SHARE
TWEET

Untitled

a guest Oct 30th, 2014 39 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. emulate_httpd_log on
  2.  
  3. auth_param negotiate program /usr/lib64/squid/squid_kerb_auth -s HTTP/192.168.0.5@DOMAIN.LOC
  4. auth_param negotiate children 20
  5. auth_param negotiate keep_alive on
  6.  
  7. auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -D squidreader@domain.loc -W \
  8. /etc/squid/adpwd.txt -b "OU=Departments,OU=Myorganization,DC=domain,DC=loc" -f "sAMAccountName=%s" 192.168.0.1
  9. auth_param basic children 20
  10. auth_param basic credentialsttl 1 hours
  11.  
  12. external_acl_type ldap_users ipv4 ttl=1200 %LOGIN /usr/lib64/squid/squid_ldap_group -S -K -R -b "dc=domain,dc=loc" -f \
  13. "(&(objectclass=person)(sAMAccountName=%v)(memberOf=CN=%a,OU=Inetserver,OU=System,OU=Myorganization,DC=domain,DC=loc))" \
  14. -D squidreader@domain.loc -W /etc/squid/adpwd.txt 192.168.0.1
  15. #:1.2.840.113556.1.4.1941:
  16.  
  17. redirect_program /usr/local/rejik3/redirector /usr/local/rejik3/redirector.conf
  18. url_rewrite_children 6
  19. cache_dir ufs /var/spool/squid 8192 16 256
  20.  
  21. acl manager proto cache_object
  22. acl localhost src 127.0.0.1/32 ::1
  23. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
  24. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  25.  
  26. acl SSL_ports port 443 # RFC 4291 link-local (directly plugged) machines
  27. acl Safe_ports port 80 # http
  28. acl Safe_ports port 21 # ftp
  29. acl Safe_ports port 443 # https
  30. acl Safe_ports port 1025-65535 # unregistered ports
  31.  
  32. acl CONNECT method CONNECT # multiling http
  33.  
  34. acl not-in-domain src "/usr/local/squid/acc-list-not_in_domain"
  35. acl auth proxy_auth REQUIRED
  36. acl ad-disabled external ldap_users inet_disabled
  37. acl ad-unlimited external ldap_users inet_unlimited
  38. acl ad-default external ldap_users inet_default
  39. acl dc1 src "/usr/local/squid/acc-list-servers"
  40. acl dc1-sites dstdomain "/usr/local/squid/acc-url-servers"
  41. acl Myorganization src "/usr/local/squid/acc-list-all"
  42. acl vip src "/usr/local/squid/acc-list-Pri"
  43. acl gip src "/usr/local/squid/acc-list-Gip"
  44.  
  45. http_access allow manager localhost
  46. http_access deny manager
  47. http_access deny !Safe_ports
  48. http_access deny CONNECT !SSL_ports
  49. http_access allow localhost
  50.  
  51. http_access allow not-in-domain
  52. http_access deny  ad-disabled
  53. http_access allow ad-unlimited Myorganization
  54. http_access allow ad-default Myorganization
  55. http_access allow vip
  56. http_access allow gip
  57. http_access allow Myorganization
  58. http_access allow dc1 dc1-sites
  59. #http_access allow auth
  60.  
  61. http_access deny all
  62.  
  63. http_port 192.168.0.5:3128 transparent
  64. visible_hostname Inetserver.myorganization.nsk.su
  65. hierarchy_stoplist cgi-bin ?
  66. coredump_dir /var/spool/squid
  67.  
  68. refresh_pattern ^ftp:           1440    20%     10080
  69. refresh_pattern ^gopher:        1440    0%      1440
  70. refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
  71. refresh_pattern .               0       20%     4320
  72. cache_effective_user squid
  73. cache_effective_group squid
  74. access_log /var/log/squid/access.log
  75.  
  76. pid_filename /var/run/squid.pid
  77.  
  78. http_reply_access allow all
  79.  
  80. #.....
  81.  
  82. #debug_options ALL,1 33,2 28,9
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top