# -------------------------------------------------------------------------------------------------------------------- # # GENERAL OPTIONS # -------------------------------------------------------------------------------------------------------------------- # coredump_dir /var/spool/squid http_port 3128 # -------------------------------------------------------------------------------------------------------------------- # # OPTIONS FOR AUTHENTICATION # -------------------------------------------------------------------------------------------------------------------- # auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/users.conf auth_param basic children 10 auth_param basic realm Proxy Server auth_param basic credentialsttl 24 hours # -------------------------------------------------------------------------------------------------------------------- # # ACCESS CONTROLS # -------------------------------------------------------------------------------------------------------------------- # acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN). acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN). acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN). acl localnet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines. acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN). acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN). acl localnet src fc00::/7 # RFC 4193 local private network range. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines. # acl clients src 185.60.216.35 # Allowed client IP. # acl clients src 172.217.12.174 # Allowed client IP. # acl clients src 104.244.42.129 # Allowed client IP. acl SSL_ports port 443 acl Safe_ports port 80 acl Safe_ports port 21 acl Safe_ports port 443 acl Safe_methods method GET POST OPTIONS CONNECT acl users proxy_auth REQUIRED # Access permission configuration. http_access deny !Safe_ports http_access allow localnet http_access allow localhost http_access allow clients http_access allow users # Deny all other access to proxy. http_access deny all # -------------------------------------------------------------------------------------------------------------------- # # OPTIONS FOR TUNING THE CACHE # -------------------------------------------------------------------------------------------------------------------- # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # -------------------------------------------------------------------------------------------------------------------- # # SECURITY # -------------------------------------------------------------------------------------------------------------------- # httpd_suppress_version_string on via off forwarded_for delete follow_x_forwarded_for deny all reply_header_access X-Cache deny all reply_header_access X-Cache-Lookup deny all reply_header_access Server deny all request_header_access Allow allow all request_header_access Authorization allow all request_header_access WWW-Authenticate allow all request_header_access Proxy-Authorization allow all request_header_access Proxy-Authenticate allow all request_header_access Cache-Control allow all request_header_access Content-Encoding allow all request_header_access Content-Length allow all request_header_access Content-Type allow all request_header_access Date allow all request_header_access Expires allow all request_header_access Host allow all request_header_access If-Modified-Since allow all request_header_access Last-Modified allow all request_header_access Location allow all request_header_access Pragma allow all request_header_access Accept allow all request_header_access Accept-Charset allow all request_header_access Accept-Encoding allow all request_header_access Accept-Language allow all request_header_access Content-Language allow all request_header_access Mime-Version allow all request_header_access Retry-After allow all request_header_access Title allow all request_header_access Connection allow all request_header_access Proxy-Connection allow all request_header_access User-Agent allow all request_header_access All deny all