参考1:http://bbs.chinaunix.net/thread-3675190-1-1.html
参考2:http://www.haiyun.me/archives/openwrt-squid-proxy-cache.html
配置文件
visible_hostname proxy.www #主机名
cache_mgr 139@139.com #管理员邮箱
http_port 3128 transparent #监听端口3128,透明代理
icp_port 0 #单机模式
dns_nameservers 192.168.1.1 #DNS
#cache_effective_user squid #运行用户
#cache_effective_group squid #运行用户组
pid_filename /tmp/squid.pid #pid文件
error_directory /usr/share/squid/errors/English #错误提示文件
emulate_httpd_log on #开启httpd日记格式
#logformat log %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %
cache_access_log /mnt/log/access.log #日记路径
cache_log none #无cache日记
cache_store_log none #无store日记
cache_dir ufs /mnt/cache/ 2048 16 256 #硬盘缓存2G,一级目录16,二级目录256
cache_mem 16 MB #内存缓存16M
cache_swap_low 90
cache_swap_high 95
minimum_object_size 0 KB #最小缓存不限制
maximum_object_size 4096 KB #最大缓存4M
cache_vary on #开启vary缓存
connect_timeout 1 minute #连接超时1分
request_timeout 1 minutes #请求超时1分
acl QUERY urlpath_regex -i cgi-bin \?
cache deny QUERY #不缓存cgin-bin
acl bt url_regex -i ^http://.*\.torrent$
http_access deny bt #禁止下载torrent
acl files urlpath_regex -i "https://cdcn.caohuan.com/etc/squid/files.txt" #过滤下载文件后缀
acl sites dstdom_regex "https://cdcn.caohuan.com/etc/squid/sites.txt" #过滤特定网址
acl keys url_regex -i "https://cdcn.caohuan.com/etc/squid/keys.txt" #过滤特定关键词
acl nocache_sites dstdom_regex "https://cdcn.caohuan.com/etc/squid/nocache_sites.txt" #指定不缓存网址
acl nocache_files urlpath_regex -i "https://cdcn.caohuan.com/etc/squid/nocache_files.txt" #指定不缓存文件后缀
http_access deny files
http_access deny sites
http_access deny keys
cache deny nocache_sites
cache deny nocache_files
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.1.0/255.255.255.0
acl SSL_ports port 443 563 10000
acl Safe_ports port 80 21 443 56370 210 1025-65535 280 488 591
http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access deny all
#acl apache rep_header Server ^Apache
broken_vary_encoding allow all #开启压缩
header_access X-Forwarded-For deny all #禁止 X-Forwarded头
header_access HTTP_VIA deny all #禁止HTTP_VIA
header_access Via deny all #禁止Via头
refresh_pattern -i \.css$ 1440 50% 129600 reload-into-ims
refresh_pattern -i \.xml$ 1440 50% 129600 reload-into-ims
refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims
refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.exe$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.rar$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.zip$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.gz$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.bz2$ 1440 50% 2880 ignore-reload
refresh_pattern -i \.7z$ 1440 50% 2880 ignore-reload
squid相关指令:
squid -k reconfigure #重置
squid -k parse #检测配置文件
squid -k shutdown #关闭
squid -k rotate #分割日记
Openwrt下安装squid后无init脚本,管理不方便,自己简单写了个。
#/bin/bash
START=70
stop() {
squid -k shutdown
}
start() {
squid
}
restart() {
killall -9 squid
squid -k reconfigure
}
check() {
squid -k parse
}
iptables配置:
opkg install iptables-mod-nat-extra
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j REDIRECT --to-ports 3128
