Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ··············································
- acl manager proto cache_object
- acl localhost src 127.0.0.1/32 ::1
- acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
- # Example rule allowing access from your local networks.
- # Adapt to list your (internal) IP networks from where browsing
- # should be allowed
- acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
- acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
- acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
- acl localnet src fc00::/7 # RFC 4193 local private network range
- acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
- ##########################################################################
- #######INTERNET POR HORAS#######################
- acl H_ADMIN time SMTWHFA 13:00-14:00
- acl H_UPDATE time SMTWHFA 13:00-14:00
- acl E_HORA time SMTWHFA 17:30-20:00
- acl CONNECT method CONNECT
- ###############################################
- ####PAGINAS ADMITIDAS HORAS TRABAJO############
- acl L_ADMIN url_regex "/etc/squid/pag_personal"
- acl P_ADMIN url_regex "/etc/squid/pag_personalPAMPA"
- ##############################################
- acl restringido url_regex "/etc/squid/restringido.acl"
- acl restringidoadmin url_regex "/etc/squid/restringidoadmin.acl"
- acl EXTENSION1 urlpath_regex -i \.dll$
- acl EXTENSION2 urlpath_regex -i \.exe$\.mp3$\.mov$\.mpeg$\.ppt$\.pps$\.wms$
- acl badsites dstdomain .facebook.com
- acl skype_url url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
- acl ACT url_regex "/etc/squid/pag_actualizacion"
- acl DIRECTORES src "/etc/squid/direccion.acl"
- acl ADMIN src "/etc/squid/administrativos.acl"
- acl UPADMIN src "/etc/squid/upadmin.acl"
- acl JEFATURALPAMPA src "/etc/squid/jefaturalpampa.acl"
- acl PAMPA src "/etc/squid/adminpampa.acl"
- acl UPDATE url_regex "/etc/squid/update.acl"
- acl SININTERNET src "/etc/squid/negados.acl"
- ###############################################
- #acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- #http_reply_access deny badsites JEFATURALPAMPA
- #
- # Recommended minimum Access Permission configuration:
- #
- # Only allow cachemgr access from localhost
- http_access allow manager localhost
- #http_access deny block-fnes
- #http_access allow all
- # Deny requests to certain unsafe ports
- http_access deny !Safe_ports
- # Deny CONNECT to other than secure SSL ports
- #http_access deny CONNECT !SSL_ports
- # We strongly recommend the following be uncommented to protect innocent
- # web applications running on the proxy server who think the only
- # one who can access services on "localhost" is a local user
- #http_access deny to_localhost
- #
- # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
- #
- # Example rule allowing access from your local networks.
- # Adapt localnet in the ACL section to list your (internal) IP networks
- # from where browsing should be allowed
- http_access allow localhost
- http_access allow DIRECTORES !ACT
- http_access allow UPADMIN !restringidoadmin !EXTENSION1 !EXTENSION2
- http_access allow JEFATURALPAMPA !restringido !EXTENSION1 !EXTENSION2
- http_access allow ADMIN L_ADMIN !restringidoadmin !EXTENSION1 !EXTENSION2
- http_access allow H_ADMIN ADMIN
- http_access allow H_UPDATE ADMIN UPDATE !restringido !EXTENSION1 !EXTENSION2
- http_access allow SININTERNET UPDATE
- http_access allow PAMPA P_ADMIN !restringidoadmin !restringido !EXTENSION1 !EXTENSION2
- http_access allow H_ADMIN PAMPA
- http_access allow H_ADMIN JEFATURALPAMPA
- http_access allow E_HORA PAMPA
- http_access allow H_ADMIN JEFATURALPAMPA
- http_access deny badsites JEFATURALPAMPA
- http_access deny badsites
- http_access deny CONNECT badsites JEFATURALPAMPA
- # And finally deny all other access to this proxy
- #http_access deny CONNECT skype_url
- http_access deny all
- # Squid normally listens to port 3128
- #http_port 3128 transparent
- #http_port 3128
- http_port 3128 intercept
- # We recommend you to use at least the following line.
- hierarchy_stoplist cgi-bin ?
- # Uncomment and adjust the following to add a disk cache directory.
- cache_dir ufs /var/spool/squid 10000 16 256
- #cache_dir aufs /var/spool/squid 1000 16 256
- # Leave coredumps in the first cache dir
- coredump_dir /var/spool/squid
- ###
- #query_icmp on
- #query_icmp on
- ############
- # Add any of your own refresh_pattern entries above these
- refresh_pattern -i \.(html|htm|html\?|htm\?)$ 9440 90% 100000 override-expire reload-into-ims
- #refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp|tiff|webp|bif|gif\?|png\?|jpg\?|jpeg\?|ico\?|bmp\?|tiff\?|webp\?|bif\?)$ 36000 90% 100000 override-expire reload-into-ims ignore-reload
- refresh_pattern \.(swf|swf\?|js|js\?|wav|css|css\?|class|dat|zsci)$ 36000 90% 100000 override-expire reload-into-ims
- refresh_pattern -i \.(bin|deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|docx|tiff|pdf|uxx|gz|xls|xlsx|psd|crl|msi|dll|dll\?|crx|enc|skl|arc)$ 36000 90% 100000 override-expire override-lastmod reload-into-ims ignore-reload
- refresh_pattern -i \.(xml)$ 0 90% 100000
- refresh_pattern -i \.(json|json\?)$ 1440 90% 5760 override-expire reload-into-ims
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 0 20% 4320
- #####################
- ignore_expect_100 on
- log_icp_queries off
- minimum_object_size 0 KB
- buffered_logs on
- pipeline_prefetch on
- cache_effective_user squid
- cache_effective_group squid
- ###############
- maximum_object_size 250 MB
- maximum_object_size_in_memory 1 MB
- visible_hostname shadow
- unique_hostname shadow-DHS
- #client_db off
- #cache_store_log none
- positive_dns_ttl 16 day
- #shutdown_lifetime 0 second
- cache_mem 1024 MB
- cache_swap_low 90
- cache_swap_high 95
- ipcache_size 8192
- fqdncache_size 8192
- ######################
- visible_hostname mail
- forwarded_for on
- ie_refresh on
- dns_nameservers 200.62.191.11 200.62.191.12
- dns_defnames off
- ######################
- request_header_max_size 256 KB
- memory_replacement_policy heap GDSF
- cache_replacement_policy heap LRU
- memory_pools off
- quick_abort_min 0 KB
- quick_abort_max 0 KB
- buffered_logs on
- read_ahead_gap 1 MB
- #access_log none
- half_closed_clients off
- ······································
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement