1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113 | ## interface, port and proxy type
#http_port 127.0.0.1:3128 transparent
http_port 3128
## general options
cache_mgr not_to_be_disturbed
client_db on
collapsed_forwarding on
dns_defnames on
dns_defnames on
dns_retransmit_interval 2 seconds
detect_broken_pconn on
half_closed_clients off
httpd_suppress_version_string on
ignore_unknown_nameservers on
pipeline_prefetch on
retry_on_error on
strip_query_terms off
uri_whitespace strip
vary_ignore_expire on
visible_hostname localhost
## timeouts
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 seconds
request_timeout 30 seconds
persistent_request_timeout 1 minute
client_lifetime 21 hours
## host definitions
acl all src 0.0.0.0/0.0.0.0/0.0.0.0
##auth Options
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
## max connections per ip
acl maxuserconn src 127.0.0.0/8 10.0.10.0/28
acl limitusercon maxconn 500
http_access deny maxuserconn limitusercon
## ports allowed
acl Safe_ports port 80 443
http_access deny !Safe_ports
## ssl ports/method allowed
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports
## protocols allowed
acl Safe_proto proto HTTP SSL
http_access deny !Safe_proto
## browsers allowed
acl Safe_browser browser ^Mozilla/5\.0.*Firefox/2\.0\.0\.4
http_access deny !Safe_Browser
## methods allowed
acl Safe_method method CONNECT GET HEAD POST
http_access deny !Safe_method
## disable caching
cache deny all
cache_dir null /tmp
## disable multicast icp
icp_port 0
icp_access deny all
## no-trust for on-the-fly Content-Encoding
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
## logs
logformat combined [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %Hs %<st"%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_store_log /var/log/squid/store.log
cache_log /var/log/squid/cache.log
logfile_rotate 8
## support files
coredump_dir /tmp
pid_filename /var/log/squid/squid.pid
## allow replies to client requests
http_reply_access allow all
## header list ( DENY all -> ALLOW listed )
header_access Accept allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
##header_access Cookie allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access WWW-Authenticate allow all
header_access All deny all
|