SHARE
TWEET

squidConfa

k3NGuru Nov 16th, 2015 (edited) 168 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib/squid3/negotiate_kerberos_auth -r -s HTTP/server-91-03.mlvz.local@MLVZ.LOCAL
  2. auth_param negotiate children 200 startup=50 idle=10
  3. auth_param negotiate keep_alive off
  4. auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
  5. auth_param ntlm children 100 startup=20 idle=5
  6. auth_param ntlm keep_alive off
  7. auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -P -R -b "dc=mlvz,dc=local" -D beluga@mlvz.local -W /etc/squid3/conf_param_ldappass.txt -f sAMAccountName=%s -h tckem.mlvz.local kem-dc-01.mlvz.local
  8. auth_param basic children 20
  9. auth_param basic realm "KOM-AD01-GW10 SQUID Proxy Server Basic authentication!"
  10. auth_param basic credentialsttl 2 hours
  11. external_acl_type memberof ttl=3600 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v 3 -P -R -K -b "dc=mlvz,dc=local" -D beluga@mlvz.local -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=Security Groups,DC=mlvz,DC=local))" -h tckem.mlvz.local kem-dc-01.mlvz.local
  12. acl auth proxy_auth REQUIRED
  13. acl BlockedURLRegex urlpath_regex -i "/etc/squid3/conf_param_urlregex_blocked.txt"
  14. acl BlockedAccess       external memberof "/etc/squid3/conf_param_groups_blocked.txt"
  15. acl RestrictedAccess    external memberof "/etc/squid3/conf_param_groups_restricted.txt"
  16. acl StandardAccess      external memberof "/etc/squid3/conf_param_groups_standard.txt"
  17. acl FullAccess          external memberof "/etc/squid3/conf_param_groups_full_auth.txt"
  18. acl AnonymousAccess     external memberof "/etc/squid3/conf_param_groups_full_anon.txt"
  19. acl allowedsites        dstdomain "/etc/squid3/conf_param_sites_allowed.txt"
  20. acl blockedsites        dstdomain "/etc/squid3/conf_param_sites_blocked.txt"
  21. acl prioritysites       dstdomain "/etc/squid3/conf_param_sites_priority.txt"
  22. acl LocalWUServers    src       "/etc/squid3/conf_param_computers_wsus.txt"
  23. acl GlobalWUSites     dstdomain "/etc/squid3/conf_param_sites_wsus.txt"
  24. acl localnet src 192.168.91.0/24        # RFC1918 possible internal network
  25. acl SSL_ports port 443
  26. acl Safe_ports port 80          # http
  27. acl Safe_ports port 21          # ftp
  28. acl Safe_ports port 443         # https
  29. acl Safe_ports port 70          # gopher
  30. acl Safe_ports port 210         # wais
  31. acl Safe_ports port 1025-65535  # unregistered ports
  32. acl Safe_ports port 280         # http-mgmt
  33. acl Safe_ports port 488         # gss-http
  34. acl Safe_ports port 591         # filemaker
  35. acl Safe_ports port 777         # multiling http
  36. acl CONNECT method CONNECT
  37. http_access deny BlockedURLRegex
  38. http_access deny !Safe_ports
  39. http_access deny CONNECT !SSL_ports
  40. http_access allow localhost manager
  41. http_access allow localnet manager
  42. http_access deny manager
  43. http_access allow GlobalWUSites LocalWUServers
  44. http_access allow prioritysites localnet
  45. http_access deny !auth
  46. http_access deny BlockedAccess all
  47. http_access allow allowedsites localnet
  48. http_access deny RestrictedAccess all
  49. http_access allow AnonymousAccess auth localnet
  50. http_access allow FullAccess auth localnet
  51. http_access deny blockedsites
  52. http_access allow StandardAccess auth localnet
  53. http_access deny all
  54. http_port 192.168.91.251:3128
  55. http_port 127.0.0.1:3128
  56. hierarchy_stoplist cgi-bin ?
  57. forward_max_tries 25
  58. cache_mem 2048 MB
  59. maximum_object_size_in_memory 2048 KB
  60. memory_replacement_policy heap GDSF
  61. cache_replacement_policy heap LFUDA
  62. cache_dir ufs /mnt/squid-cache/ 7000 16 256
  63. maximum_object_size 32768 KB
  64. access_log daemon:/var/log/squid3/access.log squid !AnonymousAccess
  65. cache_log /var/log/squid3/cache.log
  66. coredump_dir /var/spool/squid3
  67. refresh_pattern ^ftp:           1440    20%     10080
  68. refresh_pattern ^gopher:        1440    0%      1440
  69. refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
  70. refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
  71. refresh_pattern .               0       20%     4320
  72. cache_mgr LebedevDO@mlvz.net
  73. httpd_suppress_version_string on
  74. visible_hostname SQUID-XXX
  75. error_directory /usr/share/squid3/errors/ru
  76. error_default_language ru
  77. dns_v4_first on
  78. forwarded_for delete
  79. cachemgr_passwd ### all
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top