## Recommended minimum configuration:## Example rule allowing access fro

1. #
2. # Recommended minimum configuration:
3. #
4.  
5. # Example rule allowing access from your local networks.
6. # Adapt to list your (internal) IP networks from where browsing
7. # should be allowed
8. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
9. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
10. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
11. acl localnet src fc00::/7 # RFC 4193 local private network range
12. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
13.  
14. acl SSL_ports port 443
15. acl Safe_ports port 80 # http
16. acl Safe_ports port 21 # ftp
17. acl Safe_ports port 443 # https
18. acl Safe_ports port 70 # gopher
19. acl Safe_ports port 210 # wais
20. acl Safe_ports port 1025-65535 # unregistered ports
21. acl Safe_ports port 280 # http-mgmt
22. acl Safe_ports port 488 # gss-http
23. acl Safe_ports port 591 # filemaker
24. acl Safe_ports port 777 # multiling http
25. acl CONNECT method CONNECT
26.  
27. #
28. # Recommended minimum Access Permission configuration:
29. #
30. # Deny requests to certain unsafe ports
31. http_access deny !Safe_ports
32.  
33. # Deny CONNECT to other than secure SSL ports
34. http_access deny CONNECT !SSL_ports
35.  
36. # Only allow cachemgr access from localhost
37. http_access allow localhost manager
38. http_access deny manager
39.  
40. # We strongly recommend the following be uncommented to protect innocent
41. # web applications running on the proxy server who think the only
42. # one who can access services on "localhost" is a local user
43. #http_access deny to_localhost
44. http_access deny to_localhost
45.  
46. #
47. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
48. #
49.  
50. ###############################################################################
51. # Aqui inician mis reglas
52.  
53. #################################
54. ##### Mis listas #####
55. #################################
56.  
57. # BLOQUEO ALGUNOS SITIOS
58. #
59. # Declaro los lugares
60. acl deny_sites url_regex -i "/usr/local/etc/squid/deny_sites.lst"
61.  
62. # Excluir cacheo para algunos sitios
63. acl NO-CACHE-SITES dstdomain "/usr/local/etc/squid/no-cache-sites.lst"
64. no_cache deny NO-CACHE-SITES
65.  
66. #################################
67. ##### Permisos a mis listas #####
68. #################################
69.  
70. # BLOQUEO ALGUNOS SITIOS
71. #http_access deny deny_sites
72. #deny_info http://my.cutekittens.com/mensajes/mensaje.html deny_sites
73.  
74. # Aqui terminan mis reglas
75. ###############################################################################
76.  
77. # Example rule allowing access from your local networks.
78. # Adapt localnet in the ACL section to list your (internal) IP networks
79. # from where browsing should be allowed
80. http_access allow localnet
81. http_access allow localhost
82.  
83. # And finally deny all other access to this proxy
84. http_access deny all
85.  
86. # Squid normally listens to port 3128
87. http_port 127.0.0.1:3128
88. http_port 172.16.1.1:3128
89. http_port [::1]:3128
90. http_port [fc00::1:1]:3128
91. #
92. # Intercept HTTPS CONNECT messages with SSL-Bump
93. #
94. http_port 172.16.1.1:3129 ssl-bump intercept \
95. cert=/usr/local/etc/squid/ssl_cert/myCA.pem \
96. generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
97. dhparams=/usr/local/etc/squid/ssl_cert/dhparam.pem
98. #
99. http_port [fc00::1:1]:3129 ssl-bump intercept \
100. cert=/usr/local/etc/squid/ssl_cert/myCA.pem \
101. generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
102. dhparams=/usr/local/etc/squid/ssl_cert/dhparam.pem
103. #
104. https_port 172.16.1.1:3130 ssl-bump intercept \
105. cert=/usr/local/etc/squid/ssl_cert/myCA.pem \
106. generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
107. dhparams=/usr/local/etc/squid/ssl_cert/dhparam.pem
108. #
109. https_port [fc00::1:1]:3130 ssl-bump intercept \
110. cert=/usr/local/etc/squid/ssl_cert/myCA.pem \
111. generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
112. dhparams=/usr/local/etc/squid/ssl_cert/dhparam.pem
113.  
114. sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /usr/local/etc/squid/ssl_db -M 4MB
115. #
116. acl step1 at_step SslBump1
117. #
118. ssl_bump peek step1
119. ssl_bump stare all
120. ssl_bump bump all
121.  
122. always_direct allow all
123. #
124. sslproxy_cert_error allow all
125. sslproxy_flags DONT_VERIFY_PEER
126.  
127. tcp_outgoing_address 181.143.98.123
128. tcp_outgoing_address 2800:e7:a8:6123::3
129.  
130. # Uncomment and adjust the following to add a disk cache directory.
131. #cache_dir ufs /var/squid/cache 100 16 256
132. cache_dir ufs /var/squid/cache 1000 16 256
133.  
134. # Leave coredumps in the first cache dir
135. coredump_dir /var/squid/cache
136.  
137. #
138. # Add any of your own refresh_pattern entries above these.
139. #
140. refresh_pattern ^ftp: 1440 20% 10080
141. refresh_pattern ^gopher: 1440 0% 1440
142. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
143. refresh_pattern . 0 20% 4320
144.  
145. access_log daemon:/var/log/squid/access.log squid
146. visible_hostname my.cutekittens.com
147. cache_mgr support@cutekittens.com