Guest User

squid peek&splice config

a guest
Sep 23rd, 2015
303
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. acl localnet src 192.168.15.0/24
  2. acl trustedman src 192.168.15.1
  3.  
  4. acl SSL_ports port 443
  5. acl Safe_ports port 80 # http
  6. acl Safe_ports port 21 # ftp
  7. acl Safe_ports port 443 # https
  8. acl Safe_ports port 70 # gopher
  9. acl Safe_ports port 210 # wais
  10. acl Safe_ports port 1025-65535 # unregistered ports
  11. acl Safe_ports port 280 # http-mgmt
  12. acl Safe_ports port 488 # gss-http
  13. acl Safe_ports port 591 # filemaker
  14. acl Safe_ports port 777 # multiling http
  15. acl CONNECT method CONNECT
  16.  
  17. http_access deny !Safe_ports
  18. http_access deny CONNECT !SSL_ports
  19. http_access allow localhost manager
  20. http_access deny manager
  21.  
  22. http_port 192.168.15.237:3128 transparent
  23. acl blacklist url_regex -i "/etc/squid/blacklist"
  24.  
  25. http_access deny blacklist localnet
  26. http_access allow localnet
  27.  
  28. https_port 192.168.15.237:3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=/etc/squid/squidCA.pem
  29.  
  30. always_direct allow all
  31. sslproxy_cert_error allow all
  32. sslproxy_flags DONT_VERIFY_PEER
  33.  
  34. acl blocked ssl::server_name .vk.com .google.ru .google.com
  35. acl step1 at_step SslBump1
  36. ssl_bump peek step1
  37. ssl_bump terminate blocked !trustedman
  38. ssl_bump splice all
  39.  
  40. sslcrtd_program /usr/lib/squid/ssl_crtd -s /var/lib/ssl_db -M 4MB
  41.  
  42. coredump_dir /var/spool/squid
  43. refresh_pattern ^ftp: 1440 20% 10080
  44. refresh_pattern ^gopher: 1440 0% 1440
  45. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  46. refresh_pattern . 0 20% 4320
RAW Paste Data