blob: 1b55448cba361848431492cdc31c0b43cd6eb6bb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
### ACF-SQUID-MAGIC ### DO NOT REMOVE THIS LINE
cache_effective_user squid
cache_effective_group squid
### ACF-SQUID-TAG-0001 ### DO NOT REMOVE THIS LINE
http_port 192.168.1.1:8080
http_port 127.0.0.1:3128
visible_hostname services
cache_mem 8 MB
### ACF-SQUID-GAT-0001 ### DO NOT REMOVE THIS LINE
hierarchy_stoplist cgi-bin \?
### ACF-SQUID-TAG-0002 ### DO NOT REMOVE THIS LINE
# Examples:
# :cache_dir diskd /var/cache/squid 900 16 256
# :cache_dir null
cache_dir diskd /var/cache/squid 900 16 256
#cache_dir null
### ACF-SQUID-GAT-0002 ### DO NOT REMOVE THIS LINE
### ACF-SQUID-TAG-0003 ### DO NOT REMOVE THIS LINE
cache_access_log /var/log/squid/cache_access.log
cache_log /var/log/squid/cache.log
cache_store_log none
### ACF-SQUID-GAT-0003 ### DO NOT REMOVE THIS LINE
pid_filename /var/run/squid.pid
debug_options 29,9
debug_options 28,9
debug_options 84,9
# Web auditors want to see the full uri, even with the query terms
strip_query_terms off
### ACF-SQUID-TAG-0004 ### DO NOT REMOVE THIS LINE
auth_param digest program /usr/libexec/squid/digest_pw_auth /etc/squid/users.list
auth_param digest children 5
auth_param digest realm Squid proxy-caching web server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
#auth_param ntlm program /usr/libexec/squid/wb_ntlmauth
#auth_param ntlm children 30
#auth_param ntlm max_challenge_reuses 3
#auth_param ntlm max_challenge_lifetime 2 minutes
### ACF-SQUID-GAT-0004 ### DO NOT REMOVE THIS LINE
authenticate_cache_garbage_interval 1 hour
authenticate_ttl 1 hour
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
### ACF-SQUID-TAG-0008 ### DO NOT REMOVE THIS LINE
acl QUERY urlpath_regex cgi-bin \?
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
# Special access acls
acl AnonBrowsers browser "/etc/squid/anonbrowserlist"
acl AnonIPAddrs src "/etc/squid/anoniplist"
acl AnonDomain url_regex "/etc/squid/anondomainlist"
acl CONNECT method CONNECT
### ACF-SQUID-GAT-0008 ### DO NOT REMOVE THIS LINE
### ACF-SQUID-TAG-0005 ### DO NOT REMOVE THIS LINE
acl SSL_ports port 443 563 8004 9000
acl Safe_ports port 21 70 80 81 210 280 443 563 499 591 777 1025-65535
acl ContentFilter urlpath_regex -i \.html$ \.htm$ \.php$ \.asp$ \.jsp$ \? ^http:\/\/[^\/]*\.[a-z]*$ /$
### ACF-SQUID-GAT-0005 ### DO NOT REMOVE THIS LINE
### ACF-SQUID-TAG-0006 ### DO NOT REMOVE THIS LINE
acl userlist proxy_auth REQUIRED
### ACF-SQUID-GAT-0006 ### DO NOT REMOVE THIS LINE
# This is for the "second pass" squid
no_cache deny localhost
always_direct allow CONNECT
http_access allow localhost
# These force us to use an upstream proxy - like DansGuardian
# except if its not an html looking uri - like, say isos, mp3s, etc.
# DG chews up *way* too many resources for large downloads
### ACF-SQUID-TAG-0007 ### DO NOT REMOVE THIS LINE
never_direct allow !localhost
always_direct allow !ContentFilter
cache_peer 127.0.0.1 parent 8081 0 no-query no-digest no-netdb-exchange login=*: default
### ACF-SQUID-GAT-0007 ### DO NOT REMOVE THIS LINE
### ACF-SQUID-TAG-0009 ### DO NOT REMOVE THIS LINE
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow AnonIPAddrs
http_access allow AnonDomain
http_access allow AnonBrowsers
http_access allow userlist
http_access deny all
### ACF-SQUID-GAT-0009 ### DO NOT REMOVE THIS LINE
http_reply_access allow all
icp_access allow all
no_cache deny QUERY
|
