Created
March 20, 2019 16:30
MojangPipe squid conf file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#Access rules cluster, here, we define that squid will only accept connections from within the machine (localhost/127.0.0.1) | |
#Also here we define which IP will be used to make the outgoing request depending on which port the client connected to squid. | |
#We intentionally avoid using Squid's default port (3128) to avoid various port scanning bots discovering our squid instance and trying to use it for various malicious purposes. | |
#This is just an extra safeguard, you should still block all of squid's port from public access via your firewall. | |
#We learned this through the hard way. (https://misterfix.io/i/490823964394917888.png) | |
#Replace these IP's which the IP's assigned to your machine. | |
acl 3129 myportname 3129 src 127.0.0.1 | |
http_access allow 3129 | |
tcp_outgoing_address 1.1.1.1 3129 | |
acl 3130 myportname 3130 src 127.0.0.1 | |
http_access allow 3130 | |
tcp_outgoing_address 2.2.2.2 3130 | |
acl 3131 myportname 3131 src 127.0.0.1 | |
http_access allow 3131 | |
tcp_outgoing_address 3.3.3.3 3131 | |
acl 3132 myportname 3132 src 127.0.0.1 | |
http_access allow 3132 | |
tcp_outgoing_address 4.4.4.4 3132 | |
acl 3133 myportname 3133 src 127.0.0.1 | |
http_access allow 3133 | |
tcp_outgoing_address 5.5.5.5 3133 | |
#If none if the access rules matched the connection, we deny it. | |
http_access deny all | |
#Defining all the various ports on which the squid instance will listen to connections on. | |
http_port 3129 | |
http_port 3130 | |
http_port 3131 | |
http_port 3132 | |
http_port 3133 | |
# Make this proxy anonymous, it will make all services think | |
# it is the originating IP of the requests | |
forwarded_for off | |
request_header_access Allow allow all | |
request_header_access Authorization allow all | |
request_header_access WWW-Authenticate allow all | |
request_header_access Proxy-Authorization allow all | |
request_header_access Proxy-Authenticate allow all | |
request_header_access Cache-Control allow all | |
request_header_access Content-Encoding allow all | |
request_header_access Content-Length allow all | |
request_header_access Content-Type allow all | |
request_header_access Date allow all | |
request_header_access Expires allow all | |
request_header_access Host allow all | |
request_header_access If-Modified-Since allow all | |
request_header_access Last-Modified allow all | |
request_header_access Location allow all | |
request_header_access Pragma allow all | |
request_header_access Accept allow all | |
request_header_access Accept-Charset allow all | |
request_header_access Accept-Encoding allow all | |
request_header_access Accept-Language allow all | |
request_header_access Content-Language allow all | |
request_header_access Mime-Version allow all | |
request_header_access Retry-After allow all | |
request_header_access Title allow all | |
request_header_access Connection allow all | |
request_header_access Proxy-Connection allow all | |
request_header_access User-Agent allow all | |
request_header_access Cookie allow all | |
request_header_access All deny all |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment