auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwdauth_para

1. auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/passwd
2. auth_param basic children 5
3. auth_param basic realm please login?
4. auth_param basic credentialsttl 2 hours
5. auth_param basic casesensitive off
6.  
7. acl ncsa_users proxy_auth REQUIRED
8. http_access allow ncsa_users
9.  
10. acl SSL_ports port 443
11. acl Safe_ports port 80 # http
12. acl Safe_ports port 21 # ftp
13. acl Safe_ports port 443 # https
14. acl Safe_ports port 70 # gopher
15. acl Safe_ports port 210 # wais
16. acl Safe_ports port 1025-65535 # unregistered ports
17. acl Safe_ports port 280 # http-mgmt
18. acl Safe_ports port 488 # gss-http
19. acl Safe_ports port 591 # filemaker
20. acl Safe_ports port 777 # multiling http
21. acl CONNECT method CONNECT
22.  
23. #
24. # Recommended minimum Access Permission configuration:
25. #
26. # Only allow cachemgr access from localhost
27. http_access allow manager localhost
28. http_access deny manager
29.  
30. # Deny requests to certain unsafe ports
31. http_access deny !Safe_ports
32.  
33. # Deny CONNECT to other than secure SSL ports
34. http_access deny CONNECT !SSL_ports
35.  
36. # We strongly recommend the following be uncommented to protect innocent
37. # web applications running on the proxy server who think the only
38. # one who can access services on "localhost" is a local user
39. #http_access deny to_localhost
40.  
41. #
42. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
43. #
44.  
45. # Example rule allowing access from your local networks.
46. # Adapt localnet in the ACL section to list your (internal) IP networks
47. # from where browsing should be allowed
48. http_access allow localnet
49. http_access allow localhost
50. http_access allow our_networks
51.  
52. # And finally deny all other access to this proxy
53. http_access deny all
54.  
55. # Squid normally listens to port 3128
56. http_port 3128
57.  
58. # We recommend you to use at least the following line.
59. hierarchy_stoplist cgi-bin ?
60.  
61. # Uncomment and adjust the following to add a disk cache directory.
62. #cache_dir ufs /var/spool/squid 100 16 256
63.  
64. # Leave coredumps in the first cache dir
65. coredump_dir /var/spool/squid
66.  
67. # Add any of your own refresh_pattern entries above these.
68. refresh_pattern ^ftp: 1440 20% 10080
69. refresh_pattern ^gopher: 1440 0% 1440
70. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
71. refresh_pattern . 0 20% 4320
72.  
73. forwarded_for off
74.  
75. request_header_access Allow allow all
76. request_header_access Authorization allow all
77. request_header_access WWW-Authenticate allow all
78. request_header_access Proxy-Authorization allow all
79. request_header_access Proxy-Authenticate allow all
80. request_header_access Cache-Control allow all
81. request_header_access Content-Encoding allow all
82. request_header_access Content-Length allow all
83. request_header_access Content-Type allow all
84. request_header_access Date allow all
85. request_header_access Expires allow all
86. request_header_access Host allow all
87. request_header_access If-Modified-Since allow all
88. request_header_access Last-Modified allow all
89. request_header_access Location allow all
90. request_header_access Pragma allow all
91. request_header_access Accept allow all
92. request_header_access Accept-Charset allow all
93. request_header_access Accept-Encoding allow all
94. request_header_access Accept-Language allow all
95. request_header_access Content-Language allow all
96. request_header_access Mime-Version allow all
97. request_header_access Retry-After allow all
98. request_header_access Title allow all
99. request_header_access Connection allow all
100. request_header_access Proxy-Connection allow all
101. request_header_access User-Agent allow all
102. request_header_access Cookie allow all
103. request_header_access Set-Cookie allow all
104. request_header_access All deny all