Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on Jan 24th, 2013  |  syntax: None  |  size: 3.26 KB  |  views: 21  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. auth
  2. auth_param basic program /usr/lib/squid/ncsa_auth /usr/etc/passwd
  3. acl ncsa_users proxy_auth REQUIRED
  4. http_access allow ncsa_users
  5. auth_param basic children 5
  6. auth_param basic realm Squid proxy-caching web server
  7. auth_param basic credentialsttl 2 hours
  8. auth_param basic casesensitive off
  9.  
  10. #
  11. # Recommended minimum configuration:
  12. #
  13. acl manager proto cache_object
  14. acl localhost src 127.0.0.1/32 ::1
  15. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
  16. acl local_net src 192.168.43.0/24
  17. acl blocksites dstdomain "/etc/squid/blockedsites"
  18.  
  19. # Example rule allowing access from your local networks.
  20. # Adapt to list your (internal) IP networks from where browsing
  21. # should be allowed
  22. acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
  23. acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
  24. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  25. acl localnet src fc00::/7       # RFC 4193 local private network range
  26. acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
  27.  
  28.  
  29. acl SSL_ports port 443
  30. acl Safe_ports port 80          # http
  31. acl Safe_ports port 21          # ftp
  32. acl Safe_ports port 443         # https
  33. acl Safe_ports port 70          # gopher
  34. acl Safe_ports port 210         # wais
  35. acl Safe_ports port 1025-65535  # unregistered ports
  36. acl Safe_ports port 280         # http-mgmt
  37. acl Safe_ports port 488         # gss-http
  38. acl Safe_ports port 591         # filemaker
  39. acl Safe_ports port 777         # multiling http
  40. acl CONNECT method CONNECT
  41.  
  42. #
  43. # Recommended minimum Access Permission configuration:
  44. #
  45. # Only allow cachemgr access from localhost
  46. http_access deny manager
  47. http_access deny blocksites
  48. http_access allow manager localhost
  49.  
  50.  
  51. # Deny requests to certain unsafe ports
  52. http_access deny !Safe_ports
  53.  
  54. # Deny CONNECT to other than secure SSL ports
  55. http_access deny CONNECT !SSL_ports
  56.  
  57. # We strongly recommend the following be uncommented to protect innocent
  58. # web applications running on the proxy server who think the only
  59. # one who can access services on "localhost" is a local user
  60. #http_access deny to_localhost
  61.  
  62. #
  63. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  64. #
  65.  
  66. # Example rule allowing access from your local networks.
  67. # Adapt localnet in the ACL section to list your (internal) IP networks
  68. # from where browsing should be allowed
  69. http_access allow localnet
  70. http_access allow localhost
  71. http_access allow local_net
  72.  
  73. # And finally deny all other access to this proxy
  74. http_access deny all
  75.  
  76. # Squid normally listens to port 3128
  77. http_port 3128
  78.  
  79. # We recommend you to use at least the following line.
  80. hierarchy_stoplist cgi-bin ?
  81.  
  82. # Uncomment and adjust the following to add a disk cache directory.
  83. #cache_dir ufs /var/spool/squid 100 16 256
  84.  
  85. # Leave coredumps in the first cache dir
  86. coredump_dir /var/spool/squid
  87.  
  88. # Add any of your own refresh_pattern entries above these.
  89. refresh_pattern ^ftp:           1440    20%     10080
  90. refresh_pattern ^gopher:        1440    0%      1440
  91. refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
  92. refresh_pattern .               0       20%     4320
  93. request_header_access X-Forwarded-For deny all
  94. request_header_access Via deny all
  95. request_header_access Cache-Control deny all
  96.  
  97. forwarded_for off
  98. visible_hostname home_net