 24 hours
#balance_on_multiple_ip on
mime_table /usr/local/etc/squid/mime.conf
append_domain MY_.LOCAL_DOMAIN

url_rewrite_program /usr/local/bin/python /usr/share/videocache/videocache.py
url_rewrite_children 10

acl videocache_allow_url url_regex -i stream\.aol\.com\/(.*)/[a-zA-Z0-9]+\/(.*)\.(flv|mp4)
acl videocache_allow_url url_regex -i videos\.5min\.com\/(.*)/[0-9_]+\.(mp4|flv)
acl videocache_allow_url url_regex -i msn\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i msn\.(.*)\.(com|net)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i msnbc\.(.*)\.(com|net)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i \.blip\.tv\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_deny_url  url_regex -i \.blip\.tv\/(.*)filename
acl videocache_allow_url url_regex -i \.break\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i cdn\.turner\.com\/(.*)/(.*)\.(flv)
acl videocache_allow_url url_regex -i \.dailymotion\.com\/video\/[a-z0-9]{5,9}_?(.*)
acl videocache_allow_url url_regex -i proxy[a-z0-9\-]?[a-z0-9]?[a-z0-9]?[a-z0-9]?\.dailymotion\.com\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i vid\.akm\.dailymotion\.com\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i vid\.ec\.dmcdn\.net\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i video\.(.*)\.fbcdn\.net\/(.*)/[0-9_]+\.(mp4|flv|avi|mkv|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i \.mccont\.com\/ItemFiles\/(.*)?\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i (.*)\.myspacecdn\.com\/(.*)\/[a-zA-Z0-9]+\/vid\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i (.*)\.myspacecdn\.(.*)\.footprint\.net\/(.*)\/[a-zA-Z0-9]+\/vid\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i \.youtu\.be\/feeds\/api\/videos\/[0-9a-zA-Z_-]{11}\/
acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.com\/feeds\/api\/videos\/[0-9a-zA-Z_-]{11}\/
acl videocache_allow_url url_regex -i \.youtu\.be\/(videoplayback|get_video|watch|watch_popup|user_watch)\?
acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.com\/(videoplayback|get_video|watch|watch_popup|user_watch)\?
acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.[a-z][a-z]\/(videoplayback|get_video|watch|watch_popup|user_watch)\?
acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.[a-z][a-z]\.[a-z][a-z]\/(videoplayback|get_video|watch|watch_popup|user_watch)\?
acl videocache_allow_url url_regex -i \.youtu\.be\/(v|e|embed)\/[0-9a-zA-Z_-]{11}
acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.com\/(v|e|embed)\/[0-9a-zA-Z_-]{11}
acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.[a-z][a-z]\/(v|e|embed)\/[0-9a-zA-Z_-]{11}
acl videocache_allow_url url_regex -i \.(youtube|google|googlevideo|youtube-nocookie)\.[a-z][a-z]\.[a-z][a-z]\/(v|e|embed)\/[0-9a-zA-Z_-]{11}
acl videocache_allow_url url_regex -i \.vimeo\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i \.amazonaws\.com\/(.*)\.vimeo\.com(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i v\.imwx\.com\/v\/wxcom\/[a-zA-Z0-9]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)\?(.*)videoId=[0-9]+&
acl videocache_allow_url url_regex -i c\.wrzuta\.pl\/wv[0-9]+\/[a-z0-9]+/[0-9]+/
acl videocache_allow_url url_regex -i c\.wrzuta\.pl\/wa[0-9]+\/[a-z0-9]+
acl videocache_allow_url url_regex -i (((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))\/youku\/[0-9A-Z]+\/[0-9A-Z\-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.extremetube\.phncdn\.com\/(.*)\/[a-zA-Z0-9_-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i vs[a-z0-9]?[a-z0-9]?[a-z0-9]?\.hardsextube\.com\/(.*)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_deny_url  url_regex -i \.hardsextube\.com\/videothumbs
acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.keezmovies\.phncdn\.com\/(.*)\/[0-9a-zA-Z_\-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.keezmovies\.com\/(.*)\/[0-9a-zA-Z_\-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i nyc-v[a-z0-9]?[a-z0-9]?[a-z0-9]?\.pornhub\.com\/(.*)/videos/[0-9]{3}/[0-9]{3}/[0-9]{3}/[0-9]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i \.video\.pornhub\.phncdn\.com\/videos/(.*)/[0-9]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i video(.*)\.redtubefiles\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i \.slutload-media\.com\/(.*)\/[a-zA-Z0-9_.-]+\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.spankwire\.com\/(.*)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i cdn[a-z0-9]?[a-z0-9]?[a-z0-9]?\.public\.spankwire\.phncdn\.com\/(.*)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i \.tube8\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_allow_url url_regex -i ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/(.*)key=[a-z0-9]+(.*)\.flv
acl videocache_allow_url url_regex -i \.xtube\.com\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)
acl videocache_deny_url  url_regex -i \.xtube\.com\/(.*)(Thumb|videowall)
acl videocache_allow_url url_regex -i \.xvideos\.com\/videos\/flv\/(.*)\/(.*)\.(flv|mp4)
acl videocache_allow_url url_regex -i \.public\.youporn\.phncdn\.com\/(.*)\/[a-zA-Z0-9_-]+\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg)

#video Cache Refresh Patterns
refresh_pattern \.youtube\.com\/videoplayback\? 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern stream\.aol\.com\/(.*)/[a-zA-Z0-9]+\/(.*)\.(flv|mp4) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern videos\.5min\.com\/(.*)/[0-9_]+\.(mp4|flv) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern proxy[a-z0-9\-]?[a-z0-9]?[a-z0-9]?[a-z0-9]?\.dailymotion\.com\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern vid\.akm\.dailymotion\.com\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern vid\.ec\.dmcdn\.net\/(.*)\.(flv|on2|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern video\.(.*)\.fbcdn\.net\/(.*)/[0-9_]+\.(mp4|flv|avi|mkv|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern (.*)\.myspacecdn\.com\/(.*)\/[a-zA-Z0-9]+\/vid\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern (.*)\.myspacecdn\.(.*)\.footprint\.net\/(.*)\/[a-zA-Z0-9]+\/vid\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern c\.wrzuta\.pl\/wv[0-9]+\/[a-z0-9]+/[0-9]+/ 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern c\.wrzuta\.pl\/wa[0-9]+\/[a-z0-9]+ 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private
refresh_pattern vs[a-z0-9]?[a-z0-9]?[a-z0-9]?\.hardsextube\.com\/(.*)\/(.*)\.(flv|mp4|avi|mkv|mp3|rm|rmvb|m4v|mov|wmv|3gp|mpg|mpeg) 10080 100% 43200 ignore-no-cache ignore-no-store override-expire override-lastmod ignore-private

# Windows Update refresh_pattern
range_offset_limit -1
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

# Symantec refresh_pattern
range_offset_limit -1
refresh_pattern liveupdate.symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern symantecliveupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

#ADs
refresh_pattern ^.*safebrowsing.*google 10080 95% 43200 override-expire ignore-reload ignore-no-cache ignore-no-store ignore-private ignore-auth ignore-must-revalidate 
refresh_pattern ^.*(streamate.doublepimp.com.*\.js\?|utm\.gif|ads\?|rmxads\.com|ad\.z5x\.net|bh\.contextweb\.com|bstats\.adbrite\.com|a1\.interclick\.com|ad\.trafficmp\.com|ads\.cubics\.com|ad\.xtendmedia\.com|\.googlesyndication\.com|advertising\.com|yieldmanager|game-advertising\.com|pixel\.quantserve\.com|adperium\.com|doubleclick\.net|adserving\.cpxinteractive\.com|syndication\.com|media.fastclick.net).* 10080 95% 43200 ignore-no-cache ignore-no-store ignore-private override-expire ignore-reload ignore-auth ignore-must-revalidate

# Everything Else
refresh_pattern -i \.(7z|arj|bin|bz2|cab|dmg|dll|exe|gz|inc|iso|jar|lha|ms(i|p|u)|z(ip|[0-9]{2})|r(ar|[0-9]{2})|rpm|tar|tgz|rtp|rpz|nui|kom|stg)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims  ignore-must-revalidate ignore-no-store ignore-reload
refresh_pattern -i \.(class|doc|docx|pdf|pps|ppt|ppsx|pptx|ps|rtf|txt|wpl|xls|xlsx)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims  ignore-must-revalidate ignore-no-store ignore-reload
refresh_pattern -i \.(3gp|ac4|acc|agx|au|avi|axd|bmp|cbr|cbt|cbz|dat|gif|hqx|ico|jp(2|e|eg|g)|mid|mk(a|v)|mov|mp(1|2|3|4|e|eg|g)|og(a|g|v)|qt|ra|ram|rm|swf|tif|tiff|wa(v|x)|wm(a|v|x)|x-flv)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims  ignore-must-revalidate ignore-no-store ignore-reload
refresh_pattern -i \.(jp(e?g|e|2)|tiff?|bmp|gif|png)$ 14400 99% 14400 override-expire override-lastmod ignore-no-cache ignore-private reload-into-ims  ignore-must-revalidate ignore-no-store ignore-reload

refresh_pattern ^ftp: 10080 100% 43200 
refresh_pattern ^gopher: 10080 100% 43200
refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
refresh_pattern \.(php|jsp|cgi|asx)\? 0 0% 0
refresh_pattern . 10080 20% 43200

request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
#request_header_access All deny all #WIP

reply_header_access Allow allow all
reply_header_access Authorization allow all
reply_header_access WWW-Authenticate allow all
reply_header_access Proxy-Authorization allow all
reply_header_access Proxy-Authenticate allow all
reply_header_access Cache-Control allow all
reply_header_access Content-Encoding allow all
reply_header_access Content-Length allow all
reply_header_access Content-Type allow all
reply_header_access Date allow all
reply_header_access Expires allow all
reply_header_access Host allow all
reply_header_access If-Modified-Since allow all
reply_header_access Last-Modified allow all
reply_header_access Location allow all
reply_header_access Pragma allow all
reply_header_access Accept allow all
reply_header_access Accept-Charset allow all
reply_header_access Accept-Encoding allow all
reply_header_access Accept-Language allow all
reply_header_access Content-Language allow all
reply_header_access Mime-Version allow all
reply_header_access Retry-After allow all
reply_header_access Title allow all
reply_header_access Connection allow all
#reply_header_access All deny all #WIP

#Video Cache ACLs
acl videocache_deny_url url_regex -i crossdomain.xml
acl videocache_method method GET
#acl videocache_other src all
acl videocache_deny_header req_header X-Requested-With -i videocache

# Setup some default acls
acl allsrc src all
acl localhost src 127.0.0.1/32
acl localnet src  LAN_IP_RANGE
acl allowed_subnets src INBOUND_VPN_RANGE
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 
acl sslports port 443 563  
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl vpn src "/var/squid/acl/vpn.acl" #Just A txt FILE WITH NET BLOCKS TO GOOGLE

tcp_outgoing_address VPN_IP vpn #JUST TO SEND SPECIFIED TRAFFIC TO OUTBOUND VPN (US IP)
tcp_outgoing_address 127.0.0.1 !vpn  #SENDS EVERYTHING ELSE TO LOAD BALANCING RULE

#video Cache URL Rewrite
url_rewrite_access deny videocache_deny_url
url_rewrite_access deny videocache_deny_header
url_rewrite_access allow videocache_method videocache_allow_url
url_rewrite_access deny allsrc
url_rewrite_bypass on

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports
http_access deny to_localhost

# Always allow localhost connections
http_access allow localhost

# Allow local network(s) on interface(s)
http_access allow allowed_subnets
http_access allow localnet
# Default block all to be sure
http_access deny allsrc</st> 

craibo

Hi Jacob81286

Could I ask if you could put up the process or link you followed to install video cache?

Thanks

jacob81286

:o I Had Planned On Doing This, I Can't Give You The Software As Its Paid (A Bit Of Google Searching You Can Find It) But I Will Do A Write-up On The Process Give Me A Few Days As It Is A Pain In The Butt Most Guides Are Pretty Outdated.