Untitled

# Radiomidun ehf.

http_port 3128

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


cache_mem 8 MB
#cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95

maximum_object_size 8 KB
#maximum_object_size 128 KB

maximum_object_size_in_memory 8 KB

#test vegna dagsson, muses.is og kaupstadur.is
reply_header_max_size 200 KB

#fqdncache_size 2048
cache_replacement_policy lru
memory_replacement_policy lru


#LOGS
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none

# END OF LOGS

hosts_file /etc/hosts

# redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

# Authentication
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off


refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

#######
# ACL #
#######

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563      # https, snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

##############

# BRIM
acl logmein dstdomain .logmein.com
acl logmein dstdomain .logme.in
acl sendlingur dstdomain sendlingur.skrin.is
acl brim dstdomain 212.30.252.101
acl brim dstdomain .apf.gl
acl brim dstdomain kerfisleiga.hysing.is
acl brim dstdomain mail.hysing.is
acl brim dstdomain .maxsea.com
acl brim dstdomain .maxsea.fr
acl brim dstdomain .app.gl
acl brim dstdomain .brimhf.is
acl trend dstdomain .trendmicro.com
acl trend dstdomain 212.30.237.3

http_access allow brim
http_access allow sendlingur
http_access allow trend
http_access allow logmein

acl windowsupdate dstdomain .microsoft.com
acl windowsupdate dstdomain .windowsupdate.com
acl office dstdomain .office.com
acl office dstdomain .office.net
acl office dstdomain .live.com
acl windowsupdate dstdomain .windows.com

acl CONNECT method CONNECT
acl wuCONNECT dstdomain .microsoft.com

http_access allow CONNECT wuCONNECT
http_access allow windowsupdate
http_access allow office

#chat fb
acl chfb dstdomain .chat.facebook.com
acl chfb dstdomain .messenger.com
acl chfb dstdomain b-graph.facebook.com
acl chfb dstdomain b-api.facebook.com
acl chfb dstdomain graph.facebook.com
acl chfb dstdomain edge-mqtt.facebook.com
acl chfb dstdomain api.facebook.com
http_access allow chfb

#sjvarp
acl sjovarp dstdomain .sjovarp.is
acl sjovarp dstdomain 192.168.1.240
http_access allow sjovarp

################

# TEAMVIEWER
acl teamv dstdomain .teamviewer.com
http_access allow teamv


http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl password proxy_auth REQUIRED
http_access allow password
http_access allow localhost
http_access deny all

http_reply_access allow all

icp_access deny all

cache_mgr radiomidun@radiomidun.is
visible_hostname none

cachemgr_passwd oksod10 all

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid