参考1:http://bbs.chinaunix.net/thread-3675190-1-1.html
参考2:http://www.haiyun.me/archives/openwrt-squid-proxy-cache.html
配置文件
visible_hostname proxy.www #主机名 cache_mgr 139@139.com #管理员邮箱 http_port 3128 transparent #监听端口3128,透明代理 icp_port 0 #单机模式 dns_nameservers 192.168.1.1 #DNS #cache_effective_user squid #运行用户 #cache_effective_group squid #运行用户组 pid_filename /tmp/squid.pid #pid文件 error_directory /usr/share/squid/errors/English #错误提示文件 emulate_httpd_log on #开启httpd日记格式 #logformat log %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %h" "%{User-Agent}>h" %Ss:%Sh #自定义日记模式 cache_access_log /mnt/log/access.log #日记路径 cache_log none #无cache日记 cache_store_log none #无store日记 cache_dir ufs /mnt/cache/ 2048 16 256 #硬盘缓存2G,一级目录16,二级目录256 cache_mem 16 MB #内存缓存16M cache_swap_low 90 cache_swap_high 95 minimum_object_size 0 KB #最小缓存不限制 maximum_object_size 4096 KB #最大缓存4M cache_vary on #开启vary缓存 connect_timeout 1 minute #连接超时1分 request_timeout 1 minutes #请求超时1分 acl QUERY urlpath_regex -i cgi-bin \? cache deny QUERY #不缓存cgin-bin acl bt url_regex -i ^http://.*\.torrent$ http_access deny bt #禁止下载torrent acl files urlpath_regex -i "/etc/squid/files.txt" #过滤下载文件后缀 acl sites dstdom_regex "/etc/squid/sites.txt" #过滤特定网址 acl keys url_regex -i "/etc/squid/keys.txt" #过滤特定关键词 acl nocache_sites dstdom_regex "/etc/squid/nocache_sites.txt" #指定不缓存网址 acl nocache_files urlpath_regex -i "/etc/squid/nocache_files.txt" #指定不缓存文件后缀 http_access deny files http_access deny sites http_access deny keys cache deny nocache_sites cache deny nocache_files acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl localnet src 192.168.1.0/255.255.255.0 acl SSL_ports port 443 563 10000 acl Safe_ports port 80 21 443 56370 210 1025-65535 280 488 591 http_access allow manager localhost http_access deny manager http_access allow localnet http_access deny all #acl apache rep_header Server ^Apache broken_vary_encoding allow all #开启压缩 header_access X-Forwarded-For deny all #禁止 X-Forwarded头 header_access HTTP_VIA deny all #禁止HTTP_VIA header_access Via deny all #禁止Via头 refresh_pattern -i \.css$ 1440 50% 129600 reload-into-ims refresh_pattern -i \.xml$ 1440 50% 129600 reload-into-ims refresh_pattern -i \.htm$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.html$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.shtml$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.png$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.jpg$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.jpeg$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.gif$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.bmp$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.js$ 1440 90% 129600 reload-into-ims refresh_pattern -i \.mp3$ 1440 50% 2880 ignore-reload refresh_pattern -i \.wmv$ 1440 50% 2880 ignore-reload refresh_pattern -i \.rm$ 1440 50% 2880 ignore-reload refresh_pattern -i \.swf$ 1440 50% 2880 ignore-reload refresh_pattern -i \.mpeg$ 1440 50% 2880 ignore-reload refresh_pattern -i \.wma$ 1440 50% 2880 ignore-reload refresh_pattern -i \.exe$ 1440 50% 2880 ignore-reload refresh_pattern -i \.rar$ 1440 50% 2880 ignore-reload refresh_pattern -i \.zip$ 1440 50% 2880 ignore-reload refresh_pattern -i \.gz$ 1440 50% 2880 ignore-reload refresh_pattern -i \.bz2$ 1440 50% 2880 ignore-reload refresh_pattern -i \.7z$ 1440 50% 2880 ignore-reload
squid相关指令:
squid -k reconfigure #重置 squid -k parse #检测配置文件 squid -k shutdown #关闭 squid -k rotate #分割日记
Openwrt下安装squid后无init脚本,管理不方便,自己简单写了个。
#/bin/bash
START=70
stop() {
squid -k shutdown
}
start() {
squid
}
restart() {
killall -9 squid
squid -k reconfigure
}
check() {
squid -k parse
}
iptables配置:
opkg install iptables-mod-nat-extra iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 80 -j REDIRECT --to-ports 3128
声明:本站所有文章,如无特殊说明或标注,均为本站原创发布。任何个人或组织,在未征得本站同意时,禁止复制、盗用、采集、发布本站内容到任何网站、书籍等各类媒体平台。如若本站内容侵犯了原著者的合法权益,可联系我们进行处理。
