## Recommended minimum configuration:## Example rule allowing access fro

1. #
2. # Recommended minimum configuration:
3. #
4.  
5. # Example rule allowing access from your local networks.
6. # Adapt to list your (internal) IP networks from where browsing
7. # should be allowed
8.  
9. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
10. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
11. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
12. acl localnet src fc00::/7 # RFC 4193 local private network range
13. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
14.  
15.  
16.  
17. acl SSL_ports port 443
18. acl Safe_ports port 80 # http
19. acl Safe_ports port 21 # ftp
20. acl Safe_ports port 443 # https
21. acl Safe_ports port 70 # gopher
22. acl Safe_ports port 210 # wais
23. acl Safe_ports port 1025-65535 # unregistered ports
24. acl Safe_ports port 280 # http-mgmt
25. acl Safe_ports port 488 # gss-http
26. acl Safe_ports port 591 # filemaker
27. acl Safe_ports port 777 # multiling http
28. acl CONNECT method CONNECT
29.  
30. #
31. # Recommended minimum Access Permission configuration:
32. #
33.  
34. # Only allow cachemgr access from localhost
35. http_access allow localhost manager
36. http_access deny manager
37.  
38. # Deny requests to certain unsafe ports
39. http_access deny !Safe_ports
40.  
41. # Deny CONNECT to other than secure SSL ports
42. #http_access deny CONNECT !SSL_ports
43.  
44. # We strongly recommend the following be uncommented to protect innocent
45. # web applications running on the proxy server who think the only
46. # one who can access services on "localhost" is a local user
47. #http_access deny to_localhost
48.  
49. #
50. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
51. #
52.  
53.  
54. # Example rule allowing access from your local networks.
55. # Adapt localnet in the ACL section to list your (internal) IP networks
56. # from where browsing should be allowed
57. # allow all requests
58. acl all src 0.0.0.0/0
59. http_access allow all
60.  
61. # Make sure your custom config is before the "deny all" line
62. #http_access deny all
63.  
64. # Squid normally listens to port 3128
65. http_port 192.168.5.57:3128 name=3128
66. http_port 192.168.8.100:3129 name=3129
67.  
68. acl tasty3128 myportname 3128 src 192.168.0.0/24
69. http_access allow tasty3128
70. tcp_outgoing_address 192.168.5.57 tasty3128
71.  
72. acl tasty3129 myportname 3129 src 192.168.0.0/24
73. http_access allow tasty3129
74. tcp_outgoing_address 192.168.8.100 tasty3129
75.  
76. # Uncomment the line below to enable disk caching - path format is /cygdrive/<full path to cache folder>, i.e.
77. #cache_dir aufs /cygdrive/d/squid/cache 3000 16 256
78.  
79.  
80. # Leave coredumps in the first cache dir
81. coredump_dir /var/cache/squid
82.  
83. # Add any of your own refresh_pattern entries above these.
84. refresh_pattern ^ftp: 1440 20% 10080
85. refresh_pattern ^gopher: 1440 0% 1440
86. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
87. refresh_pattern . 0 20% 4320
88.  
89. dns_nameservers 8.8.8.8 208.67.222.222
90.  
91. max_filedescriptors 3200