-
Notifications
You must be signed in to change notification settings - Fork 0
/
THIRDASSsquid.conf
133 lines (88 loc) · 3.39 KB
/
THIRDASSsquid.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
http_port 0.0.0.0:3128
visible_hostname proxyserver.zentyal-domain.lan
coredump_dir /var/spool/squid
cache_effective_user proxy
cache_effective_group proxy
cache_mem 128 MB
cache_dir ufs /var/spool/squid 100 16 256
maximum_object_size 300 MB
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
dns_nameservers 100.100.1.2
append_domain .acme.corp
# refresh patterns
# windows updates
refresh_pattern http://.*\.windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.update\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://download\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://windowsupdate\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://.*\.download\.windowsupdate\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://office\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://w?xpsp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://w2ksp[0-9]\.microsoft\.com/ 0 80% 20160 reload-into-ims
# linux updates
refresh_pattern http://.*\.archive\.ubuntu\.com/ 0 80% 20160 reload-into-ims
refresh_pattern http://(ftp|http)[0-9]*\.[a-z]+\.debian\.org/ 0 80% 20160 reload-into-ims
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# end refresh patterns
acl_uses_indirect_client on
# no cache domains acl
acl from_localhost src 127.0.0.0/8 ::1
acl manager url_regex -i ^cache_object:// +i ^https?://[^/]+/squid-internal-mgr/
acl SSL_ports port 443 # https, snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 21 #ftp
acl SSL_ports port 631 #cups over https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 631 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl CONNECT method CONNECT
acl purge method PURGE
http_access allow to_localhost
follow_x_forwarded_for allow from_localhost
log_uses_indirect_client on
http_access allow manager to_localhost
http_access deny manager
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow from_localhost
forwarded_for on
always_direct allow to_localhost
##
## ACLs from model rules
##
##
## Access
##
#http_access allow all
##
## Default policy
##
# All acces denied by default if no other allow rule matchs
#http_access deny all
# reply access allowed if not denied before
http_reply_access allow all
###########################CONFIG FOR PROXY AUTH#############################
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 3 hours
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
http_access deny all