Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- squid start/running, process 3689
- user@user-desktop:~$ sudo service squid start
- squid start/running, process 3721
- user@user-desktop:~$ sudo grep group /etc/squid/squid.conf
- # acl aclname urlgroup group1 ...
- # # match against the urlgroup as indicated by redirectors
- # urlgroup= Default urlgroup to mark requests with (see
- # also acl urlgroup and url_rewrite_program)
- # Only useful when sending to a multicast group.
- # hosts, you must configure other group members as
- # is a member of a multicast group. ICP queries will
- # Squid that ALL members of this multicast group have
- # to a multicast group when the requested object would
- # multicast group.
- # use 'login=user:password' if this is a personal/workgroup
- # URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup
- # URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup
- # It can also return a "urlgroup" that can subsequently be matched
- # in cache_peer_access and similar ACL driven rules. An urlgroup is
- # returned by prefixing the returned URL with "!urlgroup!".
- # location URL <SP> requested URL <SP> urlgroup <NL>
- # cache_effective_group, Squid sets the GID to the effective
- # user's default group ID (taken from the password file) and
- # supplementary group list from the from groups membership of
- # TAG: cache_effective_group
- # the group memberships of the effective user then set this
- # to the group (or GID) you want Squid to run as. When set
- # all other group privileges of the effective user is ignored
- # group.
- # TAG: mcast_groups
- # This tag specifies a list of multicast groups which your server
- # receive replies from multicast group members.
- # is already in use by another group of caches.
- # Usage: mcast_groups 239.128.16.128 224.0.1.20
- # By default, Squid doesn't listen on any multicast groups.
- user@user-desktop:~$ sudo grep user /etc/squid/squid.conf
- # reads a line containing "username password" and replies "OK" or
- # the basic proxy authentication scheme (part of the text the user
- # will see when prompted their username and password).
- # username:password pair is valid for - in other words how often the
- # helper program is called for that user. Set this low to force
- # also use the max_user_ip ACL in an http_access rule.
- # Specifies if usernames are case sensitive. Most user databases are
- # case insensitive allowing the same username to be spelled using both
- # makes a big difference for user_max_ip ACL processing and similar.
- # reads a line containing "username":"realm" and replies with the
- # appropriate H(A1) value hex encoded or ERR if the user (or his H(A1)
- # digest proxy authentication scheme (part of the text the user will see
- # when prompted their username and password).
- # counts, or just incrementing (off - for use when useragents generate
- # The time period between garbage collection across the username cache.
- # The time a user & their credentials stay in the logged in user cache
- # since their last request. When the garbage interval passes, all user
- # If you use proxy authentication and the 'max_user_ip' ACL, this
- # associated with each user. Use a small value (e.g., 60 seconds) if
- # your users might change addresses quickly, as is the case with
- # %LOGIN Authenticated user login name
- # %IDENT Ident user name
- # user= The users name (login also understood)
- # password= The users password (for PROXYPASS login= cache_peer)
- # acl aclname ident username ...
- # acl aclname proxy_auth [-i] username ...
- # # list of valid usernames
- # # use REQUIRED to accept any valid username.
- # # needed during ACL checking the username is NOT logged
- # # to check username/password combinations (see
- # acl aclname max_user_ip [-s] number
- # # This will be matched when the user attempts to log in from more
- # # -s Squid will just annoy the user by "randomly" denying requests.
- # # going through proxy farms, so a limit of 1 may cause user problems.
- # acl aclname user_cert attribute values...
- # # match against attributes in a user SSL certificate
- # # match against attributes a users issuing CA SSL certificate
- # acl aclname ext_user username ...
- # acl aclname ext_user_regex [-i] pattern ...
- # # string match on username returned by external acl helper
- # # use REQUIRED to accept any non-null user name.
- # one who can access services on "localhost" is a local user
- # for your main multi-user Unix boxes, but not for your Macs
- # It can be used to prevent users from downloading very large files,
- # user receives an error message that says "the request or reply
- # ip's having multiple users.
- # connections with, based on the username or source address
- # based on the username or source address of the user making
- # login=user:password | PASS | *:password
- # userhash
- # use 'login=user:password' if this is a personal/workgroup
- # use 'login=PASS' if users must authenticate against
- # the users credentials as they are to the peer.
- # share the same user database as HTTP only allows for
- # Also be warned this will expose your users proxy
- # use 'login=*:password' to pass the username to the
- # domain, but it is still needed to identify each user.
- # information which is added to the username. This can
- # the login=username:password option above.
- # use 'userhash' to load-balance amongst a set of parents
- # based on the client proxy_auth or ident username.
- # available in /etc/ssl and users can set:
- # authpriv, daemon, local0 .. local7 or user.
- # TAG: useragent_log
- # to the filename specified here. By default useragent_log
- # logging. This protects your user's privacy.
- # TAG: ftp_user
- # reasonable for your domain, like wwwuser@somewhere.net
- # request can be made on the behalf of a user in any domain,
- # ftp_user Squid@
- # URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup
- # URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup
- # users may have access to pages they should not
- # caches. Impatient users may tie up file descriptors and
- # When the user aborts a request, Squid will check the
- # A user who attempts to send a request with a body larger
- # (~10% in my experience), but allows users to actually get
- # cannot tell if the user is using 5.5 or 5.5SP1, the behavior
- # some fixed string. This replaces the old fake_user_agent
- # users, you might be susceptible to denial-of-service by having
- # TAG: cache_effective_user
- # UID/GID to the user specified below. The default is to change
- # to UID to proxy. If you define cache_effective_user, but not
- # user's default group ID (taken from the password file) and
- # cache_effective_user.
- # cache_effective_user proxy
- # the group memberships of the effective user then set this
- # all other group privileges of the effective user is ignored
- # root the user starting Squid must be member of the specified
- # According to some users, Cisco IOS 11.2 and earlier only
- # deny: The request is denied. The user receives an "Invalid
- # found not to preserve user session state across requests
- user@user-desktop:~$ sudo grep group /etc/squid/squid.conf
- # acl aclname urlgroup group1 ...
- # # match against the urlgroup as indicated by redirectors
- # urlgroup= Default urlgroup to mark requests with (see
- # also acl urlgroup and url_rewrite_program)
- # Only useful when sending to a multicast group.
- # hosts, you must configure other group members as
- # is a member of a multicast group. ICP queries will
- # Squid that ALL members of this multicast group have
- # to a multicast group when the requested object would
- # multicast group.
- # use 'login=user:password' if this is a personal/workgroup
- # URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup
- # URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup
- # It can also return a "urlgroup" that can subsequently be matched
- # in cache_peer_access and similar ACL driven rules. An urlgroup is
- # returned by prefixing the returned URL with "!urlgroup!".
- # location URL <SP> requested URL <SP> urlgroup <NL>
- # cache_effective_group, Squid sets the GID to the effective
- # user's default group ID (taken from the password file) and
- # supplementary group list from the from groups membership of
- # TAG: cache_effective_group
- # the group memberships of the effective user then set this
- # to the group (or GID) you want Squid to run as. When set
- # all other group privileges of the effective user is ignored
- # group.
- # TAG: mcast_groups
- # This tag specifies a list of multicast groups which your server
- # receive replies from multicast group members.
- # is already in use by another group of caches.
- # Usage: mcast_groups 239.128.16.128 224.0.1.20
- # By default, Squid doesn't listen on any multicast groups.
- user@user-desktop:~$ user@user-desktop:~$ sudo grep group /etc/squid/squid.conf
- user@user-desktop:~$: command not found
- user@user-desktop:~$ # acl aclname urlgroup group1 ...
- user@user-desktop:~$ # # match against the urlgroup as indicated by redirectors
- user@user-desktop:~$ ^C
- user@user-desktop:~$
- user@user-desktop:~$ sudo grep user /etc/squid/squid.conf
- # reads a line containing "username password" and replies "OK" or
- # the basic proxy authentication scheme (part of the text the user
- # will see when prompted their username and password).
- # username:password pair is valid for - in other words how often the
- # helper program is called for that user. Set this low to force
- # also use the max_user_ip ACL in an http_access rule.
- # Specifies if usernames are case sensitive. Most user databases are
- # case insensitive allowing the same username to be spelled using both
- # makes a big difference for user_max_ip ACL processing and similar.
- # reads a line containing "username":"realm" and replies with the
- # appropriate H(A1) value hex encoded or ERR if the user (or his H(A1)
- # digest proxy authentication scheme (part of the text the user will see
- # when prompted their username and password).
- # counts, or just incrementing (off - for use when useragents generate
- # The time period between garbage collection across the username cache.
- # The time a user & their credentials stay in the logged in user cache
- # since their last request. When the garbage interval passes, all user
- # If you use proxy authentication and the 'max_user_ip' ACL, this
- # associated with each user. Use a small value (e.g., 60 seconds) if
- # your users might change addresses quickly, as is the case with
- # %LOGIN Authenticated user login name
- # %IDENT Ident user name
- # user= The users name (login also understood)
- # password= The users password (for PROXYPASS login= cache_peer)
- # acl aclname ident username ...
- # acl aclname proxy_auth [-i] username ...
- # # list of valid usernames
- # # use REQUIRED to accept any valid username.
- # # needed during ACL checking the username is NOT logged
- # # to check username/password combinations (see
- # acl aclname max_user_ip [-s] number
- # # This will be matched when the user attempts to log in from more
- # # -s Squid will just annoy the user by "randomly" denying requests.
- # # going through proxy farms, so a limit of 1 may cause user problems.
- # acl aclname user_cert attribute values...
- # # match against attributes in a user SSL certificate
- # # match against attributes a users issuing CA SSL certificate
- # acl aclname ext_user username ...
- # acl aclname ext_user_regex [-i] pattern ...
- # # string match on username returned by external acl helper
- # # use REQUIRED to accept any non-null user name.
- # one who can access services on "localhost" is a local user
- # for your main multi-user Unix boxes, but not for your Macs
- # It can be used to prevent users from downloading very large files,
- # user receives an error message that says "the request or reply
- # ip's having multiple users.
- # connections with, based on the username or source address
- # based on the username or source address of the user making
- # login=user:password | PASS | *:password
- # userhash
- # use 'login=user:password' if this is a personal/workgroup
- # use 'login=PASS' if users must authenticate against
- # the users credentials as they are to the peer.
- # share the same user database as HTTP only allows for
- # Also be warned this will expose your users proxy
- # use 'login=*:password' to pass the username to the
- # domain, but it is still needed to identify each user.
- # information which is added to the username. This can
- # the login=username:password option above.
- # use 'userhash' to load-balance amongst a set of parents
- # based on the client proxy_auth or ident username.
- # available in /etc/ssl and users can set:
- # authpriv, daemon, local0 .. local7 or user.
- # TAG: useragent_log
- # to the filename specified here. By default useragent_log
- # logging. This protects your user's privacy.
- # TAG: ftp_user
- # reasonable for your domain, like wwwuser@somewhere.net
- # request can be made on the behalf of a user in any domain,
- # ftp_user Squid@
- # URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup
- # URL <SP> client_ip "/" fqdn <SP> user <SP> method <SP> urlgroup
- # users may have access to pages they should not
- # caches. Impatient users may tie up file descriptors and
- # When the user aborts a request, Squid will check the
- # A user who attempts to send a request with a body larger
- # (~10% in my experience), but allows users to actually get
- # cannot tell if the user is using 5.5 or 5.5SP1, the behavior
- # some fixed string. This replaces the old fake_user_agent
- # users, you might be susceptible to denial-of-service by having
- # TAG: cache_effective_user
- # UID/GID to the user specified below. The default is to change
- # to UID to proxy. If you define cache_effective_user, but not
- # user's default group ID (taken from the password file) and
- # cache_effective_user.
- # cache_effective_user proxy
- # the group memberships of the effective user then set this
- # all other group privileges of the effective user is ignored
- # root the user starting Squid must be member of the specified
- # According to some users, Cisco IOS 11.2 and earlier only
- # deny: The request is denied. The user receives an "Invalid
- # found not to preserve user session state across requests
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement