# Recommended minimum configuration:auth_param negotiate program /usr/lib64/sq

1. # Recommended minimum configuration:
2. auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -d -s HTTP/squid.ax.loc
3. auth_param negotiate children 20 startup=0 idle=1
4. auth_param negotiate keep_alive off
5. acl auth proxy_auth REQUIRED
6. external_acl_type squid_deny ttl=300 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -a -g squid_deny -D INTERFACE31.LAB
7. external_acl_type squid_allow ttl=300 negative_ttl=60 %LOGIN /usr/lib64/squid/ext_kerberos_ldap_group_acl -a -g squid_allow -D INTERFACE31.LAB
8. acl squid_deny external squid_deny
9. acl squid_allow external squid_allow
10. acl blacklist url_regex -i "/etc/squid/blacklist"
11.  
12. # Example rule allowing access from your local networks.
13. # Adapt to list your (internal) IP networks from where browsing
14. # should be allowed
15. #acl localnet src 10.0.0.0/8<--># RFC1918 possible internal network
16. #acl localnet src 172.16.0.0/12># RFC1918 possible internal network
17. #acl localnet src 192.168.0.0/16<------># RFC1918 possible internal network
18. #acl localnet src fc00::/7 # RFC 4193 local private network range
19. #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
20. acl ax.loc src 192.168.0.0/24
21.  
22.  
23.  
24. acl SSL_ports port 443
25. acl Safe_ports port 80<><------># http
26. acl Safe_ports port 21<><------># ftp
27. acl Safe_ports port 443><------># https
28. acl Safe_ports port 70<><------># gopher
29. acl Safe_ports port 210><------># wais
30. acl Safe_ports port 1025-65535<># unregistered ports
31. acl Safe_ports port 280><------># http-mgmt
32. acl Safe_ports port 488><------># gss-http
33. acl Safe_ports port 591><------># filemaker
34. acl Safe_ports port 777><------># multiling http
35. acl CONNECT method CONNECT
36.  
37. #
38. # Recommended minimum Access Permission configuration:
39. #
40. # Deny requests to certain unsafe ports
41. http_access deny !Safe_ports
42.  
43. # Deny CONNECT to other than secure SSL ports
44. http_access deny CONNECT !SSL_ports
45.  
46. # Only allow cachemgr access from localhost
47. http_access allow localhost manager
48. http_access deny manager
49.  
50. # We strongly recommend the following be uncommented to protect innocent
51. # web applications running on the proxy server who think the only
52. # one who can access services on "localhost" is a local user
53. #http_access deny to_localhost
54.  
55. #
56. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
57. #
58.  
59. # Example rule allowing access from your local networks.
60. # Adapt localnet in the ACL section to list your (internal) IP networks
61. # from where browsing should be allowed
62. #http_access allow localnet
63. #http_access allow localhost
64. http_access allow squid_allow
65. http_access deny squid_deny
66. http_access allow squid_allow
67. #http_access deny blacklist squid_deny
68. http_access deny all
69. #http_access allow auth
70.  
71. # And finally deny all other access to this proxy
72. #http_access deny all
73.  
74. # Squid normally listens to port 3128
75. http_port 3128
76.  
77. # Uncomment and adjust the following to add a disk cache directory.
78. cache_dir ufs /var/spool/squid 100 16 256
79.  
80. # Leave coredumps in the first cache dir
81. coredump_dir /var/spool/squid
82.  
83. #
84. # Add any of your own refresh_pattern entries above these.
85. #
86. refresh_pattern ^ftp:<-><------>1440<-->20%<--->10080
87. refresh_pattern ^gopher:<------>1440<-->0%<---->1440
88. refresh_pattern -i (/cgi-bin/|\?) 0<--->0%<---->0
89. refresh_pattern .<-----><------>0<----->20%<--->4320