Unlike Squid 3.0, Squid 3.1 supports IPv6!
Squid 3.3 supports a RFC 6555
Happy eyeballs algorithm inspired way of dealing with broken IPv6 implementations.
AFAIK Debian's version of Squid 3.x is not patched for security bug SQUID-2014:1. AFAIK SSL-Bump is default off, so you should be OK as long as you don't enable this feature.
acl localnet src 192.168.1.0/24 acl localnet src 2001:0db8:1234::/48Or whatever your local networks are.
You may also want to firewall the proxy port.
http_port 8080Put this port in /etc/services if not already there;
squid 3128/tcp # Squid proxyOr;
http-alt 8080/tcp webcache # WWW caching service http-alt 8080/udp # WWW caching service
# Local servers acl loc-serv dst 127.0.0.1 192.168.1.0/24 ::1 2001:0db8:1234::/48 # DSL modem acl adsl dst 10.0.0.138 no_cache deny loc-serv no_cache deny adslEdit to suit your needs.
cache_mem 32 MB
cache_dir ufs /var/spool/squid3 2048 16 256This example sets the size to 2 GB.
You can also use the cache_dir stament to increase the maximum object size;
cache_dir ufs /var/spool/squid3 2048 16 256 max-size=100663296This example sets the maximum object size to 96 MB (96 * 1024 * 1024 bytes)
maximum_object_size 96 MBWith newer versions of Squid you need to set this BEFORE the 'cache_dir' statement!
log_fqdn on
# log_fqdn on; logformat squid %ts.%03tu %6tr %>A %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mtThe default config file has six spaces between 'squid' and '%ts.%03tu'. Change this to one. Otherwise log file processors will get very confused.
ftp_user Squid@Your_Domain
There are patches, but these haven't been applied to Debian yet.
pinger_enable off
url_rewrite_program /Path/Rewrite_Program
The following keeps Debian fresh;
# Keep Debian fresh refresh_pattern ^(ht|f)tp://.*debian.*/Packages\.(bz2|gz|diff/Index)$ 0 0% 0 refresh_pattern ^(ht|f)tp://.*debian.*/Release(\.gpg)?$ 0 0% 0 refresh_pattern ^(ht|f)tp://.*debian.*/Sources\.(bz2|gz|diff/Index)$ 0 0% 0 refresh_pattern ^(ht|f)tp://.*debian.*/Translation-en_GB\.bz2)$ 0 0% 0
connect_timeout 2 seconds
cache_mgr webmaster@Your_Domain
visible_hostname Your_FQDNOr;
visible_hostname Your_Domain
always_direct allow adsl always_direct allow loc-serv
cachemgr_passwd disable allIf you set a password rather then disabling the cache manager, make sure your squid.conf isn't world readable.
uri_whitespace encodeYou could use a redirector to correct other mistakes, such as using back- instead of forward slashes in URLs;
mv errorpage.css errorpage.css.orig cp errorpage.css.orig errorpage.cssNow edit errorpage.css. EG;
background: url('http://www.example.com/images/SN.png') no-repeat left;If you want to use he original image, just download it;
wget http://www.squid-cache.org/Artwork/SN.png
/etc/init.d/squid3 reload
http_proxy:http://some.server.dom:port/ https_proxy:http://some.server.dom:port/ ftp_proxy:http://some.server.dom:port/ gopher_proxy:http://some.server.dom:port/ news_proxy:http://some.server.dom:port/ newspost_proxy:http://some.server.dom:port/ newsreply_proxy:http://some.server.dom:port/ snews_proxy:http://some.server.dom:port/ snewspost_proxy:http://some.server.dom:port/ snewsreply_proxy:http://some.server.dom:port/ nntp_proxy:http://some.server.dom:port/ wais_proxy:http://some.server.dom:port/ finger_proxy:http://some.server.dom:port/ cso_proxy:http://some.server.dom:port/ no_proxy:domain.path1,path2Some software insist on a trailing slash. Others get confused by a trailing slash.
Files where you might want to put enviroment variables are;
/etc/environment /etc/profile Some xdg config files
Have fun with IPv6!