## Recommended minimum configuration:## Example rule allowing access from

1. #
2. # Recommended minimum configuration:
3. #
4. # Example rule allowing access from your local networks.
5. # Adapt to list your (internal) IP networks from where browsing
6. # should be allowed
7. #acl all src all
8. #acl localhost src 127.0.0.0/8
9. visible_hostname "genTooBox"
10. # Classes
11. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
12. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
13. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
14. acl localnet src fc00::/7 # RFC 4193 local private network range
15. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
16. acl localhost src 127.0.0.1/32 # Localhost
17. acl lan src 172.16.0.0/24 # LAN where authorized clients reside
18. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 # Requests to localhost
19. acl local_net src 192.168.1.1/24
20. acl SSL_ports port 443 # https port
21. acl Safe_ports port 80 21 443 # http, ftp, https ports
22. acl CONNECT method CONNECT # SSL CONNECT method
23.  
24. # Only allow cachemgr access from localhost
25. http_access allow manager localhost
26. http_access deny manager
27.  
28. # Deny requests to unknown ports
29. http_access deny !Safe_ports
30.  
31. # Deny CONNECT to other than SSL ports
32. http_access deny CONNECT !SSL_ports
33.  
34. # Prevent access to local web applications from remote users
35. http_access deny to_localhost
36.  
37. # Allow access from the local network
38. http_access allow lan
39. http_access allow local_net
40. http_access allow localhost
41.  
42. # Default deny (this must be the last rule)
43. http_access deny all
44.  
45.  
46. # Squid normally listens to port 3128
47. #http_port 192.168.1.1:3128 transparent
48. http_port 127.0.0.1:3128
49.  
50. cache_mem 150 MB
51.  
52. cache_dir ufs /var/cache/squid 500 16 256
53. cache_mgr [email protected]
54.  
55. offline_mode off
56.  
57.  
58. maximum_object_size 102400 KB
59. reload_into_ims off
60.  
61. cache_effective_user squid
62. cache_effective_group squid
63.  
64. ftp_user [email protected]
65.  
66. # Define the access log format
67. logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
68.  
69. # Log client request activities ('squid' is the name of the log format to use)
70. access_log /var/log/squid/access.log squid
71.  
72. # Log information about the cache's behavior
73. cache_log /var/log/squid/cache.log
74.  
75. # Log the activities of the storage manager
76. cache_store_log /var/log/squid/store.log
77.  
78. # Uncomment and adjust the following to add a disk cache directory.
79. #cache_dir ufs /var/cache/squid 100 16 256
80.  
81. always_direct allow all
82. # Leave coredumps in the first cache dir
83. coredump_dir /var/cache/squid
84.  
85. # Add any of your own refresh_pattern entries above these.
86. refresh_pattern ^ftp: 1440 20% 10080
87. refresh_pattern ^gopher: 1440 0% 1440
88. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
89. refresh_pattern . 0 20% 4320
90.  
91. redirect_program /usr/bin/squidGuard
92. redirect_children 5