[CentOS] Squid on CentOS 7: few questions

Fri, 06 Mar 2015 10:30:55 -0800 

Hi,
I recently migrated my office's server from Slackware64 14.1 to CentOS 7. Right now I'm in the process of configuring the Squid web proxy. I edited the default /etc/squid/squid.conf, and here's what I have so far: 

--8<--------------------------------------------------
# /etc/squid/squid.conf

# Nom d'hôte du serveur Squid
visible_hostname amandine.microlinux.lan

# Définitions
acl localnet src 192.168.2.0/24 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

# Règles d'accès
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet

# Port du proxy
http_port 3128

# Taille du cache dans la RAM
cache_mem 256 MB

# Vidage système
coredump_dir /var/spool/squid

# Durée de vie des fichiers sans date d'expiration
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0
--8<--------------------------------------------------


The proxy is working as expected. I have a few questions for fine-tuning 
though.



1. Squid's main logs are stored in /var/log/squid/access.log. I'd like 
to setup logfile rotation for that, since it can become quite big. How 
do you handle this? With Squid's intern 'logfile_rotate' directive or 
with logrotate? What I'd like to do is rotate this logfile about once a 
week.



2. Which user is Squid supposed to run as under CentOS? On my Slackware 
server I had the following:


cache_effective_user nobody
cache_effective_group nobody

What's an orthodox setting for CentOS?


3. The access rules are a bit minimal. Do they seem OK to you for a LAN? 
Any suggestions?


Cheers,

Niki

--
Microlinux - Solutions informatiques 100% Linux et logiciels libres
7, place de l'église - 30730 Montpezat
Web  : http://www.microlinux.fr
Mail : i...@microlinux.fr
Tél. : 04 66 63 10 32
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos






















					Reply via email to