Configure our squid.conf file (located under /opt/squid/etc/squid.conf):
#squid.conf
…
#The ports our Squid will listen on.
http_port 8080
icp_port 3130
…
acl QUERY urlpath_regex cgi−bin \?
no_cache deny QUERY
#Memory the Squid will use. Well, Squid will use far more than that.
cache_mem 16 MB
#250 means that Squid will use 250 megabytes of disk space.
cache_dir ufs /cache 250 16 256
#Places where Squid’s logs will go to.
cache_log /var/log/squid/cache.log
cache_access_log /var/log/squid/access.log
cache_store_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log
#How many times to rotate the logs before deleting them.
#See the FAQ for more info.
logfile_rotate 10
redirect_rewrites_host_header off
cache_replacement_policy GDSF
acl localnet src 192.168.1.0/255.255.255.0
acl localhost src 127.0.0.1/255.255.255.255
acl Safe_ports port 80 443 210 119 70 20 21 1025−65535
acl CONNECT method CONNECT
acl all src 0.0.0.0/0.0.0.0
http_access allow localnet
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT
http_access deny all
maximum_object_size 3000 KB
store_avg_object_size 50 KB
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#all our LAN users will be seen by external web servers
#as if they all used Mozilla on Linux. 
anonymize_headers deny User−Agent
fake_user_agent Mozilla/5.0 (X11; U; Linux i686; en−US; rv:0.9.6+) Gecko/20011122
…
cache_mgr your@email
cachemgr_passwd secret_password all
#This is a name of a user our Squid will work as.
cache_effective_user squid
cache_effective_group squid
log_icp_queries off
buffered_logs on
#####DELAY POOLS
#This is the most important part for shaping incoming traffic with Squid
#For detailed description see squid.conf file or docs at http://www.squid−cache.org
#We don’t want to limit downloads on our local network.
acl magic_words1 url_regex −i 192.168
#We want to limit downloads of these type of files
#Put this all in one line
acl magic_words2 url_regex −i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpe .ram .rm .iso .raw .wav .mov
#We don’t block .html, .gif, .jpg and similar files, because they
#generally don’t consume much bandwidth
#We want to limit bandwidth during the day, and allow
#full bandwidth during the night
#Caution! with the acl below your downloads are likely to break
#at 23:59. Read the FAQ in this bandwidth if you want to avoid it.
acl day time 09:00−23:59
#We have two different delay_pools
#View Squid documentation to get familiar
#with delay_pools and delay_class.
delay_pools 2
#First delay pool
#We don’t want to delay our local traffic.
#There are three pool classes; here we will deal only with the second.
#First delay class (1) of second type (2).
delay_class 1 2
#−1/−1 mean that there are no limits.
delay_parameters 1 −1/−1 −1/−1
#magic_words1: 192.168 we have set before
delay_access 1 allow magic_words1
#Second delay pool.
#we want to delay downloading files mentioned in magic_words2.
#Second delay class (2) of second type (2).
delay_class 2 2
#The numbers here are values in bytes;
#we must remember that Squid doesn’t consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s
delay_parameters 2 5000/150000 5000/120000
#We have set day to 09:00−23:59 before.
delay_access 2 allow day
delay_access 2 deny !day
delay_access 2 allow magic_words2
#EOF
Tags: bandwidth, bandwidth limiting, limiting bandwidth, iptables, ipchains, squid, squid proxy, proxy server, limiting proxy, proxy limiting, squid pool
