API tools faq
paste
Advertisement
Guest User

squid.conf

a guest
Feb 22nd, 2018
61
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.54 KB | None | 0 0
raw download clone embed print report
  1. # This file is automatically generated by pfSense
  2. # Do not edit manually !
  3.  
  4. http_port 10.1.1.2:3128
  5. http_port 127.0.0.1:3128 intercept
  6. icp_port 0
  7. digest_generation off
  8. dns_v4_first off
  9. pid_filename /var/run/squid/squid.pid
  10. cache_effective_user squid
  11. cache_effective_group proxy
  12. error_default_language en
  13. icon_directory /usr/local/etc/squid/icons
  14. visible_hostname PFSENSE
  15. cache_mgr admin@localhost
  16. access_log /var/squid/logs/access.log
  17. cache_log /var/squid/logs/cache.log
  18. cache_store_log none
  19. netdb_filename /var/squid/logs/netdb.state
  20. pinger_enable on
  21. pinger_program /usr/local/libexec/squid/pinger
  22.  
  23. logfile_rotate 7
  24. debug_options rotate=7
  25. shutdown_lifetime 3 seconds
  26. # Allow local network(s) on interface(s)
  27. acl localnet src 10.1.1.0/24
  28. forwarded_for transparent
  29. httpd_suppress_version_string on
  30. uri_whitespace allow
  31.  
  32. refresh_pattern ^http://security\.debian\.org 14400 0% 14400 override-expire store-stale
  33.  
  34. cache_mem 1024 MB
  35. maximum_object_size_in_memory 256 KB
  36. memory_replacement_policy heap GDSF
  37. cache_replacement_policy heap LFUDA
  38. minimum_object_size 0 KB
  39. maximum_object_size 4096 MB
  40. cache_dir ufs /var/squid/cache 20480 16 256
  41. offline_mode on
  42. cache_swap_low 90
  43. cache_swap_high 95
  44. cache allow all
  45. # Add any of your own refresh_pattern entries above these.
  46. refresh_pattern ^ftp: 1440 20% 10080
  47. refresh_pattern ^gopher: 1440 0% 1440
  48. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  49. refresh_pattern . 0 20% 4320
  50.  
  51.  
  52. #Remote proxies
  53.  
  54.  
  55. # Setup some default acls
  56. # ACLs all, manager, localhost, and to_localhost are predefined.
  57. acl allsrc src all
  58. acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3129 1025-65535
  59. acl sslports port 443 563
  60.  
  61. acl purge method PURGE
  62. acl connect method CONNECT
  63.  
  64. # Define protocols used for redirects
  65. acl HTTP proto HTTP
  66. acl HTTPS proto HTTPS
  67. http_access allow manager localhost
  68.  
  69. http_access deny manager
  70. http_access allow purge localhost
  71. http_access deny purge
  72. http_access deny !safeports
  73. http_access deny CONNECT !sslports
  74.  
  75. # Always allow localhost connections
  76. http_access allow localhost
  77.  
  78. quick_abort_min 100 KB
  79. quick_abort_max 100 KB
  80. request_body_max_size 0 KB
  81. delay_pools 1
  82. delay_class 1 2
  83. delay_parameters 1 -1/-1 -1/-1
  84. delay_initial_bucket_level 100
  85. delay_access 1 allow allsrc
  86.  
  87. # Reverse Proxy settings
  88.  
  89.  
  90. # Custom options before auth
  91.  
  92.  
  93. acl sglog url_regex -i sgr=ACCESSDENIED
  94. http_access deny sglog
  95. # Setup allowed ACLs
  96. # Allow local network(s) on interface(s)
  97. http_access allow localnet
  98. # Default block all to be sure
  99. http_access deny allsrc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!