Project

General

Profile

basic_el7.conf

el7 squid config - Justin Sherrill, 02/12/2019 03:49 PM

 
1
# Recommended minimum configuration:
2
#
3
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd
4
auth_param basic children 5
5
auth_param basic realm Squid proxy-caching web server
6
auth_param basic credentialsttl 2 hours
7
auth_param basic casesensitive off
8

    
9
acl manager proto cache_object
10
acl localhost src 127.0.0.1/32 ::1
11
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
12

    
13
# Example rule allowing access from your local networks.
14
# Adapt to list your (internal) IP networks from where browsing
15
# should be allowed
16
acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
17
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
18
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
19
acl localnet src fc00::/7       # RFC 4193 local private network range
20
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
21

    
22
acl SSL_ports port 443
23
acl Safe_ports port 80		# http
24
acl Safe_ports port 21		# ftp
25
acl Safe_ports port 443		# https
26
acl Safe_ports port 70		# gopher
27
acl Safe_ports port 210		# wais
28
acl Safe_ports port 1025-65535	# unregistered ports
29
acl Safe_ports port 280		# http-mgmt
30
acl Safe_ports port 488		# gss-http
31
acl Safe_ports port 591		# filemaker
32
acl Safe_ports port 777		# multiling http
33
acl CONNECT method CONNECT
34

    
35
#
36
# Recommended minimum Access Permission configuration:
37
#
38
# Only allow cachemgr access from localhost
39
http_access allow manager localhost
40
http_access deny manager
41

    
42
# Deny requests to certain unsafe ports
43
http_access deny !Safe_ports
44

    
45
# Deny CONNECT to other than secure SSL ports
46
http_access deny CONNECT !SSL_ports
47

    
48
# We strongly recommend the following be uncommented to protect innocent
49
# web applications running on the proxy server who think the only
50
# one who can access services on "localhost" is a local user
51
#http_access deny to_localhost
52

    
53
#
54
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
55
#
56

    
57
# Example rule allowing access from your local networks.
58
# Adapt localnet in the ACL section to list your (internal) IP networks
59
# from where browsing should be allowed
60
#http_access allow localnet
61
#http_access allow localhost
62

    
63
acl valid_users proxy_auth REQUIRED
64
http_access allow valid_users
65

    
66

    
67
# And finally deny all other access to this proxy
68
http_access deny all
69

    
70
# Squid normally listens to port 3128
71
http_port 8888
72

    
73
# We recommend you to use at least the following line.
74
#hierarchy_stoplist cgi-bin ?
75

    
76
# Uncomment and adjust the following to add a disk cache directory.
77
#cache_dir ufs /var/spool/squid 100 16 256
78

    
79
# Leave coredumps in the first cache dir
80
coredump_dir /var/spool/squid
81

    
82
# Add any of your own refresh_pattern entries above these.
83
refresh_pattern ^ftp:		1440	20%	10080
84
refresh_pattern ^gopher:	1440	0%	1440
85
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
86
refresh_pattern .		0	20%	4320
87