SHARE
TWEET

Untitled

AngelVG Jul 11th, 2018 273 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #
  2. # Recommended minimum configuration:
  3. #
  4.  
  5. # Example rule allowing access from your local networks.
  6. # Adapt to list your (internal) IP networks from where browsing
  7. # should be allowed
  8. acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
  9. acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
  10. acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
  11. acl localnet src fc00::/7       # RFC 4193 local private network range
  12. acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
  13.  
  14. acl SSL_ports port 443
  15. acl Safe_ports port 80          # http
  16. acl Safe_ports port 21          # ftp
  17. acl Safe_ports port 443         # https
  18. acl Safe_ports port 70          # gopher
  19. acl Safe_ports port 210         # wais
  20. acl Safe_ports port 1025-65535  # unregistered ports
  21. acl Safe_ports port 280         # http-mgmt
  22. acl Safe_ports port 488         # gss-http
  23. acl Safe_ports port 591         # filemaker
  24. acl Safe_ports port 777         # multiling http
  25. acl CONNECT method CONNECT
  26.  
  27. #
  28. # Recommended minimum Access Permission configuration:
  29. #
  30. # Deny requests to certain unsafe ports
  31. http_access deny !Safe_ports
  32.  
  33. # Deny CONNECT to other than secure SSL ports
  34. http_access deny CONNECT !SSL_ports
  35.  
  36. # Only allow cachemgr access from localhost
  37. http_access allow localhost manager
  38. http_access deny manager
  39.  
  40. # We strongly recommend the following be uncommented to protect innocent
  41. # web applications running on the proxy server who think the only
  42. # one who can access services on "localhost" is a local user
  43. #http_access deny to_localhost
  44. http_access deny to_localhost
  45.  
  46. #
  47. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  48. #
  49.  
  50. ###############################################################################
  51. # Aqui inician mis reglas
  52.  
  53. #################################
  54. ##### Mis listas            #####
  55. #################################
  56.  
  57. # BLOQUEO ALGUNOS SITIOS
  58. #
  59. # Declaro los lugares
  60. acl deny_sites url_regex -i "/usr/local/etc/squid/deny_sites.lst"
  61.  
  62. # Excluir cacheo para algunos sitios
  63. acl NO-CACHE-SITES dstdomain "/usr/local/etc/squid/no-cache-sites.lst"
  64. no_cache deny NO-CACHE-SITES
  65.  
  66. #################################
  67. ##### Permisos a mis listas #####
  68. #################################
  69.  
  70. # BLOQUEO ALGUNOS SITIOS
  71. #http_access deny deny_sites
  72. #deny_info http://my.cutekittens.com/mensajes/mensaje.html deny_sites
  73.  
  74. # Aqui terminan mis reglas
  75. ###############################################################################
  76.  
  77. # Example rule allowing access from your local networks.
  78. # Adapt localnet in the ACL section to list your (internal) IP networks
  79. # from where browsing should be allowed
  80. http_access allow localnet
  81. http_access allow localhost
  82.  
  83. # And finally deny all other access to this proxy
  84. http_access deny all
  85.  
  86. # Squid normally listens to port 3128
  87. http_port    127.0.0.1:3128
  88. http_port   172.16.1.1:3128
  89. http_port        [::1]:3128
  90. http_port  [fc00::1:1]:3128
  91. #
  92. # Intercept HTTPS CONNECT messages with SSL-Bump
  93. #
  94. http_port   172.16.1.1:3129 ssl-bump intercept \
  95.     cert=/usr/local/etc/squid/ssl_cert/myCA.pem \
  96.     generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
  97.     dhparams=/usr/local/etc/squid/ssl_cert/dhparam.pem
  98. #
  99. http_port  [fc00::1:1]:3129 ssl-bump intercept \
  100.     cert=/usr/local/etc/squid/ssl_cert/myCA.pem \
  101.     generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
  102.     dhparams=/usr/local/etc/squid/ssl_cert/dhparam.pem
  103. #
  104. https_port  172.16.1.1:3130 ssl-bump intercept \
  105.     cert=/usr/local/etc/squid/ssl_cert/myCA.pem \
  106.     generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
  107.     dhparams=/usr/local/etc/squid/ssl_cert/dhparam.pem
  108. #
  109. https_port [fc00::1:1]:3130 ssl-bump intercept \
  110.     cert=/usr/local/etc/squid/ssl_cert/myCA.pem \
  111.     generate-host-certificates=on dynamic_cert_mem_cache_size=4MB \
  112.     dhparams=/usr/local/etc/squid/ssl_cert/dhparam.pem
  113.  
  114. sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /usr/local/etc/squid/ssl_db -M 4MB
  115. #
  116. acl step1 at_step SslBump1
  117. #
  118. ssl_bump peek step1
  119. ssl_bump stare all
  120. ssl_bump bump all
  121.  
  122. always_direct allow all
  123. #
  124. sslproxy_cert_error allow all
  125. sslproxy_flags DONT_VERIFY_PEER
  126.  
  127. tcp_outgoing_address 181.143.98.123
  128. tcp_outgoing_address 2800:e7:a8:6123::3
  129.  
  130. # Uncomment and adjust the following to add a disk cache directory.
  131. #cache_dir ufs /var/squid/cache 100 16 256
  132. cache_dir ufs /var/squid/cache 1000 16 256
  133.  
  134. # Leave coredumps in the first cache dir
  135. coredump_dir /var/squid/cache
  136.  
  137. #
  138. # Add any of your own refresh_pattern entries above these.
  139. #
  140. refresh_pattern ^ftp:           1440    20%     10080
  141. refresh_pattern ^gopher:        1440    0%      1440
  142. refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
  143. refresh_pattern .               0       20%     4320
  144.  
  145. access_log daemon:/var/log/squid/access.log squid
  146. visible_hostname my.cutekittens.com
  147. cache_mgr support@cutekittens.com
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top