Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib/squid3/negotiate_kerberos_auth -r -s HTTP/server-91-03.mlvz.local@MLVZ.LOCAL
- auth_param negotiate children 200 startup=50 idle=10
- auth_param negotiate keep_alive off
- auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
- auth_param ntlm children 100 startup=20 idle=5
- auth_param ntlm keep_alive off
- auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -P -R -b "dc=mlvz,dc=local" -D beluga@mlvz.local -W /etc/squid3/conf_param_ldappass.txt -f sAMAccountName=%s -h tckem.mlvz.local kem-dc-01.mlvz.local
- auth_param basic children 20
- auth_param basic realm "KOM-AD01-GW10 SQUID Proxy Server Basic authentication!"
- auth_param basic credentialsttl 2 hours
- external_acl_type memberof ttl=3600 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v 3 -P -R -K -b "dc=mlvz,dc=local" -D beluga@mlvz.local -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=Security Groups,DC=mlvz,DC=local))" -h tckem.mlvz.local kem-dc-01.mlvz.local
- acl auth proxy_auth REQUIRED
- acl BlockedURLRegex urlpath_regex -i "/etc/squid3/conf_param_urlregex_blocked.txt"
- acl BlockedAccess external memberof "/etc/squid3/conf_param_groups_blocked.txt"
- acl RestrictedAccess external memberof "/etc/squid3/conf_param_groups_restricted.txt"
- acl StandardAccess external memberof "/etc/squid3/conf_param_groups_standard.txt"
- acl FullAccess external memberof "/etc/squid3/conf_param_groups_full_auth.txt"
- acl AnonymousAccess external memberof "/etc/squid3/conf_param_groups_full_anon.txt"
- acl allowedsites dstdomain "/etc/squid3/conf_param_sites_allowed.txt"
- acl blockedsites dstdomain "/etc/squid3/conf_param_sites_blocked.txt"
- acl prioritysites dstdomain "/etc/squid3/conf_param_sites_priority.txt"
- acl LocalWUServers src "/etc/squid3/conf_param_computers_wsus.txt"
- acl GlobalWUSites dstdomain "/etc/squid3/conf_param_sites_wsus.txt"
- acl localnet src 192.168.91.0/24 # RFC1918 possible internal network
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl CONNECT method CONNECT
- http_access deny BlockedURLRegex
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost manager
- http_access allow localnet manager
- http_access deny manager
- http_access allow GlobalWUSites LocalWUServers
- http_access allow prioritysites localnet
- http_access deny !auth
- http_access deny BlockedAccess all
- http_access allow allowedsites localnet
- http_access deny RestrictedAccess all
- http_access allow AnonymousAccess auth localnet
- http_access allow FullAccess auth localnet
- http_access deny blockedsites
- http_access allow StandardAccess auth localnet
- http_access deny all
- http_port 192.168.91.251:3128
- http_port 127.0.0.1:3128
- hierarchy_stoplist cgi-bin ?
- forward_max_tries 25
- cache_mem 2048 MB
- maximum_object_size_in_memory 2048 KB
- memory_replacement_policy heap GDSF
- cache_replacement_policy heap LFUDA
- cache_dir ufs /mnt/squid-cache/ 7000 16 256
- maximum_object_size 32768 KB
- access_log daemon:/var/log/squid3/access.log squid !AnonymousAccess
- cache_log /var/log/squid3/cache.log
- coredump_dir /var/spool/squid3
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
- refresh_pattern . 0 20% 4320
- cache_mgr LebedevDO@mlvz.net
- httpd_suppress_version_string on
- visible_hostname SQUID-XXX
- error_directory /usr/share/squid3/errors/ru
- error_default_language ru
- dns_v4_first on
- forwarded_for delete
- cachemgr_passwd ### all
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement