Advertisement
Guest User

Untitled

a guest
Oct 30th, 2014
188
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. emulate_httpd_log on
  2.  
  3. auth_param negotiate program /usr/lib64/squid/squid_kerb_auth -s HTTP/192.168.0.5@DOMAIN.LOC
  4. auth_param negotiate children 20
  5. auth_param negotiate keep_alive on
  6.  
  7. auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -D squidreader@domain.loc -W \
  8. /etc/squid/adpwd.txt -b "OU=Departments,OU=Myorganization,DC=domain,DC=loc" -f "sAMAccountName=%s" 192.168.0.1
  9. auth_param basic children 20
  10. auth_param basic credentialsttl 1 hours
  11.  
  12. external_acl_type ldap_users ipv4 ttl=1200 %LOGIN /usr/lib64/squid/squid_ldap_group -S -K -R -b "dc=domain,dc=loc" -f \
  13. "(&(objectclass=person)(sAMAccountName=%v)(memberOf=CN=%a,OU=Inetserver,OU=System,OU=Myorganization,DC=domain,DC=loc))" \
  14. -D squidreader@domain.loc -W /etc/squid/adpwd.txt 192.168.0.1
  15. #:1.2.840.113556.1.4.1941:
  16.  
  17. redirect_program /usr/local/rejik3/redirector /usr/local/rejik3/redirector.conf
  18. url_rewrite_children 6
  19. cache_dir ufs /var/spool/squid 8192 16 256
  20.  
  21. acl manager proto cache_object
  22. acl localhost src 127.0.0.1/32 ::1
  23. acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
  24. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  25.  
  26. acl SSL_ports port 443 # RFC 4291 link-local (directly plugged) machines
  27. acl Safe_ports port 80 # http
  28. acl Safe_ports port 21 # ftp
  29. acl Safe_ports port 443 # https
  30. acl Safe_ports port 1025-65535 # unregistered ports
  31.  
  32. acl CONNECT method CONNECT # multiling http
  33.  
  34. acl not-in-domain src "/usr/local/squid/acc-list-not_in_domain"
  35. acl auth proxy_auth REQUIRED
  36. acl ad-disabled external ldap_users inet_disabled
  37. acl ad-unlimited external ldap_users inet_unlimited
  38. acl ad-default external ldap_users inet_default
  39. acl dc1 src "/usr/local/squid/acc-list-servers"
  40. acl dc1-sites dstdomain "/usr/local/squid/acc-url-servers"
  41. acl Myorganization src "/usr/local/squid/acc-list-all"
  42. acl vip src "/usr/local/squid/acc-list-Pri"
  43. acl gip src "/usr/local/squid/acc-list-Gip"
  44.  
  45. http_access allow manager localhost
  46. http_access deny manager
  47. http_access deny !Safe_ports
  48. http_access deny CONNECT !SSL_ports
  49. http_access allow localhost
  50.  
  51. http_access allow not-in-domain
  52. http_access deny  ad-disabled
  53. http_access allow ad-unlimited Myorganization
  54. http_access allow ad-default Myorganization
  55. http_access allow vip
  56. http_access allow gip
  57. http_access allow Myorganization
  58. http_access allow dc1 dc1-sites
  59. #http_access allow auth
  60.  
  61. http_access deny all
  62.  
  63. http_port 192.168.0.5:3128 transparent
  64. visible_hostname Inetserver.myorganization.nsk.su
  65. hierarchy_stoplist cgi-bin ?
  66. coredump_dir /var/spool/squid
  67.  
  68. refresh_pattern ^ftp:       1440    20% 10080
  69. refresh_pattern ^gopher:    1440    0%  1440
  70. refresh_pattern -i (/cgi-bin/|\?) 0 0%  0
  71. refresh_pattern .       0   20% 4320
  72. cache_effective_user squid
  73. cache_effective_group squid
  74. access_log /var/log/squid/access.log
  75.  
  76. pid_filename /var/run/squid.pid
  77.  
  78. http_reply_access allow all
  79.  
  80. #.....
  81.  
  82. #debug_options ALL,1 33,2 28,9
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement