Tweak squid log and add comments
This commit is contained in:
Kevin Fenzi
parent
d2ed477f57
commit
a572a61a1c
1 changed files with 27 additions and 18 deletions
|
|
@ -3,11 +3,10 @@ https_port 443 accel defaultsite=kojipkgs.fedoraproject.org cert=/etc/pki/tls/ce
|
|||
|
||||
cache_peer 127.0.0.1 parent 8080 0 no-query originserver name=kojipkgs
|
||||
hierarchy_stoplist cgi-bin ?
|
||||
acl apache rep_header Server ^Apache
|
||||
|
||||
cache_swap_low 98
|
||||
cache_swap_high 99
|
||||
maximum_object_size 204800 KB
|
||||
maximum_object_size 700000 KB
|
||||
minimum_object_size 0 KB
|
||||
cache_replacement_policy heap LFUDA
|
||||
|
||||
|
|
@ -24,31 +23,41 @@ cache_store_log /var/log/squid/store.log
|
|||
|
||||
refresh_pattern . 1440 100% 10080
|
||||
|
||||
#
|
||||
# Define all our acls here.
|
||||
#
|
||||
acl all src all
|
||||
acl phx2 src 10.5.125.0/24 10.5.127.0/24
|
||||
acl repo_url url_regex ^http://kojipkgs.fedoraproject.org/repo/
|
||||
http_access allow phx2 repo_url
|
||||
http_access deny repo_url
|
||||
acl apache rep_header Server ^Apache
|
||||
acl cachemanager proto cache_object
|
||||
acl localhost src 127.0.0.1/255.255.255.255
|
||||
acl to_localhost dst 127.0.0.0/8
|
||||
acl SSL_ports port 443
|
||||
acl Safe_ports port 80 # http
|
||||
acl Safe_ports port 21 # ftp
|
||||
acl Safe_ports port 443 # https
|
||||
acl Safe_ports port 70 # gopher
|
||||
acl Safe_ports port 210 # wais
|
||||
acl Safe_ports port 1025-65535 # unregistered ports
|
||||
acl Safe_ports port 280 # http-mgmt
|
||||
acl Safe_ports port 488 # gss-http
|
||||
acl Safe_ports port 591 # filemaker
|
||||
acl Safe_ports port 777 # multiling http
|
||||
acl CONNECT method CONNECT
|
||||
acl our_sites dstdomain kojipkgs.fedoraproject.org
|
||||
acl phx2 src 10.5.125.0/24 10.5.127.0/24
|
||||
acl repo_url url_regex ^http://kojipkgs.fedoraproject.org/repo/
|
||||
acl kojipkgs urlpath_regex -i \.(rpm|log|sig)$
|
||||
acl mash urlpath_regex -i ^/mash/
|
||||
|
||||
#
|
||||
# Here is where we use the above acls
|
||||
#
|
||||
|
||||
# Allow phx2 to repos dir and deny everyone else
|
||||
http_access allow phx2 repo_url
|
||||
http_access deny repo_url
|
||||
|
||||
# Only allow cachemanager from localhost
|
||||
http_access allow cachemanager localhost
|
||||
http_access deny cachemanager
|
||||
|
||||
# Do not allow non safe ports or connect on anything but ssl ports
|
||||
http_access deny !Safe_ports
|
||||
http_access deny CONNECT !SSL_ports
|
||||
acl our_sites dstdomain kojipkgs.fedoraproject.org
|
||||
|
||||
# Allow our sites and localhost
|
||||
http_access allow our_sites
|
||||
http_access allow localhost
|
||||
http_access deny all
|
||||
|
|
@ -58,11 +67,11 @@ icp_access allow all
|
|||
cache_peer_access kojipkgs allow our_sites
|
||||
cache_peer_access kojipkgs deny all
|
||||
|
||||
acl kojipkgs urlpath_regex -i \.(rpm|log|sig)$
|
||||
acl mash urlpath_regex -i ^/mash/
|
||||
# Do not cache mash data
|
||||
cache deny mash
|
||||
|
||||
# Do cache all rpms/log/sigs otherwise
|
||||
cache allow kojipkgs
|
||||
cache deny all
|
||||
|
||||
coredump_dir /var/spool/squid
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue