Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Do not modify '/var/ipfire/proxy/squid.conf' directly since any changes
- # you make will be overwritten whenever you resave proxy settings using the
- # web interface!
- #
- # Instead, modify the file '/var/ipfire/proxy/advanced/acls/include.acl' and
- # then restart the proxy service using the web interface. Changes made to the
- # 'include.acl' file will propagate to the 'squid.conf' file at that time.
- shutdown_lifetime 5 seconds
- icp_port 0
- httpd_suppress_version_string on
- http_port 192.168.1.1:800
- cache_effective_user squid
- umask 022
- pid_filename /var/run/squid.pid
- cache_mem 128 MB
- error_directory /usr/lib/squid/errors/en
- digest_generation off
- acl SSL_ports port 443 # https
- acl SSL_ports port 563 # snews
- acl Safe_ports port 80 # http
- acl Safe_ports port 21 # ftp
- acl Safe_ports port 443 # https
- acl Safe_ports port 563 # snews
- acl Safe_ports port 70 # gopher
- acl Safe_ports port 210 # wais
- acl Safe_ports port 1025-65535 # unregistered ports
- acl Safe_ports port 280 # http-mgmt
- acl Safe_ports port 488 # gss-http
- acl Safe_ports port 591 # filemaker
- acl Safe_ports port 777 # multiling http
- acl Safe_ports port 800 # Squids port (for icons)
- acl IPFire_ips dst 127.0.0.1
- acl IPFire_http port 81
- acl IPFire_https port 444
- acl IPFire_networks src "/var/ipfire/proxy/advanced/acls/src_subnets.acl"
- acl IPFire_servers dst "/var/ipfire/proxy/advanced/acls/src_subnets.acl"
- acl IPFire_ips dst 192.168.1.1
- acl IPFire_green_network src 192.168.1.0/24
- acl IPFire_green_servers dst 192.168.1.0/24
- acl IPFire_blue_network src 192.168.0.0/24
- acl IPFire_blue_servers dst 192.168.0.0/24
- acl CONNECT method CONNECT
- maximum_object_size_in_memory 2621 KB
- request_body_max_size 0 KB
- access_log /dev/null
- cache_log /dev/null
- cache_store_log none
- log_mime_hdrs off
- forwarded_for off
- via off
- acl within_timeframe time MTWHFAS 00:00-24:00
- #Access to squid:
- #local machine, no restriction
- http_access allow localhost
- #GUI admin if local machine connects
- http_access allow IPFire_ips IPFire_networks IPFire_http
- http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
- #Deny not web services
- http_access deny !Safe_ports
- http_access deny CONNECT !SSL_ports
- #Set custom configured ACLs
- http_access allow IPFire_networks within_timeframe
- http_access deny all
- #Strip HTTP Header
- request_header_access X-Forwarded-For deny all
- reply_header_access X-Forwarded-For deny all
- request_header_access Via deny all
- reply_header_access Via deny all
- visible_hostname ipfire.localdomain
- max_filedescriptors 16384
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement