Last active
March 6, 2023 00:06
-
-
Save douglasgoodwin/7580ccc2e37cbb375ab8 to your computer and use it in GitHub Desktop.
Config file for Squid 3.5 on internal proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########### squid.conf ########### | |
| # assembled from various online resources | |
| # to serve the Metro Design Studio | |
| # This config tunnels HTTPS requests without | |
| # intervention | DG 6/2015 | |
| # | |
| # test from a local workstation: | |
| # echo -e -n 'CONNECT www.google.com:443\r\n\r\n' | nc XXXX.metro.net 8118 | |
| # expect a: | |
| # HTTP/1.1 200 Connection established | |
| ########### squid.conf ########### | |
| ## interface, port and proxy type | |
| http_port 0.0.0.0:8118 | |
| ## logs | |
| logformat combined [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh | |
| access_log /var/log/squid/access.log combined | |
| cache_store_log /var/log/squid/store.log | |
| cache_log /var/log/squid/cache.log | |
| logfile_rotate 8 | |
| ## support files | |
| coredump_dir /tmp | |
| ## general options | |
| dns_v4_first on | |
| cache_mgr not_to_be_disturbed | |
| client_db on | |
| # collapsed_forwarding on | |
| detect_broken_pconn on | |
| dns_defnames on | |
| dns_retransmit_interval 2 seconds | |
| dns_timeout 5 minutes | |
| forwarded_for off | |
| half_closed_clients off | |
| httpd_suppress_version_string on | |
| ignore_unknown_nameservers on | |
| pipeline_prefetch on | |
| retry_on_error on | |
| strip_query_terms off | |
| uri_whitespace strip | |
| visible_hostname XXXX | |
| refresh_pattern ^ftp: 1440 20% 10080 | |
| refresh_pattern ^gopher: 1440 0% 1440 | |
| refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
| refresh_pattern . 0 20% 4320 | |
| ## ports allowed | |
| acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network | |
| acl SSL_ports port 443 # https | |
| acl Safe_ports port 80 # http | |
| acl Safe_ports port 21 # ftp | |
| acl Safe_ports port 443 # https | |
| acl Safe_ports port 70 # gopher | |
| acl Safe_ports port 210 # wais | |
| acl Safe_ports port 1025-65535 # unregistered ports | |
| acl Safe_ports port 280 # http-mgmt | |
| acl Safe_ports port 488 # gss-http | |
| acl Safe_ports port 591 # filemaker | |
| acl Safe_ports port 777 # multiling http | |
| acl CONNECT method CONNECT | |
| http_access allow localhost manager | |
| http_access deny manager | |
| http_access allow localnet | |
| http_access allow localhost | |
| # http_access deny !Safe_ports | |
| ## ssl ports/method allowed | |
| acl SSL_ports port 443 | |
| acl CONNECT method CONNECT | |
| # http_access deny CONNECT !SSL_ports | |
| ## protocols allowed | |
| acl Safe_proto proto HTTP SSL | |
| http_access deny !Safe_proto | |
| # local servers | |
| acl local-servers dstdomain 192.168.0.0/16 | |
| always_direct allow local-servers | |
| ########## END ########### |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment