SHOW:
|
|
- or go back to the newest paste.
1 | # | |
2 | # Recommended minimum configuration: | |
3 | # | |
4 | #acl manager proto cache_object | |
5 | #acl localhost src 127.0.0.1/32 ::1 | |
6 | #acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 | |
7 | ||
8 | # Example rule allowing access from your local networks. | |
9 | # Adapt to list your (internal) IP networks from where browsing | |
10 | # should be allowed | |
11 | ###acl localnet src 10.0.0.0/8 # RFC1918 possible internal network | |
12 | ###acl localnet src 172.16.0.0/12 # RFC1918 possible internal network | |
13 | ###acl localnet src 192.168.0.0/16 # RFC1918 possible internal network | |
14 | ###acl localnet src fc00::/7 # RFC 4193 local private network range | |
15 | ###acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | |
16 | ||
17 | acl localnet src 192.168.10.0/24 | |
18 | acl localnet src 192.168.77.0/24 | |
19 | acl localnet src 192.168.158.0/24 | |
20 | acl localnet src 192.168.159.0/24 | |
21 | acl localnet src 192.168.160.0/24 | |
22 | acl localnet src 192.168.161.0/24 | |
23 | acl localnet src 10.8.0.0/24 | |
24 | ||
25 | acl SSL_ports port 443 | |
26 | acl Safe_ports port 80 # http | |
27 | acl Safe_ports port 21 # ftp | |
28 | acl Safe_ports port 443 # https | |
29 | acl Safe_ports port 70 # gopher | |
30 | acl Safe_ports port 210 # wais | |
31 | acl Safe_ports port 1025-65535 # unregistered ports | |
32 | acl Safe_ports port 280 # http-mgmt | |
33 | acl Safe_ports port 488 # gss-http | |
34 | acl Safe_ports port 591 # filemaker | |
35 | acl Safe_ports port 777 # multiling http | |
36 | acl CONNECT method CONNECT | |
37 | ||
38 | # | |
39 | # Recommended minimum Access Permission configuration: | |
40 | # | |
41 | # Only allow cachemgr access from localhost | |
42 | http_access allow manager localhost | |
43 | http_access deny manager | |
44 | ||
45 | # Deny requests to certain unsafe ports | |
46 | http_access deny !Safe_ports | |
47 | ||
48 | # Deny CONNECT to other than secure SSL ports | |
49 | http_access deny CONNECT !SSL_ports | |
50 | ||
51 | # We strongly recommend the following be uncommented to protect innocent | |
52 | # web applications running on the proxy server who think the only | |
53 | # one who can access services on "localhost" is a local user | |
54 | #http_access deny to_localhost | |
55 | ||
56 | # | |
57 | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | |
58 | # | |
59 | ||
60 | # Example rule allowing access from your local networks. | |
61 | # Adapt localnet in the ACL section to list your (internal) IP networks | |
62 | # from where browsing should be allowed | |
63 | http_access allow localnet | |
64 | http_access allow localhost | |
65 | ||
66 | # And finally deny all other access to this proxy | |
67 | http_access deny all | |
68 | ||
69 | # Squid normally listens to port 3128 | |
70 | http_port 3128 | |
71 | ||
72 | # We recommend you to use at least the following line. | |
73 | hierarchy_stoplist cgi-bin ? | |
74 | ||
75 | # Uncomment and adjust the following to add a disk cache directory. | |
76 | #cache_dir ufs /var/spool/squid 100 16 256 | |
77 | ||
78 | ###Cache manager | |
79 | cache_mgr artem@isc.kharkov.com | |
80 | ||
81 | # Leave coredumps in the first cache dir | |
82 | coredump_dir /var/spool/squid | |
83 | ||
84 | # Add any of your own refresh_pattern entries above these. | |
85 | refresh_pattern ^ftp: 1440 20% 10080 | |
86 | refresh_pattern ^gopher: 1440 0% 1440 | |
87 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
88 | refresh_pattern . 0 20% 4320 | |
89 | ||
90 | - | ###Splash Page for Science Day /Artem Lalaiants/ |
90 | + | |
91 | - | #external_acl_type sessions ttl=60 negative_ttl=0 children=1 concurency=100 %SRC |
91 | + | |
92 | - | ####acl science_sessions external sessions |
92 | + | |
93 | - | #acl localnet external sessions |
93 | + | |
94 | - | #deny info http://www.isc.kharkov.com/cys2014 science_sessions |
94 | + | |
95 | - | #http_access deny sNetwork !science_sessions |
95 | + |