Last active
July 27, 2016 03:59
-
-
Save bashizip/ccffac6ba4e556e854276dd7b1bc93bf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# General | |
http_port 3128 | |
visible_hostname Proxy | |
forwarded_for delete | |
via off | |
dns_v4_first on | |
# Log | |
access_log /var/log/squid/access.log squid | |
cache_log /var/log/squid/cache.log squid | |
cache_store_log /var/log/squid/store.log | |
access_log daemon:/var/log/squid/access.log squid | |
logformat languagelog %{Accept-Language}>h | |
access_log /var/log/squid/languages.log languagelog | |
# Cache | |
cache_dir aufs /var/cache/squid 1024 16 256 | |
coredump_dir /var/spool/squid | |
acl QUERY urlpath_regex cgi-bin \? | |
cache deny QUERY | |
refresh_pattern ^ftp: 1440 20% 10080 | |
refresh_pattern ^gopher: 1440 0% 1440 | |
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
refresh_pattern . 0 20% 4320 | |
# Network ACL | |
acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network | |
acl localnet src 192.168.137.0/24 # RFC 1918 possible internal network | |
acl localnet src 192.168.1.0/24 # RFC 1918 possible internal network | |
acl localnet src 192.168.218.0/24 # RFC 1918 possible internal network | |
acl localnet src fc00::/7 # RFC 4193 local private network range | |
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | |
# Port ACL | |
acl SSL_ports port 443 # https | |
acl SSL_ports port 563 # snews | |
acl SSL_ports port 873 # rync | |
acl Safe_ports port 80 8080 # http | |
acl Safe_ports port 21 # ftp | |
acl Safe_ports port 443 563 # https | |
acl Safe_ports port 70 # gopher | |
acl Safe_ports port 210 # wais | |
acl Safe_ports port 1025-65535 # unregistered ports | |
acl Safe_ports port 280 # http-mgmt | |
acl Safe_ports port 488 # gss-http | |
acl Safe_ports port 591 # filemaker | |
acl Safe_ports port 777 # multiling http | |
acl purge method PURGE | |
acl CONNECT method CONNECT | |
# Authentication | |
# Uncomment the following lines to enable file based authentication BUT: | |
# The following section requires to have squid libs installed, especially `nsca_auth`, to be working. | |
# This sections uses a Htpasswd file named `users.pwd` file to store eligible accounts. | |
# You can generate yours at http://www.htaccesstools.com/htpasswd-generator/ | |
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/users.pwd | |
#auth_param basic children 5 | |
#auth_param basic realm Proxy | |
#auth_param basic credentialsttl 2 hours | |
#acl users proxy_auth REQUIRED | |
#acl auth proxy_auth REQUIRED | |
# ADMINISTRATIVE PARAMETERS | |
# ----------------------------------------------------------------------------- | |
cache_mgr agratitudesign | |
cache_effective_user proxy | |
cache_effective_group proxy | |
httpd_suppress_version_string on | |
visible_hostname localhost | |
#http_access allow users | |
# Access Restrictions | |
http_access allow manager localhost | |
http_access deny manager | |
http_access allow purge localhost | |
http_access deny purge | |
http_access deny !Safe_ports | |
http_access deny CONNECT !SSL_ports | |
http_reply_access allow all | |
htcp_access deny all | |
icp_access allow all | |
always_direct allow all | |
# Request Headers Forcing | |
request_header_access Allow allow all | |
request_header_access Authorization allow all | |
request_header_access WWW-Authenticate allow all | |
request_header_access Proxy-Authorization allow all | |
request_header_access Proxy-Authenticate allow all | |
request_header_access Cache-Control allow all | |
request_header_access Content-Encoding allow all | |
request_header_access Content-Length allow all | |
request_header_access Content-Type allow all | |
request_header_access Date allow all | |
request_header_access Expires allow all | |
request_header_access Host allow all | |
request_header_access If-Modified-Since allow all | |
request_header_access Last-Modified allow all | |
request_header_access Location allow all | |
request_header_access Pragma allow all | |
request_header_access Accept allow all | |
request_header_access Accept-Charset allow all | |
request_header_access Accept-Encoding allow all | |
request_header_access Accept-Language allow all | |
request_header_access Content-Language allow all | |
request_header_access Mime-Version allow all | |
request_header_access Retry-After allow all | |
request_header_access Title allow all | |
request_header_access Connection allow all | |
request_header_access Proxy-Connection allow all | |
request_header_access User-Agent allow all | |
request_header_access Cookie allow all | |
request_header_access All deny all | |
# Response Headers Spoofing | |
reply_header_access Via deny all | |
reply_header_access X-Cache deny all | |
reply_header_access X-Cache-Lookup deny all |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
squid3.4 conf for transparent proxy without user authentification | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment