-
-
Save hardikdangar/df31d5bce725eff66e06f3abd6e77600 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
acl CONNECT method CONNECT | |
acl Safe_ports port 1025-65535 # unregistered ports | |
acl Safe_ports port 210 # wais | |
acl Safe_ports port 21 # ftp | |
acl Safe_ports port 280 # http-mgmt | |
acl Safe_ports port 443 # https | |
acl Safe_ports port 488 # gss-http | |
acl Safe_ports port 591 # filemaker | |
acl Safe_ports port 70 # gopher | |
acl Safe_ports port 777 # multiling http | |
acl Safe_ports port 80 # http | |
acl SSL_ports port 443 | |
coredump_dir /var/spool/squid | |
acl localnet src 192.168.1.0/24 | |
http_access allow localnet | |
acl PURGE method PURGE | |
http_access allow PURGE localhost | |
http_access deny PURGE | |
http_access allow localhost | |
http_access allow localhost manager | |
http_access deny all | |
http_access deny CONNECT !SSL_ports | |
http_access deny manager | |
http_access deny !Safe_ports | |
http_port 3128 ssl-bump \ | |
cert=/etc/squid/ssl_cert/myCA.pem \ | |
generate-host-certificates=on dynamic_cert_mem_cache_size=4MB | |
acl step1 at_step SslBump1 | |
ssl_bump peek step1 | |
ssl_bump bump all | |
sslproxy_cafile /etc/squid/ssl_cert/myCA.pem | |
cache_mem 500 MB | |
maximum_object_size_in_memory 20240 KB | |
cache_dir aufs /var/cache/squid 40000 16 256 | |
refresh_pattern codeload.github.com 900 20% 4320 reload-into-ims | |
refresh_pattern -i \.(pp(s|t)|wax|wm(a|v)|wmx|wpl|zip|cb(r|z|t)) 129600 100% 129600 reload-into-ims | |
# refresh pattern for debs and udebs | |
refresh_pattern deb$ 129600 100% 129600 | |
refresh_pattern udeb$ 129600 100% 129600 | |
refresh_pattern tar.gz$ 129600 100% 129600 | |
refresh_pattern tar.xz$ 129600 100% 129600 | |
refresh_pattern tar.bz2$ 129600 100% 129600 | |
# always refresh Packages and Release files | |
refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims | |
refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims | |
refresh_pattern \/InRelease$ 0 0% 0 refresh-ims | |
refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims | |
# handle meta-release and changelogs.ubuntu.com special | |
# (fine to have this on debian too) | |
refresh_pattern changelogs.ubuntu.com\/.* 0 1% 1 | |
refresh_pattern . 0 20% 4320 | |
refresh_pattern ^ftp: 1440 20% 10080 | |
refresh_pattern ^gopher: 1440 0% 1440 | |
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | |
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 | |
shutdown_lifetime 3 seconds | |
visible_hostname squid | |
dns_nameservers 8.8.8.8 8.8.4.4 | |
------------- | |
OS :ubuntu 16.04 server | |
$ squid -v | |
Squid Cache: Version 3.5.12 | |
Service Name: squid | |
Ubuntu linux | |
configure options: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=${prefix}/lib/squid3' '--srcdir=.' '--disable-maintainer-mode' '--disable-dependency-tracking' '--disable-silent-rules' 'BUILDCXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' '--datadir=/usr/share/squid' '--sysconfdir=/etc/squid' '--libexecdir=/usr/lib/squid' '--mandir=/usr/share/man' '--with-openssl' '--enable-ssl-crtd' '--enable-inline' '--disable-arch-native' '--enable-async-io=8' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,smb_lm' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--disable-translation' '--with-swapdir=/var/spool/squid' '--with-logdir=/var/log/squid' '--with-pidfile=/var/run/squid.pid' '--with-filedescriptors=65536' '--with-large-files' '--with-default-user=proxy' '--enable-build-info=Ubuntu linux' '--enable-linux-netfilter' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment