### ACF-SQUID-MAGIC ### DO NOT REMOVE THIS LINE cache_effective_user squid cache_effective_group squid ### ACF-SQUID-TAG-0001 ### DO NOT REMOVE THIS LINE http_port 192.168.1.1:8080 http_port 127.0.0.1:3128 visible_hostname services cache_mem 8 MB ### ACF-SQUID-GAT-0001 ### DO NOT REMOVE THIS LINE hierarchy_stoplist cgi-bin \? ### ACF-SQUID-TAG-0002 ### DO NOT REMOVE THIS LINE # Examples: # :cache_dir diskd /var/cache/squid 900 16 256 # :cache_dir null cache_dir diskd /var/cache/squid 900 16 256 #cache_dir null ### ACF-SQUID-GAT-0002 ### DO NOT REMOVE THIS LINE ### ACF-SQUID-TAG-0003 ### DO NOT REMOVE THIS LINE cache_access_log /var/log/squid/cache_access.log cache_log /var/log/squid/cache.log cache_store_log none ### ACF-SQUID-GAT-0003 ### DO NOT REMOVE THIS LINE pid_filename /var/run/squid.pid debug_options 29,9 debug_options 28,9 debug_options 84,9 # Web auditors want to see the full uri, even with the query terms strip_query_terms off ### ACF-SQUID-TAG-0004 ### DO NOT REMOVE THIS LINE auth_param digest program /usr/libexec/squid/digest_pw_auth /etc/squid/users.list auth_param digest children 5 auth_param digest realm Squid proxy-caching web server auth_param digest nonce_garbage_interval 5 minutes auth_param digest nonce_max_duration 30 minutes auth_param digest nonce_max_count 50 #auth_param ntlm program /usr/libexec/squid/wb_ntlmauth #auth_param ntlm children 30 #auth_param ntlm max_challenge_reuses 3 #auth_param ntlm max_challenge_lifetime 2 minutes ### ACF-SQUID-GAT-0004 ### DO NOT REMOVE THIS LINE authenticate_cache_garbage_interval 1 hour authenticate_ttl 1 hour refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 ### ACF-SQUID-TAG-0008 ### DO NOT REMOVE THIS LINE acl QUERY urlpath_regex cgi-bin \? acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 # Special access acls acl AnonBrowsers browser "/etc/squid/anonbrowserlist" acl AnonIPAddrs src "/etc/squid/anoniplist" acl AnonDomain url_regex "/etc/squid/anondomainlist" acl CONNECT method CONNECT ### ACF-SQUID-GAT-0008 ### DO NOT REMOVE THIS LINE ### ACF-SQUID-TAG-0005 ### DO NOT REMOVE THIS LINE acl SSL_ports port 443 563 8004 9000 acl Safe_ports port 21 70 80 81 210 280 443 563 499 591 777 1025-65535 acl ContentFilter urlpath_regex -i \.html$ \.htm$ \.php$ \.asp$ \.jsp$ \? ^http:\/\/[^\/]*\.[a-z]*$ /$ ### ACF-SQUID-GAT-0005 ### DO NOT REMOVE THIS LINE ### ACF-SQUID-TAG-0006 ### DO NOT REMOVE THIS LINE acl userlist proxy_auth REQUIRED ### ACF-SQUID-GAT-0006 ### DO NOT REMOVE THIS LINE # This is for the "second pass" squid no_cache deny localhost always_direct allow CONNECT http_access allow localhost # These force us to use an upstream proxy - like DansGuardian # except if its not an html looking uri - like, say isos, mp3s, etc. # DG chews up *way* too many resources for large downloads ### ACF-SQUID-TAG-0007 ### DO NOT REMOVE THIS LINE never_direct allow !localhost always_direct allow !ContentFilter cache_peer 127.0.0.1 parent 8081 0 no-query no-digest no-netdb-exchange login=*: default ### ACF-SQUID-GAT-0007 ### DO NOT REMOVE THIS LINE ### ACF-SQUID-TAG-0009 ### DO NOT REMOVE THIS LINE http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow AnonIPAddrs http_access allow AnonDomain http_access allow AnonBrowsers http_access allow userlist http_access deny all ### ACF-SQUID-GAT-0009 ### DO NOT REMOVE THIS LINE http_reply_access allow all icp_access allow all no_cache deny QUERY