1 files changed, 111 insertions, 0 deletions
diff --git a/squid.conf.template b/squid.conf.template
new file mode 100644
index 0000000..1b55448
--- /dev/null
+++ b/squid.conf.template
@@ -0,0 +1,111 @@
+### ACF-SQUID-MAGIC ### DO NOT REMOVE THIS LINE
+
+cache_effective_user squid
+cache_effective_group squid
+
+### ACF-SQUID-TAG-0001 ### DO NOT REMOVE THIS LINE
+http_port 192.168.1.1:8080
+http_port 127.0.0.1:3128
+visible_hostname services
+cache_mem 8 MB
+### ACF-SQUID-GAT-0001 ### DO NOT REMOVE THIS LINE
+
+hierarchy_stoplist cgi-bin \?
+
+### ACF-SQUID-TAG-0002 ### DO NOT REMOVE THIS LINE
+# Examples:
+# :cache_dir diskd /var/cache/squid 900 16 256
+# :cache_dir null
+cache_dir diskd /var/cache/squid 900 16 256
+#cache_dir null
+### ACF-SQUID-GAT-0002 ### DO NOT REMOVE THIS LINE
+
+### ACF-SQUID-TAG-0003 ### DO NOT REMOVE THIS LINE
+cache_access_log /var/log/squid/cache_access.log
+cache_log /var/log/squid/cache.log
+cache_store_log none
+### ACF-SQUID-GAT-0003 ### DO NOT REMOVE THIS LINE
+
+pid_filename /var/run/squid.pid
+
+debug_options 29,9
+debug_options 28,9
+debug_options 84,9
+
+# Web auditors want to see the full uri, even with the query terms
+strip_query_terms off
+
+### ACF-SQUID-TAG-0004 ### DO NOT REMOVE THIS LINE
+auth_param digest program /usr/libexec/squid/digest_pw_auth /etc/squid/users.list
+auth_param digest children 5
+auth_param digest realm Squid proxy-caching web server
+auth_param digest nonce_garbage_interval 5 minutes
+auth_param digest nonce_max_duration 30 minutes
+auth_param digest nonce_max_count 50
+#auth_param ntlm program /usr/libexec/squid/wb_ntlmauth
+#auth_param ntlm children 30
+#auth_param ntlm max_challenge_reuses 3
+#auth_param ntlm max_challenge_lifetime 2 minutes
+### ACF-SQUID-GAT-0004 ### DO NOT REMOVE THIS LINE
+
+authenticate_cache_garbage_interval 1 hour
+authenticate_ttl 1 hour
+
+refresh_pattern ^ftp:		1440	20%	10080
+refresh_pattern ^gopher:	1440	0%	1440
+refresh_pattern .		0	20%	4320
+
+### ACF-SQUID-TAG-0008 ### DO NOT REMOVE THIS LINE
+acl QUERY urlpath_regex cgi-bin \?
+acl all src 0.0.0.0/0.0.0.0
+acl manager proto cache_object
+acl localhost src 127.0.0.1/255.255.255.255
+acl to_localhost dst 127.0.0.0/8
+# Special access acls
+acl AnonBrowsers browser "/etc/squid/anonbrowserlist"
+acl AnonIPAddrs src "/etc/squid/anoniplist"
+acl AnonDomain url_regex "/etc/squid/anondomainlist"
+acl CONNECT method CONNECT
+### ACF-SQUID-GAT-0008 ### DO NOT REMOVE THIS LINE
+
+### ACF-SQUID-TAG-0005 ### DO NOT REMOVE THIS LINE
+acl SSL_ports port  443 563 8004 9000
+acl Safe_ports port  21 70 80 81 210 280 443 563 499 591 777 1025-65535
+acl ContentFilter urlpath_regex -i \.html$ \.htm$ \.php$ \.asp$ \.jsp$ \? ^http:\/\/[^\/]*\.[a-z]*$ /$
+### ACF-SQUID-GAT-0005 ### DO NOT REMOVE THIS LINE
+
+### ACF-SQUID-TAG-0006 ### DO NOT REMOVE THIS LINE
+acl userlist  proxy_auth REQUIRED
+### ACF-SQUID-GAT-0006 ### DO NOT REMOVE THIS LINE
+
+# This is for the "second pass" squid 
+no_cache deny localhost
+always_direct allow CONNECT
+http_access allow localhost 
+
+# These force us to use an upstream proxy - like DansGuardian
+# except if its not an html looking uri - like, say isos, mp3s, etc.
+# DG chews up *way* too many resources for large downloads
+### ACF-SQUID-TAG-0007 ### DO NOT REMOVE THIS LINE
+never_direct allow !localhost
+always_direct allow !ContentFilter
+cache_peer 127.0.0.1 parent 8081 0 no-query no-digest no-netdb-exchange login=*: default 
+### ACF-SQUID-GAT-0007 ### DO NOT REMOVE THIS LINE
+
+### ACF-SQUID-TAG-0009 ### DO NOT REMOVE THIS LINE
+http_access allow manager localhost
+http_access deny manager
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow AnonIPAddrs
+http_access allow AnonDomain
+http_access allow AnonBrowsers
+http_access allow userlist
+http_access deny all
+### ACF-SQUID-GAT-0009 ### DO NOT REMOVE THIS LINE
+
+http_reply_access allow all
+icp_access allow all
+
+no_cache deny QUERY
+