kipyegonmark/squid.conf

## squid.conf
#
### Calomel.org Squid  squid.conf
#
########### squid.conf ###########
#
## interface, port and proxy type
#http_port 10.10.10.1:8080 transparent
http_port 10.10.10.1:8080

## general options
cache_mgr not_to_be_disturbed
client_db on
collapsed_forwarding on
detect_broken_pconn on
dns_defnames on
dns_retransmit_interval 2 seconds
dns_timeout 5 minutes
forwarded_for off
half_closed_clients off
httpd_suppress_version_string on
ignore_unknown_nameservers on
pipeline_prefetch on
retry_on_error on
strip_query_terms off
uri_whitespace strip
visible_hostname localhost

## timeouts
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 seconds
request_timeout 30 seconds
persistent_request_timeout 1 minute
client_lifetime 20 hours

## host definitions
acl all src 0.0.0.0/0
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

## proxy server client access
acl mynetworks src 127.0.0.0/8 10.10.10.0/28
http_access deny !mynetworks

## max connections per ip
acl maxuserconn src 127.0.0.0/8 10.0.10.0/28
acl limitusercon maxconn 500
http_access deny maxuserconn limitusercon

## disable caching
cache deny all
cache_dir null /tmp

## disable multicast icp
icp_port 0
icp_access deny all

## disable ident lookups
ident_lookup_access deny all

## no-trust for on-the-fly Content-Encoding
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

## logs
logformat combined [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined
cache_store_log /var/log/squid/store.log
cache_log  /var/log/squid/cache.log
logfile_rotate 8

## support files
coredump_dir /tmp
pid_filename /var/log/squid/squid.pid

## ports allowed
acl Safe_ports port 80 443
http_access deny !Safe_ports

## ssl ports/method allowed
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access deny CONNECT !SSL_ports

## protocols allowed
acl Safe_proto proto HTTP SSL
http_access deny !Safe_proto

## browsers allowed
# acl Safe_browser browser ^Mozilla/5\.0.*Firefox/2\.0\.0\.6
# http_access deny !Safe_Browser

## disable ads ( //squid_adservers.html )
# acl ads dstdom_regex "/etc/squid/ad_block.txt"
# http_access deny ads
# deny_info TCP_RESET ads

## Banned Sites
# acl Bad_Site dstdom_regex myspace.com youtube.com facebook.com
# http_access deny Bad_Site

## redirector
# acl my_url dstdomain SITE_NAME.COM
# redirector_access allow my_url
# redirect_children 1
# redirect_rewrites_host_header off
# redirect_program /etc/squid/squid_redirector.pl

## methods allowed
acl Safe_method method CONNECT GET HEAD POST
http_access deny !Safe_method

## allow replies to client requests
http_reply_access allow all

## header re-write
# header_replace Accept */*
# header_replace Accept-Encoding gzip
# header_replace Accept-Language en
header_replace User-Agent OurBrowser/1.0 (Some Name)

## header list ( DENY all - ALLOW listed )
header_access Accept allow all
header_access Accept-Encoding allow all
header_access Accept-Language allow all
header_access Authorization allow all
header_access Cache-Control allow all
header_access Content-Disposition allow all
header_access Content-Encoding allow all
header_access Content-Length allow all
header_access Content-Location allow all
header_access Content-Range allow all
header_access Content-Type allow all
header_access Cookie allow all
header_access Expires allow all
header_access Host allow all
header_access If-Modified-Since allow all
header_access Location allow all
header_access Range allow all
header_access Referer allow all
header_access Set-Cookie allow all
header_access WWW-Authenticate allow all
header_access All deny all

##########  END  ###########
	#
	### Calomel.org Squid squid.conf
	#
	########### squid.conf ###########
	#
	## interface, port and proxy type
	#http_port 10.10.10.1:8080 transparent
	http_port 10.10.10.1:8080

	## general options
	cache_mgr not_to_be_disturbed
	client_db on
	collapsed_forwarding on
	detect_broken_pconn on
	dns_defnames on
	dns_retransmit_interval 2 seconds
	dns_timeout 5 minutes
	forwarded_for off
	half_closed_clients off
	httpd_suppress_version_string on
	ignore_unknown_nameservers on
	pipeline_prefetch on
	retry_on_error on
	strip_query_terms off
	uri_whitespace strip
	visible_hostname localhost

	## timeouts
	forward_timeout 30 seconds
	connect_timeout 30 seconds
	read_timeout 30 seconds
	request_timeout 30 seconds
	persistent_request_timeout 1 minute
	client_lifetime 20 hours

	## host definitions
	acl all src 0.0.0.0/0
	acl localhost src 127.0.0.1/255.255.255.255
	acl to_localhost dst 127.0.0.0/8

	## proxy server client access
	acl mynetworks src 127.0.0.0/8 10.10.10.0/28
	http_access deny !mynetworks

	## max connections per ip
	acl maxuserconn src 127.0.0.0/8 10.0.10.0/28
	acl limitusercon maxconn 500
	http_access deny maxuserconn limitusercon

	## disable caching
	cache deny all
	cache_dir null /tmp

	## disable multicast icp
	icp_port 0
	icp_access deny all

	## disable ident lookups
	ident_lookup_access deny all

	## no-trust for on-the-fly Content-Encoding
	acl apache rep_header Server ^Apache
	broken_vary_encoding allow apache

	## logs
	logformat combined [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
	access_log /var/log/squid/access.log combined
	cache_store_log /var/log/squid/store.log
	cache_log /var/log/squid/cache.log
	logfile_rotate 8

	## support files
	coredump_dir /tmp
	pid_filename /var/log/squid/squid.pid

	## ports allowed
	acl Safe_ports port 80 443
	http_access deny !Safe_ports

	## ssl ports/method allowed
	acl SSL_ports port 443
	acl CONNECT method CONNECT
	http_access deny CONNECT !SSL_ports

	## protocols allowed
	acl Safe_proto proto HTTP SSL
	http_access deny !Safe_proto

	## browsers allowed
	# acl Safe_browser browser ^Mozilla/5\.0.*Firefox/2\.0\.0\.6
	# http_access deny !Safe_Browser

	## disable ads ( //squid_adservers.html )
	# acl ads dstdom_regex "/etc/squid/ad_block.txt"
	# http_access deny ads
	# deny_info TCP_RESET ads

	## Banned Sites
	# acl Bad_Site dstdom_regex myspace.com youtube.com facebook.com
	# http_access deny Bad_Site

	## redirector
	# acl my_url dstdomain SITE_NAME.COM
	# redirector_access allow my_url
	# redirect_children 1
	# redirect_rewrites_host_header off
	# redirect_program /etc/squid/squid_redirector.pl

	## methods allowed
	acl Safe_method method CONNECT GET HEAD POST
	http_access deny !Safe_method

	## allow replies to client requests
	http_reply_access allow all

	## header re-write
	# header_replace Accept /
	# header_replace Accept-Encoding gzip
	# header_replace Accept-Language en
	header_replace User-Agent OurBrowser/1.0 (Some Name)

	## header list ( DENY all - ALLOW listed )
	header_access Accept allow all
	header_access Accept-Encoding allow all
	header_access Accept-Language allow all
	header_access Authorization allow all
	header_access Cache-Control allow all
	header_access Content-Disposition allow all
	header_access Content-Encoding allow all
	header_access Content-Length allow all
	header_access Content-Location allow all
	header_access Content-Range allow all
	header_access Content-Type allow all
	header_access Cookie allow all
	header_access Expires allow all
	header_access Host allow all
	header_access If-Modified-Since allow all
	header_access Location allow all
	header_access Range allow all
	header_access Referer allow all
	header_access Set-Cookie allow all
	header_access WWW-Authenticate allow all
	header_access All deny all

	########## END ###########