-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsquid-ubuntu.txt
93 lines (88 loc) · 3.47 KB
/
squid-ubuntu.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
auth_param basic program /usr/lib/squid3/pam_auth
auth_param basic children 5
auth_param basic realm Squid Proxy Restricted
auth_param basic credentialsttl 2 hours
#acl manager proto cache_object
#acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src 127.0.0.0/8 # RFC1918 possible internal network
acl SSL_ports port 443
acl SSL_ports port 9001 # webmin
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 9001 # webmin
acl CONNECT method CONNECT
#http_access allow manager
#http_access deny manager
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports
acl ncsaauth proxy_auth REQUIRED
http_access allow ncsaauth
http_access allow localnet
http_access allow localhost
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 9898
http_access deny all
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#icp_port 3130
#coredump_dir /var/spool/squid
#cache_dir ufs /var/spool/squid 50 16 256
#cache_mem 50 MB
cache deny all
# This needs to be "forwarded_for delete". it works in squid installed via yum but is sometimes leaked as "HTTP_X_FORWARDED_FOR = unknown" when tested.
forwarded_for delete
# I'm not sure if i need this next commented one. squid 3.0 ignores this.
via off
# Anonymising headers
request_header_access Allow allow all
# i need the following custom directives. squid 3.0 returns "error unknown header name" when they are included.
# request_header_access X_REQUESTED_WITH allow all
# request_header_access X_NEW_APP allow all
# request_header_access X_CSRFTOKEN allow all
# the rest are the standard Anonymising directives.
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all