diff options
author | Andreas Brodmann <andreas.brodmann@gmail.com> | 2008-01-14 15:16:51 +0000 |
---|---|---|
committer | Andreas Brodmann <andreas.brodmann@gmail.com> | 2008-01-14 15:16:51 +0000 |
commit | d3f6fac84e5ed293b121ce0d92f07eb438cf6c96 (patch) | |
tree | eabf5f56ff5ec31380a21ec78f035b964f64d087 /squid.conf.template | |
parent | 7c8b2854e579402d546b41457828bf7622868d5a (diff) | |
download | acf-squid-d3f6fac84e5ed293b121ce0d92f07eb438cf6c96.tar.bz2 acf-squid-d3f6fac84e5ed293b121ce0d92f07eb438cf6c96.tar.xz |
1) you can now change to auth methods
2) tags insertion into config file solved with default config
3) modifications on views to look better with css
git-svn-id: svn://svn.alpinelinux.org/acf/squid/trunk@563 ab2d0c66-481e-0410-8bed-d214d4d58bed
Diffstat (limited to 'squid.conf.template')
-rw-r--r-- | squid.conf.template | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/squid.conf.template b/squid.conf.template new file mode 100644 index 0000000..1b55448 --- /dev/null +++ b/squid.conf.template @@ -0,0 +1,111 @@ +### ACF-SQUID-MAGIC ### DO NOT REMOVE THIS LINE + +cache_effective_user squid +cache_effective_group squid + +### ACF-SQUID-TAG-0001 ### DO NOT REMOVE THIS LINE +http_port 192.168.1.1:8080 +http_port 127.0.0.1:3128 +visible_hostname services +cache_mem 8 MB +### ACF-SQUID-GAT-0001 ### DO NOT REMOVE THIS LINE + +hierarchy_stoplist cgi-bin \? + +### ACF-SQUID-TAG-0002 ### DO NOT REMOVE THIS LINE +# Examples: +# :cache_dir diskd /var/cache/squid 900 16 256 +# :cache_dir null +cache_dir diskd /var/cache/squid 900 16 256 +#cache_dir null +### ACF-SQUID-GAT-0002 ### DO NOT REMOVE THIS LINE + +### ACF-SQUID-TAG-0003 ### DO NOT REMOVE THIS LINE +cache_access_log /var/log/squid/cache_access.log +cache_log /var/log/squid/cache.log +cache_store_log none +### ACF-SQUID-GAT-0003 ### DO NOT REMOVE THIS LINE + +pid_filename /var/run/squid.pid + +debug_options 29,9 +debug_options 28,9 +debug_options 84,9 + +# Web auditors want to see the full uri, even with the query terms +strip_query_terms off + +### ACF-SQUID-TAG-0004 ### DO NOT REMOVE THIS LINE +auth_param digest program /usr/libexec/squid/digest_pw_auth /etc/squid/users.list +auth_param digest children 5 +auth_param digest realm Squid proxy-caching web server +auth_param digest nonce_garbage_interval 5 minutes +auth_param digest nonce_max_duration 30 minutes +auth_param digest nonce_max_count 50 +#auth_param ntlm program /usr/libexec/squid/wb_ntlmauth +#auth_param ntlm children 30 +#auth_param ntlm max_challenge_reuses 3 +#auth_param ntlm max_challenge_lifetime 2 minutes +### ACF-SQUID-GAT-0004 ### DO NOT REMOVE THIS LINE + +authenticate_cache_garbage_interval 1 hour +authenticate_ttl 1 hour + +refresh_pattern ^ftp: 1440 20% 10080 +refresh_pattern ^gopher: 1440 0% 1440 +refresh_pattern . 0 20% 4320 + +### ACF-SQUID-TAG-0008 ### DO NOT REMOVE THIS LINE +acl QUERY urlpath_regex cgi-bin \? +acl all src 0.0.0.0/0.0.0.0 +acl manager proto cache_object +acl localhost src 127.0.0.1/255.255.255.255 +acl to_localhost dst 127.0.0.0/8 +# Special access acls +acl AnonBrowsers browser "/etc/squid/anonbrowserlist" +acl AnonIPAddrs src "/etc/squid/anoniplist" +acl AnonDomain url_regex "/etc/squid/anondomainlist" +acl CONNECT method CONNECT +### ACF-SQUID-GAT-0008 ### DO NOT REMOVE THIS LINE + +### ACF-SQUID-TAG-0005 ### DO NOT REMOVE THIS LINE +acl SSL_ports port 443 563 8004 9000 +acl Safe_ports port 21 70 80 81 210 280 443 563 499 591 777 1025-65535 +acl ContentFilter urlpath_regex -i \.html$ \.htm$ \.php$ \.asp$ \.jsp$ \? ^http:\/\/[^\/]*\.[a-z]*$ /$ +### ACF-SQUID-GAT-0005 ### DO NOT REMOVE THIS LINE + +### ACF-SQUID-TAG-0006 ### DO NOT REMOVE THIS LINE +acl userlist proxy_auth REQUIRED +### ACF-SQUID-GAT-0006 ### DO NOT REMOVE THIS LINE + +# This is for the "second pass" squid +no_cache deny localhost +always_direct allow CONNECT +http_access allow localhost + +# These force us to use an upstream proxy - like DansGuardian +# except if its not an html looking uri - like, say isos, mp3s, etc. +# DG chews up *way* too many resources for large downloads +### ACF-SQUID-TAG-0007 ### DO NOT REMOVE THIS LINE +never_direct allow !localhost +always_direct allow !ContentFilter +cache_peer 127.0.0.1 parent 8081 0 no-query no-digest no-netdb-exchange login=*: default +### ACF-SQUID-GAT-0007 ### DO NOT REMOVE THIS LINE + +### ACF-SQUID-TAG-0009 ### DO NOT REMOVE THIS LINE +http_access allow manager localhost +http_access deny manager +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +http_access allow AnonIPAddrs +http_access allow AnonDomain +http_access allow AnonBrowsers +http_access allow userlist +http_access deny all +### ACF-SQUID-GAT-0009 ### DO NOT REMOVE THIS LINE + +http_reply_access allow all +icp_access allow all + +no_cache deny QUERY + |