squid.conf中过滤“关键字”及“DOMAIN”

在FreeBSD上安装完squid,squid.conf中添加如下条目可以过滤一些“关键字”和“DOMAIN”:

http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 128 MB
cache_dir ufs /usr/local/squid/cache 1024 16 256
access_log /dev/null
cache_log /dev/null
cache_store_log none
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl web src 172.16.1.0/24 172.16.2.0/24 172.16.3.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#deny bbs
acl bbs url_regex -i bbs //过滤URL中出现"bbs"关键字
http_access deny bbs

#deny baidu post
acl baidupost dstdom_regex post.baidu.com //过滤post.baiud.com域名
acl baidupost2 dstdomain post.baidu.com //过滤post.baiud.com域名
http_access deny baidupost
http_access deny baidupost2

#deny qq
acl qq1 dstdom_regex tencent.com //过滤*.tencent.com域名
acl qq2 dstdom_regex qq.com //过滤*.qq.com域名
acl qq3 url_regex -i qq //过滤URL中出现"qq"的关键字
acl qq4 url_regex -i tencent //过滤URL中出现"tencent"的关键字
acl qq5 dstdomain qq.com //过滤*.qq.com域名
acl qq6 dstdomain tencent.com //过滤*.tencent.com域名
acl qqip dst "/usr/local/squid/etc/qq_ip"

http_access deny qq1
http_access deny qq2
http_access deny qq3
http_access deny qq4
http_access deny qq5
http_access deny qq6
http_access deny qqip

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow web
http_access deny all

visible_hostname proxy5.jscpu.com
cache_mgr admin@jscpu.com
cache_effective_user squid
cache_effective_group squid
icp_access allow all

Leave a Reply