I need some help on my new squid setup. Unfortunetly, I have just been handed a box and told to move our proxy server on to it. Currently, we are running squid-2.4-stable7. The machine also runs dansguardian for filtering, apache (for serving up blocked pages page from dansguardian), and adzapper. The current machine is running RH 7.1, but the new machine is planned to have Gentoo linux installed on it from stage 1.
Anyway, as you can see, the new machine is a huge jump up so I could use some help making the configuration and system layout jump.
Thanks,
Chris
Here are the specs:
Dell PowerEdge 2650
2 Xeon 2.6 GHz 512K Cache
2 GB Mem (4/512 Megs)
Split Plane SCSI Controller (RAID 1/RAID 5)
2 x 18GB 15K Drives (RAID 1)
3 x 73GB 10K Drives (RAID 5)
Dual on board 100Mb NICs
Currently squid is running on an IBM X Series 220 with this config:
1 1.13 PIII processor
1 GB mem
2 33.6 GB drives (raid 1)
Here is my current squid.conf:
cache_mem 100 MB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /usr/local/squid/cache/1 20000 6 256
debug_options ALL,2
authenticate_program /usr/local/squid/libexec/squid/pam_auth
authenticate_children 5
authenticate_ttl 1 hour
authenticate_ip_ttl 1 hour
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# quick abort:
# always finish if less than 10k
# finish if more than 50%
# always abort if more than 1024k
quick_abort_min 20 kb
quick_abort_pct 50%
quick_abort_max 1024 kb
acl all src 0.0.0.0/0.0.0.0
icp_access allow all
miss_access allow all
proxy_auth_realm abc company Internet Proxy
cache_effective_user squid
cache_effective_group squid
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl INTRANET dstdomain .abc_company.com
acl EXTRANET dstdomain www.selfhelpdesk.com .3ecompany.com .placeware.com .getms
ds.com .3etrainer.com .airborne.com windowsupdate.microsoft.com .cleanharbors.co
m cleanharbors.webex.com .hwin.ca liveupdate.symantec.com staples.com stapleslin
k.com safety-kleen.outstart.com .shockwave.com .macromedia.com .peopleanswers.c
om .collegeboundfund.com .abc_companycustomers.com .ac-rerefined.com .uhc.com .
vsp.com .southcarolinablues.com .hrd-rps.com .epa.gov .dot.gov .fema.gov .osha.g
ov .cdc.gov .doe.gov .nrt.gov .nih.gov .osha-slc.gov .energy.gov .hdr-rps.com .c
ch.com .labworks.com travel.americanexpress.com .brandfuel.com
acl LOCALUSERS proxy_auth REQUIRED
acl TROUBLE dstdomain .monster.com proxy_auth REQUIRED
acl TROUBLE2 dstdomain .certification.net
acl PURGE method PURGE
acl localhost src 127.0.0.1
http_access allow PURGE localhost
http_access deny PURGE
no_cache deny TROUBLE
no_cache deny TROUBLE2
no_cache deny INTRANET
always_direct deny all
http_access allow INTRANET
http_access allow EXTRANET
http_access allow TROUBLE2
http_access allow TROUBLE
http_access allow LOCALUSERS
http_access deny all
redirect_program /usr/local/adzap/scripts/squid_redirect
Received on Mon Apr 28 2003 - 09:26:55 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:33 MST