Created
July 6, 2017 08:09
-
-
Save franzramadhan/bfabb11b1cbad22a25435bbdaa3f8a25 to your computer and use it in GitHub Desktop.
configuration for squid http and https transparent proxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Generated by iptables-save v1.4.7 on Thu Jul 6 15:07:05 2017 | |
*filter | |
:INPUT ACCEPT [0:0] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [746122100:654968156651] | |
:LOGGING - [0:0] | |
-A INPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT | |
-A INPUT -p icmp -j ACCEPT | |
-A INPUT -i lo -j ACCEPT | |
-A INPUT -i eth0 -j ACCEPT | |
-A INPUT -s 10.32.5.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.15.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.6.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.7.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.8.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.9.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.10.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.11.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.13.0/24 -p tcp -j ACCEPT | |
-A INPUT -s 10.32.14.0/24 -p tcp -j ACCEPT | |
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | |
-A INPUT -p tcp -m state --state NEW -m multiport --dports 80,443,3127,3128,8081 -j ACCEPT | |
-A INPUT -p tcp -m state --state NEW,ESTABLISHED -m multiport --dports 3000,3001 -j ACCEPT | |
-A INPUT -j LOGGING | |
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 | |
-A INPUT -j DROP | |
-A LOGGING -m limit --limit 5/min -j LOG --log-prefix "Incoming Dropped: " --log-level 5 | |
COMMIT | |
# Completed on Thu Jul 6 15:07:06 2017 | |
# Generated by iptables-save v1.4.7 on Thu Jul 6 15:07:06 2017 | |
*nat | |
:PREROUTING ACCEPT [384644:33143346] | |
:POSTROUTING ACCEPT [10822292:572064548] | |
:OUTPUT ACCEPT [10822292:572064548] | |
-A PREROUTING -p tcp -m tcp --dport 443 -j DNAT --to-destination 10.32.16.222:3127 | |
-A PREROUTING -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.32.16.222:3128 | |
COMMIT | |
# Completed on Thu Jul 6 15:07:06 2017 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# Recommended minimum configuration: | |
# | |
# Example rule allowing access from your local networks. | |
# Adapt to list your (internal) IP networks from where browsing | |
# should be allowed | |
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network | |
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network | |
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network | |
acl localnet src fc00::/7 # RFC 4193 local private network range | |
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | |
acl developer src 10.32.6.0/24 # VLAN 6 | |
acl telco src 10.32.9.0/24 # VLAN 9 | |
acl marketing src 10.32.13.0/24 # VLAN 11 | |
acl hrd src 10.32.8.0/24 # VLAN 8 | |
acl finance src 10.32.7.0/24 # VLAN 7 | |
acl ga src 10.32.11.0/24 # VLAN 10 | |
acl SSL_ports port 443 21 | |
acl Safe_ports port 80 # http | |
acl Safe_ports port 21 # ftp | |
acl Safe_ports port 443 # https | |
acl Safe_ports port 70 # gopher | |
acl Safe_ports port 210 # wais | |
acl Safe_ports port 1025-65535 # unregistered ports | |
acl Safe_ports port 280 # http-mgmt | |
acl Safe_ports port 488 # gss-http | |
acl Safe_ports port 591 # filemaker | |
acl Safe_ports port 777 # multiling http | |
acl Safe_ports port 873 # rsync | |
acl CONNECT method CONNECT | |
acl Purge method PURGE | |
########### BANDWIDTH LIMIT FOR DOWNLOAD ######## | |
reply_body_max_size 300 MB developer | |
reply_body_max_size 300 MB telco | |
reply_body_max_size 700 MB marketing | |
reply_body_max_size 700 MB hrd | |
reply_body_max_size 700 MB finance | |
reply_body_max_size 100 MB ga | |
##### SQUIDGUARD FILTERING ### | |
url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf | |
##### PURGE Cache ### | |
http_access allow PURGE localhost Purge | |
http_access deny Purge | |
# | |
# Recommended minimum Access Permission configuration: | |
# | |
# Deny requests to certain unsafe ports | |
http_access deny !Safe_ports | |
# Deny CONNECT to other than secure SSL ports | |
http_access deny CONNECT !SSL_ports | |
# Only allow cachemgr access from localhost | |
http_access allow localhost manager | |
http_access deny manager | |
acl ftp proto ftp | |
http_access allow ftp | |
#always_direct allow ftp | |
ftp_passive on | |
# We strongly recommend the following be uncommented to protect innocent | |
# web applications running on the proxy server who think the only | |
# one who can access services on "localhost" is a local user | |
#http_access deny to_localhost | |
# | |
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | |
# | |
# Example rule allowing access from your local networks. | |
# Adapt localnet in the ACL section to list your (internal) IP networks | |
# from where browsing should be allowed | |
http_access allow localnet | |
http_access allow localhost | |
# And finally deny all other access to this proxy | |
http_access deny all | |
# Miscellaneous | |
via off | |
forwarded_for delete | |
#forwarded_for on | |
request_header_access Allow allow all | |
request_header_access Authorization allow all | |
request_header_access WWW-Authenticate allow all | |
request_header_access Proxy-Authorization allow all | |
request_header_access Proxy-Authenticate allow all | |
request_header_access Cache-Control allow all | |
request_header_access Content-Encoding allow all | |
request_header_access Content-Length allow all | |
request_header_access Content-Type allow all | |
request_header_access Date allow all | |
request_header_access Expires allow all | |
request_header_access Host allow all | |
request_header_access If-Modified-Since allow all | |
request_header_access Last-Modified allow all | |
request_header_access Location allow all | |
request_header_access Pragma allow all | |
request_header_access Accept allow all | |
request_header_access Accept-Charset allow all | |
request_header_access Accept-Encoding allow all | |
request_header_access Accept-Language allow all | |
request_header_access Content-Language allow all | |
request_header_access Mime-Version allow all | |
request_header_access Retry-After allow all | |
request_header_access Title allow all | |
request_header_access Connection allow all | |
request_header_access Proxy-Connection allow all | |
request_header_access User-Agent allow all | |
request_header_access Cookie allow all | |
request_header_access All deny all | |
# Uncomment and adjust the following to add a disk cache directory. | |
cache_dir ufs /var/spool/squid 400000 32 512 #5000 16 256 | |
############# TUNNING ################ | |
cache_mem 70 MB | |
maximum_object_size_in_memory 40 KB | |
memory_cache_mode always | |
minimum_object_size 0 KB #baru | |
maximum_object_size 200 MB #baru | |
memory_pools off #baru | |
quick_abort_min 0 KB #baru | |
quick_abort_max 0 KB #baru | |
log_icp_queries off #baru | |
cache_replacement_policy heap LFUDA #baru | |
memory_replacement_policy heap LFUDA #baru | |
half_closed_clients off #baru | |
max_filedesc 4096 | |
redirect_children 37 | |
max_filedesc 65535 | |
client_db off | |
hosts_file /etc/hosts | |
# Leave coredumps in the first cache dir | |
coredump_dir /var/spool/squid | |
# | |
# Add any of your own refresh_pattern entries above these. | |
# | |
refresh_pattern ^ftp: 1440 20% 10080 | |
refresh_pattern ^gopher: 1440 0% 1440 | |
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
refresh_pattern . 0 20% 4320 | |
visible_hostname squidshare.1rstwap.com | |
## HTTP ## | |
http_port 8181 | |
http_port 3128 intercept | |
## HTTPS ## | |
https_port 3127 intercept ssl-bump cert=/var/opt/squid/certs/proxyCA.pem | |
# ssl-bump stuff | |
ssl_bump none all | |
sslcrtd_program /usr/lib64/squid/ssl_crtd -s /var/opt/squid/ssldb/ssl_db -M 100 | |
sslcrtd_children 50 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
# CONFIG FILE FOR SQUIDGUARD | |
# | |
# Config Squid | |
# | |
dbhome /var/squidGuard/db/blacklists | |
logdir /var/squidGuard/log | |
############# TIME RULES #################### | |
## abbrev for weekdays: | |
## s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat | |
## date 2006-01-31 | |
time free { | |
weekly mtwhf 08:00-09:00 12:00-13:00 18:00-20:00 | |
} | |
time work { | |
weekly mtwhf 09:00-12:00 13:00-18:00 | |
} | |
time weekend { | |
weekly a 00:00-24:00 | |
weekly s 00:00-24:00 | |
} | |
############# SOURCE ADDRESSES #################### | |
src mgt { | |
ip 10.32.14.0/255.255.255.0 | |
} | |
src dev { | |
ip 10.32.6.0/255.255.255.0 | |
} | |
src telco { | |
ip 10.32.9.0/255.255.255.0 | |
} | |
src hr { | |
ip 10.32.8.0/255.255.255.0 | |
} | |
src mkt { | |
ip 10.32.13.0/255.255.255.0 | |
} | |
src ga { | |
ip 10.32.11.0/255.255.255.0 | |
} | |
src fin { | |
ip 10.32.7.0/255.255.255.0 | |
} | |
src adm { | |
ip 10.32.5.2 | |
ip 10.32.5.3 | |
ip 10.32.5.4 | |
ip 10.32.5.5 | |
ip 10.32.5.6 | |
ip 10.32.5.7 | |
ip 10.32.5.8 | |
ip 10.32.5.9 | |
ip 10.32.5.10 | |
ip 10.32.5.11 | |
ip 10.32.5.12 | |
ip 10.32.5.14 | |
ip 10.32.5.15 | |
ip 10.32.5.16 | |
ip 10.32.5.20 | |
ip 10.32.5.51 | |
ip 10.32.5.52 | |
ip 10.32.5.64 | |
ip 10.32.5.65 | |
ip 10.32.5.66 | |
ip 10.32.5.67 | |
ip 10.32.5.69 | |
ip 10.32.5.71 | |
ip 10.32.5.72 | |
ip 10.32.5.81 | |
ip 10.32.5.196 | |
ip 10.32.5.197 | |
ip 10.32.5.199 | |
ip 10.32.5.126 | |
ip 10.32.5.129 | |
ip 10.32.5.230 | |
ip 10.32.5.231 | |
ip 10.32.5.238 | |
ip 10.32.5.239 | |
ip 10.32.5.253 | |
} | |
src ops { | |
ip 10.32.16.65 | |
ip 10.32.16.119 | |
ip 10.32.16.195 | |
ip 10.32.16.196 | |
ip 10.32.16.198 | |
ip 10.32.16.202 | |
ip 10.32.16.234 | |
ip 10.32.16.241 | |
ip 10.32.16.65 | |
ip 10.32.16.66 | |
ip 10.32.16.67 | |
ip 10.32.16.69 | |
ip 10.32.16.51 | |
ip 10.32.16.76 | |
ip 10.32.16.73 | |
ip 10.32.16.75 | |
ip 10.32.16.79 | |
ip 10.32.16.84 | |
ip 10.32.16.85 | |
ip 10.32.16.86 | |
ip 10.32.16.184 | |
ip 10.32.16.101 | |
ip 10.32.16.102 | |
ip 10.32.16.103 | |
ip 10.32.16.104 | |
ip 10.32.16.105 | |
ip 10.32.16.106 | |
ip 10.32.16.107 | |
ip 10.32.16.109 | |
ip 10.32.16.110 | |
ip 10.32.16.113 | |
ip 10.32.16.238 | |
ip 10.32.16.232 | |
ip 10.32.16.22 | |
ip 10.32.16.25 | |
ip 10.32.16.70 | |
ip 10.32.16.78 | |
ip 10.32.16.109 | |
ip 10.32.16.116 | |
ip 10.32.16.120 | |
ip 10.32.16.112 | |
ip 10.32.16.74 | |
ip 10.32.16.71 | |
ip 10.32.16.72 | |
ip 10.32.16.77 | |
ip 10.32.16.78 | |
ip 10.32.16.3 | |
ip 10.32.16.237 | |
ip 10.32.16.222 | |
ip 10.32.16.190 | |
} | |
src qca { | |
ip 10.32.15.41 | |
ip 10.32.15.70 | |
ip 10.32.15.242 | |
ip 10.32.15.136 | |
ip 10.32.15.161 | |
ip 10.32.15.10 | |
ip 10.32.15.188 | |
ip 10.32.15.50 | |
ip 10.32.15.51 | |
ip 10.32.15.52 | |
ip 10.32.15.53 | |
ip 10.32.15.54 | |
ip 10.32.15.110 | |
ip 10.32.15.160 | |
ip 10.32.15.155 | |
ip 10.32.15.89 | |
ip 10.32.15.98 | |
ip 10.32.15.99 | |
ip 10.32.15.95 | |
ip 10.32.15.173 | |
ip 10.32.15.131 | |
ip 10.32.15.130 | |
ip 10.32.15.111 | |
ip 10.32.15.96 | |
ip 10.32.15.176 | |
ip 10.32.15.139 | |
ip 10.32.15.100 | |
ip 10.32.15.123 | |
ip 10.32.15.122 | |
ip 10.32.15.121 | |
ip 10.32.15.120 | |
ip 10.32.15.155 | |
ip 10.32.15.190 | |
ip 10.32.15.108 | |
ip 10.32.15.241 | |
ip 10.32.15.101 | |
ip 10.32.15.201 | |
ip 10.32.15.202 | |
ip 10.32.15.203 | |
ip 10.32.15.204 | |
ip 10.32.15.205 | |
ip 10.32.15.206 | |
ip 10.32.15.180 | |
ip 10.32.15.111 | |
} | |
src vpn { | |
ip 192.168.3.0/255.255.255.248 | |
} | |
############# DESTINATION ADDRESSES #################### | |
dest dewasa { | |
domainlist dewasa/domains | |
urllist dewasa/urls | |
expressionlist dewasa/expressions | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest blacklist { | |
domainlist blacklist/domains | |
urllist blacklist/urls | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest banned { | |
domainlist banned/domains | |
urllist banned/urls | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest job { | |
domainlist job/domains | |
urllist job/urls | |
redirect https://squidshare.1rstwap.com/response/job.html? | |
} | |
dest iklan { | |
domainlist iklan/domains | |
urllist iklan/urls | |
redirect https://squidshare.1rstwap.com/response/iklan.html? | |
} | |
dest boleh { | |
domainlist whitelist/domains | |
urllist whitelist/urls | |
} | |
dest webmail { | |
domainlist mail/domains | |
urllist mail/urls | |
} | |
dest telco { | |
domainlist telco/domains | |
} | |
dest ymhttp { | |
domainlist yahoomsg/domains | |
urllist yahoomsg/yahooip | |
} | |
dest vpn { | |
domainlist vpn_access/vpn_web_access | |
} | |
dest abortion { | |
domainlist abortion/domains | |
urllist abortion/urls | |
} | |
dest ads { | |
domainlist ads/domains | |
expressionlist ads/expressions | |
urllist ads/urls | |
} | |
dest adult { | |
domainlist adult/domains | |
urllist adult/urls | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest aggressive { | |
domainlist aggressive/domains | |
urllist aggressive/urls | |
} | |
dest alcohol { | |
domainlist alcohol/domains | |
urllist alcohol/urls | |
} | |
dest antispyware { | |
domainlist antispyware/domains | |
urllist antispyware/urls | |
} | |
dest arjel { | |
domainlist arjel/domains | |
} | |
dest artnudes { | |
domainlist artnudes/domains | |
urllist artnudes/urls | |
} | |
dest astrology { | |
domainlist astrology/domains | |
urllist astrology/urls | |
} | |
dest audio-video { | |
domainlist audio-video/domains | |
urllist audio-video/urls | |
} | |
dest bank { | |
domainlist bank/domains | |
} | |
dest banking { | |
domainlist banking/domains | |
urllist banking/urls | |
} | |
dest beerliquorinfo { | |
domainlist beerliquorinfo/domains | |
} | |
dest beerliquorsale { | |
domainlist beerliquorsale/domains | |
} | |
dest bitcoin { | |
domainlist bitcoin/domains | |
urllist bitcoin/urls | |
} | |
dest blog { | |
domainlist blog/domains | |
urllist blog/urls | |
} | |
dest books { | |
domainlist books/domains | |
urllist books/urls | |
} | |
dest catalogue-biu-toulouse { | |
domainlist catalogue-biu-toulouse/domains | |
} | |
dest celebrity { | |
domainlist celebrity/domains | |
urllist celebrity/urls | |
} | |
dest cellphones { | |
domainlist cellphones/domains | |
} | |
dest chat { | |
domainlist chat/domains | |
urllist chat/urls | |
} | |
dest child { | |
domainlist child/domains | |
urllist child/urls | |
} | |
dest childcare { | |
domainlist childcare/domains | |
urllist childcare/urls | |
} | |
dest cleaning { | |
domainlist cleaning/domains | |
urllist cleaning/urls | |
} | |
dest clothing { | |
domainlist clothing/domains | |
} | |
dest contraception { | |
domainlist contraception/domains | |
urllist contraception/urls | |
} | |
dest cooking { | |
domainlist cooking/domains | |
} | |
dest culinary { | |
domainlist culinary/domains | |
} | |
dest dating { | |
domainlist dating/domains | |
urllist dating/urls | |
} | |
dest ddos { | |
domainlist ddos/domains | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest desktopsillies { | |
domainlist desktopsillies/domains | |
urllist desktopsillies/urls | |
} | |
dest dialers { | |
domainlist dialers/domains | |
urllist dialers/urls | |
} | |
dest download { | |
domainlist download/domains | |
urllist download/urls | |
} | |
dest drugs { | |
domainlist drugs/domains | |
urllist drugs/urls | |
} | |
dest ecommerce { | |
domainlist ecommerce/domains | |
urllist ecommerce/urls | |
} | |
dest educational_games { | |
domainlist educational_games/domains | |
urllist educational_games/urls | |
} | |
dest entertainment { | |
domainlist entertainment/domains | |
urllist entertainment/urls | |
} | |
dest filehosting { | |
domainlist filehosting/domains | |
urllist filehosting/urls | |
} | |
dest filesharing { | |
domainlist filesharing/domains | |
urllist filesharing/urls | |
} | |
dest financial { | |
domainlist financial/domains | |
urllist financial/urls | |
} | |
dest frencheducation { | |
domainlist frencheducation/domains | |
urllist frencheducation/urls | |
} | |
dest gambling { | |
domainlist gambling/domains | |
urllist gambling/urls | |
} | |
dest games { | |
domainlist games/domains | |
urllist games/urls | |
} | |
dest gardening { | |
domainlist gardening/domains | |
urllist gardening/urls | |
} | |
dest good { | |
domainlist good/domains | |
} | |
dest government { | |
domainlist government/domains | |
urllist government/urls | |
} | |
dest guns { | |
domainlist guns/domains | |
urllist guns/urls | |
} | |
dest hacking { | |
domainlist hacking/domains | |
urllist hacking/urls | |
} | |
dest jobsearch { | |
domainlist jobsearch/domains | |
urllist jobsearch/urls | |
} | |
dest kidstimewasting { | |
domainlist kidstimewasting/domains | |
urllist kidstimewasting/urls | |
} | |
dest lingerie { | |
domainlist lingerie/domains | |
urllist lingerie/urls | |
} | |
dest liste_blanche { | |
domainlist liste_blanche/domains | |
urllist liste_blanche/urls | |
} | |
dest local { | |
domainlist local/domains | |
} | |
dest magazines { | |
domainlist magazines/domains | |
urllist magazines/urls | |
} | |
dest malware { | |
domainlist malware/domains | |
expressionlist malware/expressions | |
urllist malware/urls | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest manga { | |
domainlist manga/domains | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest marketingware { | |
domainlist marketingware/domains | |
urllist marketingware/urls | |
} | |
dest medical { | |
domainlist medical/domains | |
urllist medical/urls | |
} | |
dest mixed_adult { | |
domainlist mixed_adult/domains | |
urllist mixed_adult/urls | |
} | |
dest mobile-phone { | |
domainlist mobile-phone/domains | |
urllist mobile-phone/urls | |
} | |
dest naturism { | |
domainlist naturism/domains | |
urllist naturism/urls | |
} | |
dest news { | |
domainlist news/domains | |
urllist news/urls | |
} | |
dest onlineauctions { | |
domainlist onlineauctions/domains | |
urllist onlineauctions/urls | |
} | |
dest onlinegames { | |
domainlist onlinegames/domains | |
urllist onlinegames/urls | |
} | |
dest onlinepayment { | |
domainlist onlinepayment/domains | |
} | |
dest personalfinance { | |
domainlist personalfinance/domains | |
urllist personalfinance/urls | |
} | |
dest pets { | |
domainlist pets/domains | |
urllist pets/urls | |
} | |
dest phishing { | |
domainlist phishing/domains | |
urllist phishing/urls | |
} | |
dest porn { | |
domainlist porn/domains | |
expressionlist porn/expressions | |
urllist porn/urls | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest press { | |
domainlist press/domains | |
urllist press/urls | |
} | |
dest proxy { | |
domainlist proxy/domains | |
urllist proxy/urls | |
} | |
dest radio { | |
domainlist radio/domains | |
urllist radio/urls | |
} | |
dest reaffected { | |
domainlist reaffected/domains | |
urllist reaffected/urls | |
} | |
dest redirector { | |
domainlist redirector/domains | |
urllist redirector/urls | |
} | |
dest religion { | |
domainlist religion/domains | |
urllist religion/urls | |
} | |
dest remote-control { | |
domainlist remote-control/domains | |
urllist remote-control/urls | |
} | |
dest ringtones { | |
domainlist ringtones/domains | |
} | |
dest searchengines { | |
domainlist searchengines/domains | |
} | |
dest sect { | |
domainlist sect/domains | |
urllist sect/urls | |
} | |
dest sexuality { | |
domainlist sexuality/domains | |
urllist sexuality/urls | |
} | |
dest sexualityeducation { | |
domainlist sexualityeducation/domains | |
urllist sexualityeducation/urls | |
} | |
dest shopping { | |
domainlist shopping/domains | |
urllist shopping/urls | |
} | |
dest shortener { | |
domainlist shortener/domains | |
} | |
dest social_networks { | |
domainlist social_networks/domains | |
urllist social_networks/urls | |
redirect https://squidshare.1rstwap.com/response/workinghour.html? | |
} | |
dest sportnews { | |
domainlist sportnews/domains | |
urllist sportnews/urls | |
} | |
dest sports { | |
domainlist sports/domains | |
urllist sports/urls | |
} | |
dest spyware { | |
domainlist spyware/domains | |
urllist spyware/urls | |
} | |
dest suspect { | |
domainlist suspect/domains | |
urllist suspect/urls | |
} | |
dest tobacco { | |
domainlist tobacco/domains | |
urllist tobacco/urls | |
} | |
dest translation { | |
domainlist translation/domains | |
urllist translation/urls | |
} | |
dest update { | |
domainlist update/domains | |
} | |
dest updatesites { | |
domainlist updatesites/domains | |
urllist updatesites/urls | |
} | |
dest vacation { | |
domainlist vacation/domains | |
urllist vacation/urls | |
} | |
dest verisign { | |
domainlist verisign/domains | |
} | |
dest violence { | |
domainlist violence/domains | |
urllist violence/urls | |
} | |
dest virusinfected { | |
domainlist virusinfected/domains | |
urllist virusinfected/urls | |
} | |
dest warez { | |
domainlist warez/domains | |
urllist warez/urls | |
} | |
dest weapons { | |
domainlist weapons/domains | |
urllist weapons/urls | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
dest weather { | |
domainlist weather/domains | |
urllist weather/urls | |
} | |
############# ACCESS CONTROL LIST #################### | |
acl { | |
mgt { | |
pass !virusinfected !porn !iklan !ddos !malware all | |
} | |
dev within free { | |
pass boleh chat social_networks !manga !blacklist !ddos !job !malware !porn !dewasa !iklan !weapons !adult !warez !virusinfected !banned !webmail any | |
} else { | |
pass boleh !blacklist !manga !ddos !job !malware !porn !dewasa !iklan !weapons !social_networks !adult !chat !warez !virusinfected !banned !webmail any | |
} | |
telco within free { | |
pass boleh chat social_networks !manga !blacklist !ddos !job !malware !porn !dewasa !iklan !weapons !adult !warez !virusinfected !banned !webmail any | |
} else { | |
pass boleh !blacklist !manga !ddos !job !malware !porn !dewasa !iklan !weapons !social_networks !adult !chat !warez !virusinfected !banned !webmail any | |
} | |
mkt within free { | |
pass boleh chat social_networks !manga !blacklist !banned !ddos !job !malware !porn !dewasa !iklan !weapons !adult !warez !virusinfected !banned !webmail any | |
} else { | |
pass boleh !blacklist !manga !ddos !job !malware !porn !dewasa !iklan !weapons !social_networks !adult !chat !warez !virusinfected !banned !webmail any | |
} | |
adm { | |
pass boleh !manga !blacklist !malware !job !banned !porn !ddos !job !malware !dewasa !iklan !weapons !social_networks !adult !chat !warez !virusinfected !banned webmail any | |
} | |
ops { | |
pass !malware !blacklist !banned !virusinfected !job any | |
} | |
qca { | |
pass !malware !blacklist !banned !virusinfected !job any | |
} | |
fin within free { | |
pass boleh chat social_networks !manga !blacklist !malware !job !banned !ddos !job !malware !porn !dewasa !iklan !weapons !adult !warez !virusinfected !banned webmail any | |
} else { | |
pass boleh !manga !blacklist !ddos !job !malware !porn !dewasa !iklan !weapons !social_networks !adult !chat !warez !virusinfected !banned webmail webmail any | |
} | |
ga within free { | |
pass boleh chat social_networks !manga !blacklist !ddos !job !malware !porn !dewasa !iklan !weapons !adult !warez !virusinfected !banned !webmail any | |
} else { | |
pass boleh !blacklist !manga !ddos !job !malware !porn !dewasa !iklan !weapons !social_networks !adult !chat !warez !virusinfected !banned !webmail any | |
} | |
hr within free { | |
pass boleh chat social_networks !manga !blacklist !banned !malware !ddos job !malware !porn !dewasa !iklan !weapons !adult !warez !virusinfected !banned !webmail any | |
} else { | |
pass boleh !blacklist !manga !ddos job !malware !porn !dewasa !iklan !weapons !social_networks !adult !chat !warez !virusinfected !banned !webmail any | |
} | |
vpn { | |
pass all | |
} | |
default { | |
pass !abortion !ads !aggressive !alcohol !antispyware !arjel !artnudes !astrology !audio-video !beerliquorinfo !beerliquorsale !bitcoin !blog !books !catalogue-biu-toulouse !celebrity !cellphones !child !childcare !cleaning !clothing !contraception !cooking !culinary !dating !desktopsillies !dialers !download !drugs !ecommerce !educational_games !entertainment !filehosting !filesharing !financial !frencheducation !gambling !games !gardening !good !government !guns !hacking !kidstimewasting !lingerie !liste_blanche !magazines !marketingware !medical !mobile-phone !naturism !news !onlineauctions !onlinegames !onlinepayment !personalfinance !pets !phishing !press !proxy !radio !reaffected !redirector !religion !remote-control !ringtones !searchengines !sect !sexuality !sexualityeducation !shopping !shortener !sportnews !sports !spyware !suspect !tobacco !vacation !verisign !violence !weather any | |
redirect https://squidshare.1rstwap.com/response/banned.html? | |
} | |
} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment