squid.conf

1. #
2. # Recommended minimum configuration:
3. #
4. acl manager proto cache_object
5. acl localhost src 127.0.0.1/32 ::1
6. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
7.  
8. # Example rule allowing access from your local networks.
9. # Adapt to list your (internal) IP networks from where browsing
10. # should be allowed
11. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
12. acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
13. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
14. acl localnet src fc00::/7       # RFC 4193 local private network range
15. acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
16.  
17. acl SSL_ports port 443
18. acl Safe_ports port 80      # http
19. acl Safe_ports port 21      # ftp
20. acl Safe_ports port 443     # https
21. acl Safe_ports port 70      # gopher
22. acl Safe_ports port 210     # wais
23. acl Safe_ports port 1025-65535  # unregistered ports
24. acl Safe_ports port 280     # http-mgmt
25. acl Safe_ports port 488     # gss-http
26. acl Safe_ports port 591     # filemaker
27. acl Safe_ports port 777     # multiling http
28. acl CONNECT method CONNECT
29.  
30. acl lan src 10.0.0.0/24
31.  
32. #acl blocked sites
33. acl block_keywords url_regex "/etc/squid/blocked_keywords.txt"
34. acl blocksites dstdomain "/etc/squid/blockedsites.squid"
35. http_access allow localhost
36. #
37. # Recommended minimum Access Permission configuration:
38. #
39. # Only allow cachemgr access from localhost
40. http_access allow manager localhost
41.  
42. #Deny access to blocked sites
43. http_access deny blocksites
44. http_access deny block_keywords
45.  
46. http_access deny manager
47.  
48. # Deny requests to certain unsafe ports
49. http_access deny !Safe_ports
50.  
51. # Deny CONNECT to other than secure SSL ports
52. http_access deny CONNECT !SSL_ports
53.  
54. # We strongly recommend the following be uncommented to protect innocent
55. # web applications running on the proxy server who think the only
56. # one who can access services on "localhost" is a local user
57. #http_access deny to_localhost
58.  
59. #
60. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
61. #
62.  
63. # Example rule allowing access from your local networks.
64. # Adapt localnet in the ACL section to list your (internal) IP networks
65. # from where browsing should be allowed
66. http_access allow localnet
67. http_access allow localhost
68. http_access allow lan
69.  
70. # And finally deny all other access to this proxy
71. http_access deny all
72.  
73. # Squid normally listens to port 3128
74. http_port 8080
75. http_port 443
76.  
77. # Uncomment and adjust the following to add a disk cache directory.
78. #cache_dir ufs /var/spool/squid 100 16 256
79.  
80. # Leave coredumps in the first cache dir
81. coredump_dir /var/spool/squid
82.  
83. # Add any of your own refresh_pattern entries above these.
84. refresh_pattern ^ftp:       1440    20% 10080
85. refresh_pattern ^gopher:    1440    0%  1440
86. refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
87. refresh_pattern .       0   20% 4320
88.  
89. request_header_access Referer deny all
90. request_header_access X-Forwarded-For deny all
91. request_header_access Via deny all
92. request_header_access Cache-Control deny all
93.  
94. #define hostname
95. visible_hostname prox.srv-gruppe7.world
96.  
97. #not display ip
98. forwarded_for off