Project

General

Profile

basic.conf

basic.conf - Mike McCune, 08/03/2015 10:54 AM

 
1

    
2
# Recommended minimum configuration:
3
#
4
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
5
auth_param basic children 5
6
auth_param basic realm Squid proxy-caching web server
7
auth_param basic credentialsttl 2 hours
8
auth_param basic casesensitive off
9

    
10
acl manager proto cache_object
11
acl localhost src 127.0.0.1/32 ::1
12
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
13

    
14
# Example rule allowing access from your local networks.
15
# Adapt to list your (internal) IP networks from where browsing
16
# should be allowed
17
acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
18
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
19
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
20
acl localnet src fc00::/7       # RFC 4193 local private network range
21
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
22

    
23
acl SSL_ports port 443
24
acl Safe_ports port 80		# http
25
acl Safe_ports port 21		# ftp
26
acl Safe_ports port 443		# https
27
acl Safe_ports port 70		# gopher
28
acl Safe_ports port 210		# wais
29
acl Safe_ports port 1025-65535	# unregistered ports
30
acl Safe_ports port 280		# http-mgmt
31
acl Safe_ports port 488		# gss-http
32
acl Safe_ports port 591		# filemaker
33
acl Safe_ports port 777		# multiling http
34
acl CONNECT method CONNECT
35

    
36
#
37
# Recommended minimum Access Permission configuration:
38
#
39
# Only allow cachemgr access from localhost
40
http_access allow manager localhost
41
http_access deny manager
42

    
43
# Deny requests to certain unsafe ports
44
http_access deny !Safe_ports
45

    
46
# Deny CONNECT to other than secure SSL ports
47
http_access deny CONNECT !SSL_ports
48

    
49
# We strongly recommend the following be uncommented to protect innocent
50
# web applications running on the proxy server who think the only
51
# one who can access services on "localhost" is a local user
52
#http_access deny to_localhost
53

    
54
#
55
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
56
#
57

    
58
# Example rule allowing access from your local networks.
59
# Adapt localnet in the ACL section to list your (internal) IP networks
60
# from where browsing should be allowed
61
#http_access allow localnet
62
#http_access allow localhost
63

    
64
acl valid_users proxy_auth REQUIRED
65
http_access allow valid_users
66

    
67

    
68
# And finally deny all other access to this proxy
69
http_access deny all
70

    
71
# Squid normally listens to port 3128
72
http_port 8888
73

    
74
# We recommend you to use at least the following line.
75
hierarchy_stoplist cgi-bin ?
76

    
77
# Uncomment and adjust the following to add a disk cache directory.
78
#cache_dir ufs /var/spool/squid 100 16 256
79

    
80
# Leave coredumps in the first cache dir
81
coredump_dir /var/spool/squid
82

    
83
# Add any of your own refresh_pattern entries above these.
84
refresh_pattern ^ftp:		1440	20%	10080
85
refresh_pattern ^gopher:	1440	0%	1440
86
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
87
refresh_pattern .		0	20%	4320
88

    
89
# sslproxy_version 999
90
# ssloptions NO_SSLv2,NO_SSLv3,SINGLE_DH_USE 
91
# cache_peer 10.1.1.100 parent 443 0 no-query originserver ssl sslversion=4 ssloptions=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE sslcipher=HIGH sslcafile=/etc/squid/cacert.crt name=https_proxy.example.com
92

    
93

    
94

    
95
# https_port 10.8.29.52:443 accel vhost options=NO_SSLv2,SINGLE_DH_USE cipher=HIGH
96
# https_port 443 options=NO_SSLv3,NO_TLSv1,SINGLE_DH_USE 
97

    
98
sslproxy_version 2
99
sslproxy_options NO_TLSv1,NO_SSLv3