• Примеры настроек
• Советы

nano /etc/squid/getblocklist.sh

#!/bin/bash# git clone https://github.com/zapret-info/z-i.git
curl -s-X GET -L https://raw.githubusercontent.com/zapret-info/z-i/master/dump.csv >/etc/squid/blocklist.csv
URL_LIST=`cat/etc/squid/blocklist.csv | csvtool -t';'col2 - |sed-e'/^[0-9\.]*$/d'-e'/^[0-9\.a-z-]*$/!d'| \
sed-e's/^.*\.\([a-z0-9\-]\{2,63\}\.[a-z0-9\-]\{2,63\}\)$/\1/'|sort|uniq2>/dev/null`;
cat/dev/null >/etc/squid/blocklist.list 2>/dev/null;
for URL in$URL_LIST; doecho$URL|sed-e's/\./\\\./g'-e's/^/^http(s)?:\\\/\\\/([a-zA-Z0-9]+\\.)?/g'-e's/$/.*$/g'>>/etc/squid/blocklist.list 2>/dev/null;
done;
/usr/sbin/squid -k reconfigure

crontab -e

12***/bin/bash/etc/squid/getblocklist.sh

nano /etc/squid/squid.conf

acl localnet src 192.168.0.0/16
acl russia_block_urls url_regex "/etc/squid/blocklist.list"
acl i2p_urls url_regex -i .*://.*\.i2p\/.*
acl onion_urls url_regex -i .*://.*\.onion\/.*
cache_peer 127.0.0.1  parent    44444444  no-digest allow-miss no-query
cache_peer_access 127.0.0.1 allow i2p_urls
cache_peer 192.168.1.131 parent 81188118 no-digest allow-miss no-query
cache_peer_access 192.168.1.131 allow onion_urls
cache_peer_access 192.168.1.131 allow russia_block_urls
never_direct allow onion_urls
never_direct allow i2p_urls
never_direct allow russia_block_urls
never_direct deny localnet
always_direct deny onion_urls
always_direct deny i2p_urls
always_direct deny russia_block_urls
always_direct allow localnet
http_access allow localnet
hosts_file /etc/squid/hosts
acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https
acl Safe_ports port 70# gopher
acl Safe_ports port 210# wais
acl Safe_ports port 1025-65535# unregistered ports
acl Safe_ports port 280# http-mgmt
acl Safe_ports port 488# gss-http
acl Safe_ports port 591# filemaker
acl Safe_ports port 777# multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid
refresh_pattern ^ftp:           144020%10080
refresh_pattern ^gopher:        14400%1440
refresh_pattern -i(/cgi-bin/|\?)00%0
refresh_pattern .               020%4320

$ cat/etc/squid/squid.conf |grep"^[^#;]"

acl redirect url_regex czx.to
http_access deny redirect
deny_info http://video.czx.to redirect