VictorLowther/squid.conf

## squid.conf
# These should be customized to reflect the local address ranges of the networks Rebar nodes use
acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl to_localnet dst 10.0.0.0/8	# RFC1918 possible internal network
acl to_localnet dst 172.16.0.0/12	# RFC1918 possible internal network
acl to_localnet dst 192.168.0.0/16	# RFC1918 possible internal network
acl to_localnet dst fc00::/7       # RFC 4193 local private network range
acl to_localnet dst fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
always_direct allow to_localnet

# If you have an upstream http cache to talk to,
# customize the next two lines and uncomment them.
#cache_peer upstream.cache.address parent upsreeam-cache-port 0 default
#never_direct allow all

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access deny to_localhost
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .		0	20%	432
	# These should be customized to reflect the local address ranges of the networks Rebar nodes use
	acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
	acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
	acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
	acl localnet src fc00::/7 # RFC 4193 local private network range
	acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
	acl to_localnet dst 10.0.0.0/8 # RFC1918 possible internal network
	acl to_localnet dst 172.16.0.0/12 # RFC1918 possible internal network
	acl to_localnet dst 192.168.0.0/16 # RFC1918 possible internal network
	acl to_localnet dst fc00::/7 # RFC 4193 local private network range
	acl to_localnet dst fe80::/10 # RFC 4291 link-local (directly plugged) machines

	acl SSL_ports port 443
	acl Safe_ports port 80 # http
	acl Safe_ports port 21 # ftp
	acl Safe_ports port 443 # https
	acl Safe_ports port 70 # gopher
	acl Safe_ports port 210 # wais
	acl Safe_ports port 1025-65535 # unregistered ports
	acl Safe_ports port 280 # http-mgmt
	acl Safe_ports port 488 # gss-http
	acl Safe_ports port 591 # filemaker
	acl Safe_ports port 777 # multiling http
	acl CONNECT method CONNECT
	always_direct allow to_localnet

	# If you have an upstream http cache to talk to,
	# customize the next two lines and uncomment them.
	#cache_peer upstream.cache.address parent upsreeam-cache-port 0 default
	#never_direct allow all

	http_access deny !Safe_ports
	http_access deny CONNECT !SSL_ports
	http_access allow localhost manager
	http_access deny manager
	http_access deny to_localhost
	http_access allow localnet
	http_access allow localhost
	http_access deny all
	http_port 3128
	coredump_dir /var/spool/squid3
	refresh_pattern ^ftp: 1440 20% 10080
	refresh_pattern ^gopher: 1440 0% 1440
	refresh_pattern -i (/cgi-bin/\|\?) 0 0% 0
	refresh_pattern (Release\|Packages(.gz)*)$ 0 20% 2880
	refresh_pattern . 0 20% 432