k3NGuru

squidConfa

Nov 16th, 2015
342
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. auth_param negotiate program /usr/lib/squid3/negotiate_wrapper_auth --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --kerberos /usr/lib/squid3/negotiate_kerberos_auth -r -s HTTP/server-91-03.mlvz.local@MLVZ.LOCAL
  2. auth_param negotiate children 200 startup=50 idle=10
  3. auth_param negotiate keep_alive off
  4. auth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
  5. auth_param ntlm children 100 startup=20 idle=5
  6. auth_param ntlm keep_alive off
  7. auth_param basic program /usr/lib/squid3/basic_ldap_auth -v 3 -P -R -b "dc=mlvz,dc=local" -D beluga@mlvz.local -W /etc/squid3/conf_param_ldappass.txt -f sAMAccountName=%s -h tckem.mlvz.local kem-dc-01.mlvz.local
  8. auth_param basic children 20
  9. auth_param basic realm "KOM-AD01-GW10 SQUID Proxy Server Basic authentication!"
  10. auth_param basic credentialsttl 2 hours
  11. external_acl_type memberof ttl=3600 ipv4 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -v 3 -P -R -K -b "dc=mlvz,dc=local" -D beluga@mlvz.local -W /etc/squid3/conf_param_ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberOf:1.2.840.113556.1.4.1941:=cn=%g,OU=Security Groups,DC=mlvz,DC=local))" -h tckem.mlvz.local kem-dc-01.mlvz.local
  12. acl auth proxy_auth REQUIRED
  13. acl BlockedURLRegex urlpath_regex -i "/etc/squid3/conf_param_urlregex_blocked.txt"
  14. acl BlockedAccess       external memberof "/etc/squid3/conf_param_groups_blocked.txt"
  15. acl RestrictedAccess    external memberof "/etc/squid3/conf_param_groups_restricted.txt"
  16. acl StandardAccess      external memberof "/etc/squid3/conf_param_groups_standard.txt"
  17. acl FullAccess          external memberof "/etc/squid3/conf_param_groups_full_auth.txt"
  18. acl AnonymousAccess     external memberof "/etc/squid3/conf_param_groups_full_anon.txt"
  19. acl allowedsites        dstdomain "/etc/squid3/conf_param_sites_allowed.txt"
  20. acl blockedsites        dstdomain "/etc/squid3/conf_param_sites_blocked.txt"
  21. acl prioritysites       dstdomain "/etc/squid3/conf_param_sites_priority.txt"
  22. acl LocalWUServers    src       "/etc/squid3/conf_param_computers_wsus.txt"
  23. acl GlobalWUSites     dstdomain "/etc/squid3/conf_param_sites_wsus.txt"
  24. acl localnet src 192.168.91.0/24        # RFC1918 possible internal network
  25. acl SSL_ports port 443
  26. acl Safe_ports port 80          # http
  27. acl Safe_ports port 21          # ftp
  28. acl Safe_ports port 443         # https
  29. acl Safe_ports port 70          # gopher
  30. acl Safe_ports port 210         # wais
  31. acl Safe_ports port 1025-65535  # unregistered ports
  32. acl Safe_ports port 280         # http-mgmt
  33. acl Safe_ports port 488         # gss-http
  34. acl Safe_ports port 591         # filemaker
  35. acl Safe_ports port 777         # multiling http
  36. acl CONNECT method CONNECT
  37. http_access deny BlockedURLRegex
  38. http_access deny !Safe_ports
  39. http_access deny CONNECT !SSL_ports
  40. http_access allow localhost manager
  41. http_access allow localnet manager
  42. http_access deny manager
  43. http_access allow GlobalWUSites LocalWUServers
  44. http_access allow prioritysites localnet
  45. http_access deny !auth
  46. http_access deny BlockedAccess all
  47. http_access allow allowedsites localnet
  48. http_access deny RestrictedAccess all
  49. http_access allow AnonymousAccess auth localnet
  50. http_access allow FullAccess auth localnet
  51. http_access deny blockedsites
  52. http_access allow StandardAccess auth localnet
  53. http_access deny all
  54. http_port 192.168.91.251:3128
  55. http_port 127.0.0.1:3128
  56. hierarchy_stoplist cgi-bin ?
  57. forward_max_tries 25
  58. cache_mem 2048 MB
  59. maximum_object_size_in_memory 2048 KB
  60. memory_replacement_policy heap GDSF
  61. cache_replacement_policy heap LFUDA
  62. cache_dir ufs /mnt/squid-cache/ 7000 16 256
  63. maximum_object_size 32768 KB
  64. access_log daemon:/var/log/squid3/access.log squid !AnonymousAccess
  65. cache_log /var/log/squid3/cache.log
  66. coredump_dir /var/spool/squid3
  67. refresh_pattern ^ftp:           1440    20%     10080
  68. refresh_pattern ^gopher:        1440    0%      1440
  69. refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
  70. refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
  71. refresh_pattern .               0       20%     4320
  72. cache_mgr LebedevDO@mlvz.net
  73. httpd_suppress_version_string on
  74. visible_hostname SQUID-XXX
  75. error_directory /usr/share/squid3/errors/ru
  76. error_default_language ru
  77. dns_v4_first on
  78. forwarded_for delete
  79. cachemgr_passwd ### all
RAW Paste Data