Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- emulate_httpd_log on
- auth_param negotiate program /usr/lib64/squid/squid_kerb_auth -s HTTP/192.168.0.5@DOMAIN.LOC
- auth_param negotiate children 20
- auth_param negotiate keep_alive on
- auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -D squidreader@domain.loc -W \
- /etc/squid/adpwd.txt -b "OU=Departments,OU=Myorganization,DC=domain,DC=loc" -f "sAMAccountName=%s" 192.168.0.1
- auth_param basic children 20
- auth_param basic credentialsttl 1 hours
- external_acl_type ldap_users ipv4 ttl=1200 %LOGIN /usr/lib64/squid/squid_ldap_group -S -K -R -b "dc=domain,dc=loc" -f \
- "(&(objectclass=person)(sAMAccountName=%v)(memberOf=CN=%a,OU=Inetserver,OU=System,OU=Myorganization,DC=domain,DC=loc))" \
- -D squidreader@domain.loc -W /etc/squid/adpwd.txt 192.168.0.1
- #:1.2.840.113556.1.4.1941:
- redirect_program /usr/local/rejik3/redirector /usr/local/rejik3/redirector.conf
- url_rewrite_children 6
- cache_dir ufs /var/spool/squid 8192 16 256
- acl manager proto cache_object
- acl localhost src 127.0.0.1/32 ::1
- acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
- acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
- acl SSL_ports port 443 # RFC 4291 link-local (directly plugged) machines
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 1025-65535 # unregistered ports
- acl CONNECT method CONNECT # multiling http
- acl not-in-domain src "/usr/local/squid/acc-list-not_in_domain"
- acl auth proxy_auth REQUIRED
- acl ad-disabled external ldap_users inet_disabled
- acl ad-unlimited external ldap_users inet_unlimited
- acl ad-default external ldap_users inet_default
- acl dc1 src "/usr/local/squid/acc-list-servers"
- acl dc1-sites dstdomain "/usr/local/squid/acc-url-servers"
- acl Myorganization src "/usr/local/squid/acc-list-all"
- acl vip src "/usr/local/squid/acc-list-Pri"
- acl gip src "/usr/local/squid/acc-list-Gip"
- http_access allow manager localhost
- http_access deny manager
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- http_access allow localhost
- http_access allow not-in-domain
- http_access deny ad-disabled
- http_access allow ad-unlimited Myorganization
- http_access allow ad-default Myorganization
- http_access allow vip
- http_access allow gip
- http_access allow Myorganization
- http_access allow dc1 dc1-sites
- #http_access allow auth
- http_access deny all
- http_port 192.168.0.5:3128 transparent
- visible_hostname Inetserver.myorganization.nsk.su
- hierarchy_stoplist cgi-bin ?
- coredump_dir /var/spool/squid
- refresh_pattern ^ftp: 1440 20% 10080
- refresh_pattern ^gopher: 1440 0% 1440
- refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
- refresh_pattern . 0 20% 4320
- cache_effective_user squid
- cache_effective_group squid
- access_log /var/log/squid/access.log
- pid_filename /var/run/squid.pid
- http_reply_access allow all
- #.....
- #debug_options ALL,1 33,2 28,9
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement