Public domain
cd /usr/src
wget http://www.squid-cache.org/Versions/v2/2.7/squid-2.7.STABLE6.tar.gz
tar zxf squid-2.7.STABLE6.tar.gz
cd squid-2.7.STABLE6
ulimit -HSn 8192
./configure \
--disable-internal-dns \
--enable-forward-log \
--enable-follow-x-forwarded-for \
--enable-snmp \
--enable-linux-netfilter \
--enable-http-violations \
--enable-delay-pools \
--enable-storeio=diskd,aufs,ufs,coss \
--with-coss-membuf-size=8388608 \
--with-large-files \
--enable-large-cache-files \
--with-maxfd=8192 \
--enable-async-io=64 \
--enable-removal-policies=lru,heap \
--enable-useragent-log \
--enable-referer-log \
--enable-err-languages=English \
--enable-default-err-language=English
make && make install
cp /usr/local/squid/etc/squid.conf{,.bak}
egrep -v '^#|^ *$' /usr/local/squid/etc/squid.conf.bak > /usr/local/squid/etc/squid.conf
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.0.0/24 172.16.0.0/24
http_access allow our_networks
http_access allow localhost
http_access deny all
icp_access deny all
follow_x_forwarded_for allow localhost
follow_x_forwarded_for deny all
http_port 3128 transparent
cache_mem 1536 MB
maximum_object_size_in_memory 64 KB
hierarchy_stoplist cgi-bin ? dll aspx
cache_replacement_policy heap LFUDA
cache_dir aufs /cache/1 4096 16 256 max-size=262144
cache_dir aufs /cache/2 8192 16 256 max-size=524288
cache_dir aufs /cache/3 16384 16 256 max-size=2097152
cache_dir aufs /cache/4 32767 16 256
maximum_object_size 104857 KB
cache_swap_high 100
cache_swap_low 95
access_log /usr/local/squid/var/logs/access.log squid
logfile_rotate 1
refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://download\.macromedia\.com/ 0 80% 20160 reload-into-ims
refresh_pattern ftp://ftp\.nai\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://ftp\.software\.ibm\.com/ 0 80% 20160 reload-into-ims
refresh_pattern cgi-bin 1 20% 2
refresh_pattern \.asp$ 1 20% 2
refresh_pattern \.acgi$ 1 20% 2
refresh_pattern \.cgi$ 1 20% 2
refresh_pattern \.pl$ 1 20% 2
refresh_pattern \.shtml$ 1 20% 2
refresh_pattern \.php3$ 1 20% 2
refresh_pattern \? 1 20% 2
refresh_pattern \.gif$ 10080 90% 43200 reload-into-ims
refresh_pattern \.jpg$ 10080 90% 43200 reload-into-ims
refresh_pattern \.bom\.gov\.au 30 20% 120 reload-into-ims
refresh_pattern \.html$ 480 50% 22160 reload-into-ims
refresh_pattern \.htm$ 480 50% 22160 reload-into-ims
refresh_pattern \.class$ 10080 90% 43200 reload-into-ims
refresh_pattern \.zip$ 10080 90% 43200 reload-into-ims
refresh_pattern \.jpeg$ 10080 90% 43200 reload-into-ims
refresh_pattern \.mid$ 10080 90% 43200 reload-into-ims
refresh_pattern \.shtml$ 480 50% 22160 reload-into-ims
refresh_pattern \.exe$ 10080 90% 43200 reload-into-ims
refresh_pattern \.thm$ 10080 90% 43200 reload-into-ims
refresh_pattern \.wav$ 10080 90% 43200 reload-into-ims
refresh_pattern \.txt$ 10080 90% 43200 reload-into-ims
refresh_pattern \.cab$ 10080 90% 43200 reload-into-ims
refresh_pattern \.au$ 10080 90% 43200 reload-into-ims
refresh_pattern \.mov$ 10080 90% 43200 reload-into-ims
refresh_pattern \.xbm$ 10080 90% 43200 reload-into-ims
refresh_pattern \.ram$ 10080 90% 43200 reload-into-ims
refresh_pattern \.avi$ 10080 90% 43200 reload-into-ims
refresh_pattern \.chtml$ 480 50% 22160 reload-into-ims
refresh_pattern \.thb$ 10080 90% 43200 reload-into-ims
refresh_pattern \.dcr$ 10080 90% 43200 reload-into-ims
refresh_pattern \.bmp$ 10080 90% 43200 reload-into-ims
refresh_pattern \.phtml$ 480 50% 22160 reload-into-ims
refresh_pattern \.mpg$ 10080 90% 43200 reload-into-ims
refresh_pattern \.pdf$ 10080 90% 43200 reload-into-ims
refresh_pattern \.art$ 10080 90% 43200 reload-into-ims
refresh_pattern \.swf$ 10080 90% 43200 reload-into-ims
refresh_pattern \.mp3$ 10080 90% 43200 reload-into-ims
refresh_pattern \.ra$ 10080 90% 43200 reload-into-ims
refresh_pattern \.spl$ 10080 90% 43200 reload-into-ims
refresh_pattern \.viv$ 10080 90% 43200 reload-into-ims
refresh_pattern \.doc$ 10080 90% 43200 reload-into-ims
refresh_pattern \.gz$ 10080 90% 43200 reload-into-ims
refresh_pattern \.Z$ 10080 90% 43200 reload-into-ims
refresh_pattern \.tgz$ 10080 90% 43200 reload-into-ims
refresh_pattern \.tar$ 10080 90% 43200 reload-into-ims
refresh_pattern \.vrm$ 10080 90% 43200 reload-into-ims
refresh_pattern \.vrml$ 10080 90% 43200 reload-into-ims
refresh_pattern \.aif$ 10080 90% 43200 reload-into-ims
refresh_pattern \.aifc$ 10080 90% 43200 reload-into-ims
refresh_pattern \.aiff$ 10080 90% 43200 reload-into-ims
refresh_pattern \.arj$ 10080 90% 43200 reload-into-ims
refresh_pattern \.c$ 10080 90% 43200 reload-into-ims
refresh_pattern \.cpt$ 10080 90% 43200 reload-into-ims
refresh_pattern \.dir$ 10080 90% 43200 reload-into-ims
refresh_pattern \.dxr$ 10080 90% 43200 reload-into-ims
refresh_pattern \.hqx$ 10080 90% 43200 reload-into-ims
refresh_pattern \.jpe$ 10080 90% 43200 reload-into-ims
refresh_pattern \.lha$ 10080 90% 43200 reload-into-ims
refresh_pattern \.lzh$ 10080 90% 43200 reload-into-ims
refresh_pattern \.midi$ 10080 90% 43200 reload-into-ims
refresh_pattern \.movie$ 10080 90% 43200 reload-into-ims
refresh_pattern \.mp2$ 10080 90% 43200 reload-into-ims
refresh_pattern \.mpe$ 10080 90% 43200 reload-into-ims
refresh_pattern \.mpeg$ 10080 90% 43200 reload-into-ims
refresh_pattern \.mpga$ 10080 90% 43200 reload-into-ims
refresh_pattern \.pl$ 10080 90% 43200 reload-into-ims
refresh_pattern \.ppt$ 10080 90% 43200 reload-into-ims
refresh_pattern \.ps$ 10080 90% 43200 reload-into-ims
refresh_pattern \.qt$ 10080 90% 43200 reload-into-ims
refresh_pattern \.qtm$ 10080 90% 43200 reload-into-ims
refresh_pattern \.ras$ 10080 90% 43200 reload-into-ims
refresh_pattern \.sea$ 10080 90% 43200 reload-into-ims
refresh_pattern \.sit$ 10080 90% 43200 reload-into-ims
refresh_pattern \.tif$ 10080 90% 43200 reload-into-ims
refresh_pattern \.tiff$ 10080 90% 43200 reload-into-ims
refresh_pattern \.snd$ 10080 90% 43200 reload-into-ims
refresh_pattern \.wrl$ 10080 90% 43200 reload-into-ims
refresh_pattern ^ftp: 1440 60% 22160
refresh_pattern ^gopher: 1440 20% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 480 50% 22160 reload-into-ims
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
quick_abort_min 32 KB
quick_abort_max 32 KB
quick_abort_pct 95
dns_children 10
negative_ttl 3 minutes
positive_dns_ttl 15 hours
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mgr Pejman_Moghadam@yahoo.com
visible_hostname CacheServer
httpd_accel_no_pmtu_disc on
acl solar_ip src 172.16.0.4
acl snmppublic snmp_community casy
snmp_access allow snmppublic solar_ip
snmp_access deny all
coredump_dir /usr/local/squid/var/cache
pipeline_prefetch on
wccp2_router 192.168.0.4
wccp_version 4
wccp2_forwarding_method 1
wccp2_return_method 1
wccp2_service standard 0
#!/bin/sh
#
# /etc/rc.d/rc.squid
#
# Start/stop/restart the Squid web caching server.
#
# To make Squid start automatically at boot, make this
# file executable: chmod 755 /etc/rc.d/rc.squid
#
start()
{
echo -n 'Starting Squid . . . '
PROCESS=$(ps -A | egrep ' squid$')
if [ "$PROCESS" == "" ]; then
if [ -f /usr/local/squid/var/logs/squid.pid ] ; then
rm /usr/local/squid/var/logs/squid.pid
fi
fi
echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
ulimit -HSn 8192
/usr/local/squid/sbin/squid -D
echo "Ok"
}
stop()
{
echo 'Stoping Squid'
/usr/local/squid/sbin/squid -k shutdown
time=0
while [ $time != "300" ] ; do
time=`expr $time + 1`
echo -n $time
if [ ! -f /usr/local/squid/var/logs/squid.pid ] ; then
break
else
echo -n "."
fi
sleep 1
done
echo ". .Ok"
}
reload()
{
echo 'Reloading Squid'
/usr/local/squid/sbin/squid -k reconfigure
echo "Ok"
}
case "$1" in
'start')
start
;;
'stop')
stop
;;
'restart')
stop
start
;;
'rotate')
echo -n 'Rotating Squid log files . . . '
/usr/local/squid/sbin/squid -k rotate
echo "Ok"
;;
'reload')
reload
;;
*)
echo "usage $0 start|stop|restart|reload|rotate"
;;
esac
exit 0
# Load NAT and GRE Modules
for MOD in $(/usr/bin/find /lib/modules/$(uname -r)/kernel/net -name "*nat*"); do
/sbin/modprobe $(/usr/bin/basename $MOD .ko)
done
for MOD in $(/usr/bin/find /lib/modules/$(uname -r)/kernel/net -name "*_gre.ko"); do
/sbin/modprobe $(/usr/bin/basename $MOD .ko)
done
# Make GRE Tunnel between cache and router
ROUTER=192.168.0.129
CACHE=192.168.0.131
ip link set eth0 mtu 1476
ip tunnel add wccp0 mode gre remote $ROUTER local $CACHE dev eth0
ip addr add $CACHE dev wccp0
ip link set wccp0 up
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
# Start Squid Cache Server;
if [ -x /etc/rc.d/rc.squid ]; then
/etc/rc.d/rc.squid start
fi
# take down tunnel
/usr/sbin/ip link set wccp0
/usr/sbin/ip tunnel del wccp0
# Stop Squid Cache Server:
if [ -x /etc/rc.d/rc.squid ]; then
/etc/rc.d/rc.squid stop
fi
/usr/local/squid/var/logs/access.log {
daily
rotate 10
start 1
copytruncate
compress
compresscmd /usr/bin/bzip2
compressext .bz2
compressoptions -sq9
dateext
notifempty
missingok
}
/usr/local/squid/var/logs/cache.log {
daily
rotate 10
start 1
copytruncate
compress
compresscmd /usr/bin/bzip2
compressext .bz2
compressoptions -sq9
dateext
notifempty
missingok
}
/usr/local/squid/var/logs/store.log {
daily
rotate 10
start 1
copytruncate
compress
compresscmd /usr/bin/bzip2
compressext .bz2
compressoptions -sq9
dateext
notifempty
missingok
postrotate
/usr/local/squid/sbin/squid -k rotate
endscript
}
mkdir /usr/local/squid/var/cache
mkdir -p /cache/{1,2,3,4}
chown -R nobody:nobody /cache
chown -R nobody:nobody /usr/local/squid/var/logs
chmod +x /etc/rc.d/rc.local_shutdown
chmod +x /etc/rc.d/rc.squid
/usr/local/squid/sbin/squid -z
/etc/rc.d/rc.squid start
Building configuration...
Current configuration : 1620 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Aliabad-GW
!
aaa new-model
aaa authentication login default local
enable secret 5 ******************************
!
username admin password 7 ********************
ip subnet-zero
ip wccp web-cache
ip cef
!
!
no ip domain-lookup
ip name-server 192.9.9.3
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.4 255.255.255.0
ip wccp web-cache redirect in
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip unnumbered FastEthernet0/0
ip nat outside
!
ip nat translation tcp-timeout 200
ip nat translation udp-timeout 180
ip nat translation syn-timeout 180
ip nat pool par 192.168.0.184 192.168.0.191 prefix-length 29
ip nat inside source list 10 pool par overload
ip nat inside source static tcp 172.16.0.27 80 1.2.3.4 80 extendable
ip nat inside source static tcp 192.168.13.2 22 10.20.30.40 22 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 172.16.0.0 255.255.240.0 192.168.13.2
ip route 192.168.14.0 255.255.255.248 192.168.13.2
no ip http server
ip pim bidir-enable
!
access-list 4 permit 172.16.0.4
access-list 10 permit 172.16.0.3
access-list 10 permit 172.16.8.0 0.0.0.255
access-list 10 permit 172.16.9.0 0.0.0.255
access-list 10 permit 172.16.10.0 0.0.0.255
access-list 10 permit 192.168.13.0 0.0.0.7
access-list 20 deny 192.168.0.4
access-list 20 permit any
snmp-server community ********* RO 4
!
line con 0
line aux 0
line vty 0 4
!
end
BY: Pejman Moghadam
TAG: squid, wccp, cisco2610
DATE: 2009-05-06 17:34:32