API tools faq
paste
Advertisement
Guest User

squid.conf

a guest
Sep 11th, 2022
43
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.60 KB | None | 0 0
raw download clone embed print report
  1. # Do not modify '/var/ipfire/proxy/squid.conf' directly since any changes
  2. # you make will be overwritten whenever you resave proxy settings using the
  3. # web interface!
  4. #
  5. # Instead, modify the file '/var/ipfire/proxy/advanced/acls/include.acl' and
  6. # then restart the proxy service using the web interface. Changes made to the
  7. # 'include.acl' file will propagate to the 'squid.conf' file at that time.
  8.  
  9. shutdown_lifetime 5 seconds
  10. icp_port 0
  11. httpd_suppress_version_string on
  12.  
  13. http_port 192.168.1.1:800
  14.  
  15.  
  16. cache_effective_user squid
  17. umask 022
  18.  
  19. pid_filename /var/run/squid.pid
  20.  
  21. cache_mem 128 MB
  22. error_directory /usr/lib/squid/errors/en
  23.  
  24. digest_generation off
  25.  
  26. acl SSL_ports port 443 # https
  27. acl SSL_ports port 563 # snews
  28. acl Safe_ports port 80 # http
  29. acl Safe_ports port 21 # ftp
  30. acl Safe_ports port 443 # https
  31. acl Safe_ports port 563 # snews
  32. acl Safe_ports port 70 # gopher
  33. acl Safe_ports port 210 # wais
  34. acl Safe_ports port 1025-65535 # unregistered ports
  35. acl Safe_ports port 280 # http-mgmt
  36. acl Safe_ports port 488 # gss-http
  37. acl Safe_ports port 591 # filemaker
  38. acl Safe_ports port 777 # multiling http
  39. acl Safe_ports port 800 # Squids port (for icons)
  40. acl IPFire_ips dst 127.0.0.1
  41. acl IPFire_http port 81
  42. acl IPFire_https port 444
  43. acl IPFire_networks src "/var/ipfire/proxy/advanced/acls/src_subnets.acl"
  44. acl IPFire_servers dst "/var/ipfire/proxy/advanced/acls/src_subnets.acl"
  45. acl IPFire_ips dst 192.168.1.1
  46. acl IPFire_green_network src 192.168.1.0/24
  47. acl IPFire_green_servers dst 192.168.1.0/24
  48. acl IPFire_blue_network src 192.168.0.0/24
  49. acl IPFire_blue_servers dst 192.168.0.0/24
  50. acl CONNECT method CONNECT
  51. maximum_object_size_in_memory 2621 KB
  52.  
  53. request_body_max_size 0 KB
  54. access_log /dev/null
  55. cache_log /dev/null
  56. cache_store_log none
  57.  
  58. log_mime_hdrs off
  59. forwarded_for off
  60. via off
  61.  
  62. acl within_timeframe time MTWHFAS 00:00-24:00
  63.  
  64.  
  65. #Access to squid:
  66. #local machine, no restriction
  67. http_access allow localhost
  68.  
  69. #GUI admin if local machine connects
  70. http_access allow IPFire_ips IPFire_networks IPFire_http
  71. http_access allow CONNECT IPFire_ips IPFire_networks IPFire_https
  72.  
  73. #Deny not web services
  74. http_access deny !Safe_ports
  75. http_access deny CONNECT !SSL_ports
  76. #Set custom configured ACLs
  77. http_access allow IPFire_networks within_timeframe
  78. http_access deny all
  79.  
  80. #Strip HTTP Header
  81. request_header_access X-Forwarded-For deny all
  82. reply_header_access X-Forwarded-For deny all
  83. request_header_access Via deny all
  84. reply_header_access Via deny all
  85.  
  86. visible_hostname ipfire.localdomain
  87.  
  88.  
  89. max_filedescriptors 16384
  90.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!