Advertisement
kirychuk

squid config

Feb 24th, 2020
438
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.91 KB | None | 0 0
  1. acl localnet src 10.3.198.0/24
  2.  
  3. acl SSL_ports port 443
  4. acl Safe_ports port 80 # http
  5. acl Safe_ports port 21 # ftp
  6. acl Safe_ports port 443 # https
  7. acl Safe_ports port 70 # gopher
  8. acl Safe_ports port 210 # wais
  9. acl Safe_ports port 1025-65535 # unregistered ports
  10. acl Safe_ports port 280 # http-mgmt
  11. acl Safe_ports port 488 # gss-http
  12. acl Safe_ports port 591 # filemaker
  13. acl Safe_ports port 777 # multiling http
  14. acl CONNECT method CONNECT
  15.  
  16. acl manager proto cache_object
  17.  
  18. acl whitelist dstdomain "/etc/squid/whitelistssl"
  19. acl blackmails dstdomain "/etc/squid/blackmailssl"
  20.  
  21. http_access deny !Safe_ports
  22. http_access deny CONNECT !SSL_ports
  23.  
  24. http_access allow whitelist
  25. http_access deny blackmails
  26.  
  27. http_access allow manager localhost
  28. http_access allow localnet
  29. http_access allow localhost
  30. http_access deny all
  31.  
  32. dns_v4_first on
  33. dns_nameservers 10.3.198.254 10.3.102.5 10.3.100.5
  34.  
  35. # debug_options ALL,1 26,2 83,2
  36.  
  37. logfile_rotate 31
  38.  
  39. http_port 10.3.198.224:3128
  40. http_port 10.3.198.224:3129 intercept
  41. https_port 10.3.198.224:3130 intercept ssl-bump \
  42. generate-host-certificates=on \
  43. dynamic_cert_mem_cache_size=16MB \
  44. connection-auth=off tls-cert=/etc/squid/squidCA.pem
  45.  
  46. acl step1 at_step SslBump1
  47. acl blackmailssl ssl::server_name "/etc/squid/blackmailssl"
  48.  
  49. sslcrtd_program /usr/lib/squid/security_file_certgen -s /usr/lib/squid/ssl_db -M 8MB
  50.  
  51. ssl_bump peek step1
  52. ssl_bump terminate blackmailssl
  53. ssl_bump splice all
  54.  
  55. cache_dir ufs /var/spool/squid 1024 16 256
  56. maximum_object_size 1 MB
  57.  
  58. coredump_dir /var/spool/squid
  59.  
  60. refresh_pattern ^ftp: 1440 20% 10080
  61. refresh_pattern ^gopher: 1440 0% 1440
  62. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  63. refresh_pattern . 0 20% 4320
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement