SHARE
TWEET

Untitled

a guest Jul 22nd, 2019 72 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # Server
  2. cache_effective_user proxy
  3. cache_effective_group proxy
  4. shutdown_lifetime 1 seconds
  5. coredump_dir /var/spool/squid
  6.  
  7.  
  8. # ACL's
  9. acl SSL_ports port 443
  10. acl SSL_ports port 64000
  11. acl SSL_ports port 64001
  12. acl SSL_ports port 64002
  13. acl SSL_ports port 64003
  14. acl SSL_ports port 64004
  15. acl CONNECT method CONNECT
  16. acl Safe_ports port 21 # ftp
  17. acl Safe_ports port 70 # gopher
  18. acl Safe_ports port 80 # http
  19. acl Safe_ports port 210 # wais
  20. acl Safe_ports port 280 # http-mgmt
  21. acl Safe_ports port 443 # https
  22. acl Safe_ports port 488 # gss-http
  23. acl Safe_ports port 591 # filemaker
  24. acl Safe_ports port 777 # multiling http
  25. acl Safe_ports port 1025-64999 # unregistered ports
  26.  
  27. http_access deny !Safe_ports
  28. http_access deny CONNECT !SSL_ports
  29. http_access deny manager localhost
  30. http_access deny manager
  31. http_access allow localhost
  32. http_access allow all
  33.  
  34.  
  35. # Proxy
  36. # РАБОТАЮТ ОБА ПРАВИЛА
  37. https_port 8.8.8.8:64000 tls-cert=/etc/letsencrypt/.../fullchain.pem tls-key=/etc/letsencrypt/.../privkey.pem tls-dh=/etc/squid/squidCAdh.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE
  38. http_port 10.10.10.10:64001 tls-cert=/etc/squid/squidCA.pem tls-dh=/etc/squid/squidCAdh.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE
  39.  
  40. # НЕ РАБОТАЕТ
  41. https_port 10.10.30.10:64002 tls-cert=/etc/squid/squidCA.pem tls-dh=/etc/squid/squidCAdh.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE
  42.  
  43. # РАБОТАЮТ ОБА ПРАВИЛА
  44. http_port 10.10.30.10:64003 intercept tls-cert=/etc/squid/squidCA.pem tls-dh=/etc/squid/squidCAdh.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE
  45. https_port 10.10.30.10:64004 intercept ssl-bump tls-cert=/etc/squid/squidCA.pem tls-dh=/etc/squid/squidCAdh.pem options=SINGLE_DH_USE,SINGLE_ECDH_USE
  46.  
  47. sslproxy_cert_error allow all
  48. always_direct allow all
  49.  
  50. acl step1 at_step SslBump1
  51. ssl_bump peek step1
  52. ssl_bump bump all
  53.  
  54.  
  55. # Refresh patterns
  56. refresh_pattern ^ftp: 1440 20% 10080
  57. refresh_pattern ^gopher: 1440 0% 1440
  58. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  59. refresh_pattern . 0 20% 4320
  60.  
  61.  
  62. # Cache
  63. cache_mem 2048 MB
  64. maximum_object_size_in_memory 32 MB
  65. memory_replacement_policy heap LFUDA
  66.  
  67. cache_dir rock /var/spool/squid 2048
  68. maximum_object_size 32 MB
  69. cache_replacement_policy heap LFUDA
  70.  
  71. ipcache_size 4096
  72. fqdncache_size 4096
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top