Guest User

Untitled

a guest
Nov 4th, 2014
231
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # Recommended minimum configuration:
  3. #
  4. #
  5. #
  6. # Setup NEGOTIATE authentication for Active Directory with Kerberos
  7. #
  8. #auth_param negotiate program /usr/lib64/squid/negotiate_kerb_auth -s HTTP/proxy
  9. #auth_param negotiate children 10
  10. #auth_param negotiate keep_alive on
  11. #
  12. # to see the negotiator log messages in the /var/log/squid/cache.log uncomment
  13. # debug_options 29,9 and pass additional -d parameter to negotiate_kerb_auth
  14. #
  15. #acl auth proxy_auth REQUIRED
  16.  
  17. visible_hostname proxy.ibrltest.ibrl.co.uk
  18.  
  19. # Example rule allowing access from your local networks.
  20. # Adapt to list your (internal) IP networks from where browsing
  21. # should be allowed
  22. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  23. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  24. acl localnet src 192.168.28.0/24
  25. acl localnet src fc00::/7 # RFC 4193 local private network range
  26. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  27.  
  28. acl SSL_ports port 443
  29. acl Safe_ports port 80 # http
  30. acl Safe_ports port 21 # ftp
  31. acl Safe_ports port 443 # https
  32. acl Safe_ports port 70 # gopher
  33. acl Safe_ports port 210 # wais
  34. acl Safe_ports port 1025-65535 # unregistered ports
  35. acl Safe_ports port 280 # http-mgmt
  36. acl Safe_ports port 488 # gss-http
  37. acl Safe_ports port 591 # filemaker
  38. acl Safe_ports port 777 # multiling http
  39. acl CONNECT method CONNECT
  40.  
  41. #
  42. # Recommended minimum Access Permission configuration:
  43. #
  44. # Deny requests to certain unsafe ports
  45. http_access deny !Safe_ports
  46.  
  47. # Deny CONNECT to other than secure SSL ports
  48. http_access deny CONNECT !SSL_ports
  49.  
  50. # Only allow cachemgr access from localhost
  51. http_access allow localhost manager
  52. http_access deny manager
  53.  
  54. # We strongly recommend the following be uncommented to protect innocent
  55. # web applications running on the proxy server who think the only
  56. # one who can access services on "localhost" is a local user
  57. #http_access deny to_localhost
  58.  
  59. #
  60. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  61. #
  62. #http_access deny !auth
  63. #http_access allow auth
  64.  
  65. # Example rule allowing access from your local networks.
  66. # Adapt localnet in the ACL section to list your (internal) IP networks
  67. # from where browsing should be allowed
  68. http_access allow localnet
  69. http_access allow localhost
  70.  
  71. # And finally deny all other access to this proxy
  72. http_access deny all
  73.  
  74. # Squid normally listens to port 3128
  75. http_port 3128
  76.  
  77. # Uncomment and adjust the following to add a disk cache directory.
  78. #cache_dir ufs /var/spool/squid 100 16 256
  79.  
  80. # Leave coredumps in the first cache dir
  81. coredump_dir /var/spool/squid
  82.  
  83. #
  84. # Add any of your own refresh_pattern entries above these.
  85. #
  86. refresh_pattern ^ftp: 1440 20% 10080
  87. refresh_pattern ^gopher: 1440 0% 1440
  88. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  89. refresh_pattern . 0 20% 4320
RAW Paste Data