API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 22nd, 2021
33
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.09 KB | None | 0 0
raw download clone embed print report
  1. # Recommended minimum configuration:
  2.  
  3. #old_test
  4. #auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -d -s HTTP/squid.ax.loc@AX.LOC
  5. #auth_param negotiate children 20
  6. #auth_param negotiate keep_alive on
  7. #external_acl_type group Internet_Users /usr/lib64/squid/ext_kerberos_ldap_group_acl -a -g proxy_pfsense -D AX.LOC
  8. #auth_param basic program /usr/lib64/squid/basic_ldap_auth -R -b "dc=ax,dc=loc" -D "squid@ax.loc" -w "squid" -f "sAMAccountName=%s" 192.16
  9. #acl sites dstdomain .ubuntu.com
  10. #acl sites dstdomain .mail.ru
  11. #http_access deny sites
  12. #auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "dc=ax,dc=loc" -f "uid=%s" -c 2 -t 2 -h 192.168.0.20:389
  13. #acl ldapusers proxy_auth REQUIRED
  14.  
  15. #Вариант 1
  16. auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -s HTTP/squid.ax.loc
  17. auth_param negotiate children 30
  18. auth_param negotiate keep_alive on
  19. external_acl_type SQUID_BlockedAccess ttl=300 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -a -g SQUID_BlockedAcces
  20. external_acl_type SQUID_FullAccess ttl=300 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -g SQUID_FullAccess@AX.LOC
  21. external_acl_type SQUID_RestrictedAccess ttl=300 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -g SQUID_RestrictedAc
  22. acl SQUID_BlockedAccess external SQUID_BlockedAccess
  23. acl SQUID_FullAccess external SQUID_FullAccess
  24. acl SQUID_RestrictedAccess external SQUID_RestrictedAccess
  25.  
  26. #Вариант №2
  27. #auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -s HTTP/squid.ax.loc
  28. #auth_param negotiate children 30
  29. #auth_param negotiate keep_alive on
  30. #auth_param basic program /usr/lib64/squid/basic_ldap_auth -b "dc=ax,dc=loc" -P -R -D "squid@ax.loc" -w "squid" -f "sAMAccountName=%s" dc-#auth_param basic realm Squid Basic Auth
  31. #auth_param basic children 30
  32. #auth_param basic credentialsttl 8 hours
  33. #acl auth proxy_auth REQUIRED
  34. #external_acl_type kerberos_full_access ttl=900 negative_ttl=900 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -a -g #SQUID_FullAcces#external_acl_type kerberos_restricted_access ttl=900 negative_ttl=900 %LOGIN #/usr/lib64/squid/ext_kerberos_ldap_group_acl -a -g SQUID_Res#external_acl_type kerberos_blocked_access ttl=900 negative_ttl=900 %LOGIN #/usr/lib64/squid/ext_kerberos_ldap_group_acl -a -g SQUID_Blocke#external_acl_type ldap_group ttl=900 %LOGIN #/usr/lib64/squid/ext_ldap_group_acl -b "dc=ax,dc=loc" -P -R -K -D "squid@ax.loc" -w "squid" -#acl kerberos_full_access external #kerberos_full_access
  35. #acl kerberos_restricted_access external kerberos_restricted_access
  36. #acl kerberos_blocked_access external kerberos_blocked_access
  37. #acl SQUID_FullAccess external ldap_group SQUID_FullAccess
  38. #acl SQUID_RestrictedAccess external ldap_group SQUID_RestrictedAccess
  39. #acl SQUID_BlockedAccess external ldap_group SQUID_BlockedAccess
  40.  
  41. # Example rule allowing access from your local networks.
  42. # Adapt to list your (internal) IP networks from where browsing
  43. # should be allowed
  44. #acl localnet src 10.0.0.0/8<--># RFC1918 possible internal network
  45. #acl localnet src 172.16.0.0/12># RFC1918 possible internal network
  46. #acl localnet src 192.168.0.0/16<------># RFC1918 possible internal network
  47. #acl localnet src fc00::/7 # RFC 4193 local private network range
  48. #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  49. acl ax.loc src 192.168.0.0/24
  50.  
  51. acl SSL_ports port 443
  52. acl Safe_ports port 80<><------># http
  53. acl Safe_ports port 21<><------># ftp
  54. acl Safe_ports port 443><------># https
  55. acl Safe_ports port 70<><------># gopher
  56. acl Safe_ports port 210><------># wais
  57. acl Safe_ports port 1025-65535<># unregistered ports
  58. acl Safe_ports port 280><------># http-mgmt
  59. acl Safe_ports port 488><------># gss-http
  60. acl Safe_ports port 591><------># filemaker
  61. acl Safe_ports port 777><------># multiling http
  62. acl CONNECT method CONNECT
  63.  
  64. #
  65. # Recommended minimum Access Permission configuration:
  66. #
  67. # Deny requests to certain unsafe ports
  68. http_access deny !Safe_ports
  69.  
  70. # Deny CONNECT to other than secure SSL ports
  71. http_access deny CONNECT !SSL_ports
  72.  
  73. # Only allow cachemgr access from localhost
  74. http_access allow localhost manager
  75. http_access deny manager
  76.  
  77. # We strongly recommend the following be uncommented to protect innocent
  78. # web applications running on the proxy server who think the only
  79. # one who can access services on "localhost" is a local user
  80. #http_access deny to_localhost
  81.  
  82. #
  83. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  84. #
  85.  
  86. # Example rule allowing access from your local networks.
  87. # Adapt localnet in the ACL section to list your (internal) IP networks
  88. # from where browsing should be allowed
  89.  
  90. #Вариант №1
  91. http_access deny SQUID_BlockedAccess
  92. http_access allow SQUID_FullAccess
  93. http_access deny all
  94.  
  95. #http_access deny squid_deny Time
  96. #http_access allow localnet
  97. #http_access allow localhost
  98. #http_access allow ax.loc
  99. #http_access deny blacklist squid_deny
  100. #http_access allow auth
  101. #http_access deny blacklist SQUID_RestrictedAccess
  102. #http_access deny SQUID_BlockedAccess
  103. #http_access allow SQUID_FullAccess
  104. #http_access deny blacklist SQUID_RestrictedAccess
  105. #http_access deny SQUID_BlockedAccess
  106. #http_access allow blacklist squid_deny
  107.  
  108.  
  109. #Вариант №2
  110. #http_access allow kerberos_full_access
  111. #http_access allow SQUID_FullAccess
  112. #http_access deny kerberos_blocked_access
  113. #http_access deny SQUID_BlockedAccess
  114. #http_access deny kerberos_restricted_access
  115. #http_access deny SQUID_RestrictedAccess
  116. #http_access allow auth
  117.  
  118. # And finally deny all other access to this proxy
  119. #http_access deny all
  120.  
  121. # Squid normally listens to port 3128
  122. http_port 3128
  123.  
  124. # Uncomment and adjust the following to add a disk cache directory.
  125. cache_dir ufs /var/spool/squid 100 16 256
  126.  
  127. # Leave coredumps in the first cache dir
  128. coredump_dir /var/spool/squid
  129.  
  130. #
  131. # Add any of your own refresh_pattern entries above these.
  132. #
  133. refresh_pattern ^ftp:<-><------>1440<-->20%<--->10080
  134. refresh_pattern ^gopher:<------>1440<-->0%<---->1440
  135. refresh_pattern -i (/cgi-bin/|\?) 0<--->0%<---->0
  136. refresh_pattern .<-----><------>0<----->20%<--->4320
  137.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!