Last active
November 9, 2019 13:31
-
-
Save skram/49c4e5eda7606168a53809ef1c1ca9c5 to your computer and use it in GitHub Desktop.
squid test conf
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # General | |
| http_port 3128 | |
| visible_hostname Proxy | |
| forwarded_for delete | |
| via off | |
| # Log | |
| logformat squid %tg.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt | |
| access_log /var/log/squid/access.log squid | |
| # Cache | |
| #cache_dir aufs /var/cache/squid3 1024 16 256 | |
| #coredump_dir /var/spool/squid3 | |
| cache deny all | |
| #acl QUERY urlpath_regex cgi-bin \? | |
| #cache deny QUERY | |
| refresh_pattern ^ftp: 1440 20% 10080 | |
| refresh_pattern ^gopher: 1440 0% 1440 | |
| refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
| refresh_pattern . 0 20% 4320 | |
| # Network ACL | |
| acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network | |
| acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network | |
| acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network | |
| acl localnet src fc00::/7 # RFC 4193 local private network range | |
| acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | |
| # Port ACL | |
| acl SSL_ports port 443 # https | |
| acl SSL_ports port 563 # snews | |
| acl SSL_ports port 873 # rync | |
| acl Safe_ports port 80 8080 # http | |
| acl Safe_ports port 21 # ftp | |
| acl Safe_ports port 443 563 # https | |
| acl Safe_ports port 70 # gopher | |
| acl Safe_ports port 210 # wais | |
| acl Safe_ports port 1025-65535 # unregistered ports | |
| acl Safe_ports port 280 # http-mgmt | |
| acl Safe_ports port 488 # gss-http | |
| acl Safe_ports port 591 # filemaker | |
| acl Safe_ports port 777 # multiling http | |
| acl purge method PURGE | |
| acl CONNECT method CONNECT | |
| # Authentication | |
| # Uncomment the following lines to enable file based authentication BUT: | |
| # The following section requires to have squid libs installed, especially `nsca_auth`, to be working. | |
| # This sections uses a Htpasswd file named `users.pwd` file to store eligible accounts. | |
| # You can generate yours using the htpasswd command from "apache2-utils" aptitude package, using "-d" flag to use system CRYPT. | |
| auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd | |
| auth_param basic children 5 | |
| auth_param basic realm Proxy | |
| auth_param basic credentialsttl 2 hours | |
| auth_param basic casesensitive on | |
| acl Authenticated_IPs src "/etc/squid/auth_ips.txt" | |
| http_access allow Authenticated_IPs | |
| acl Users proxy_auth REQUIRED | |
| http_access allow Users | |
| # Access Restrictions | |
| http_access allow manager localhost | |
| http_access deny manager | |
| http_access allow purge localhost | |
| http_access deny purge | |
| http_access deny !Safe_ports | |
| http_access deny CONNECT !SSL_ports | |
| http_reply_access allow all | |
| htcp_access deny all | |
| icp_access allow all | |
| always_direct allow all | |
| # Request Headers Forcing | |
| request_header_access Allow allow all | |
| request_header_access Authorization allow all | |
| request_header_access WWW-Authenticate allow all | |
| request_header_access Proxy-Authorization allow all | |
| request_header_access Proxy-Authenticate allow all | |
| request_header_access Cache-Control allow all | |
| request_header_access Content-Encoding allow all | |
| request_header_access Content-Length allow all | |
| request_header_access Content-Type allow all | |
| request_header_access Date allow all | |
| request_header_access Expires allow all | |
| request_header_access Host allow all | |
| request_header_access If-Modified-Since allow all | |
| request_header_access Last-Modified allow all | |
| request_header_access Location allow all | |
| request_header_access Pragma allow all | |
| request_header_access Accept allow all | |
| request_header_access Accept-Charset allow all | |
| request_header_access Accept-Encoding allow all | |
| request_header_access Accept-Language allow all | |
| request_header_access Content-Language allow all | |
| request_header_access Mime-Version allow all | |
| request_header_access Retry-After allow all | |
| request_header_access Title allow all | |
| request_header_access Connection allow all | |
| request_header_access Proxy-Connection allow all | |
| request_header_access User-Agent allow all | |
| request_header_access Cookie allow all | |
| request_header_access All deny all | |
| # Response Headers Spoofing | |
| reply_header_access Via deny all | |
| reply_header_access X-Cache deny all | |
| reply_header_access X-Cache-Lookup deny all |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment