API tools faq
paste
lord_iu

squid-config

lord_iu
Nov 17th, 2013
133
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.60 KB | None | 0 0
raw download clone embed print report
  1. lord@lord-arch-pi:~$ cat /etc/squid/squid.conf
  2. #
  3. # Recommended minimum configuration:
  4. #
  5.  
  6. # Example rule allowing access from your local networks.
  7. # Adapt to list your (internal) IP networks from where browsing
  8. # should be allowed
  9. acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
  10. acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
  11. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  12. acl localnet src fc00::/7       # RFC 4193 local private network range
  13. acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
  14.  
  15. acl SSL_ports port 443
  16. acl Safe_ports port 80          # http
  17. acl Safe_ports port 21          # ftp
  18. acl Safe_ports port 443         # https
  19. acl Safe_ports port 70          # gopher
  20. acl Safe_ports port 210         # wais
  21. acl Safe_ports port 1025-65535  # unregistered ports
  22. acl Safe_ports port 280         # http-mgmt
  23. acl Safe_ports port 488         # gss-http
  24. acl Safe_ports port 591         # filemaker
  25. acl Safe_ports port 777         # multiling http
  26. acl CONNECT method CONNECT
  27.  
  28. #
  29. # Recommended minimum Access Permission configuration:
  30. #
  31. # Deny requests to certain unsafe ports
  32. http_access deny !Safe_ports
  33.  
  34. # Deny CONNECT to other than secure SSL ports
  35. http_access deny CONNECT !SSL_ports
  36.  
  37. # Only allow cachemgr access from localhost
  38. http_access allow localhost manager
  39. http_access deny manager
  40.  
  41. # We strongly recommend the following be uncommented to protect innocent
  42. # web applications running on the proxy server who think the only
  43. # one who can access services on "localhost" is a local user
  44. #http_access deny to_localhost
  45.  
  46. #
  47. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  48. #
  49.  
  50. # Example rule allowing access from your local networks.
  51. # Adapt localnet in the ACL section to list your (internal) IP networks
  52. # from where browsing should be allowed
  53. http_access allow localnet
  54. http_access allow localhost
  55.  
  56. # And finally deny all other access to this proxy
  57. http_access deny all
  58.  
  59. # Squid normally listens to port 3128
  60. http_port 3128 transparent
  61.  
  62. cache_peer 192.168.13.1 parent 3128 no-query default
  63. never_direct allow all
  64.  
  65. # Uncomment and adjust the following to add a disk cache directory.
  66. #cache_dir ufs /var/cache/squid 256 16 256
  67.  
  68. # Leave coredumps in the first cache dir
  69. coredump_dir /var/cache/squid
  70.  
  71. #
  72. # Add any of your own refresh_pattern entries above these.
  73. #
  74. refresh_pattern ^ftp:           1440    20%     10080
  75. refresh_pattern ^gopher:        1440    0%      1440
  76. refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
  77. refresh_pattern .               0       20%     4320
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!