Proxy Squid

/ / Published in Sistemistica, Tips & Tricks, vpn

squid.conf

http_port 8081
#http_port 10.1.1.5:8082
pid_filename /var/run/squid3-2.pid
cache_mgr [email protected]
visible_hostname NETLITEPROXY
#dns_nameservers 8.8.8.8 8.8.4.4 208.67.222.123 208.67.220.123
dns_nameservers 10.5.1.5
dns_timeout 1 minutes
positive_dns_ttl 1 hours
negative_dns_ttl 10 minutes
fqdncache_size 51200
ipcache_size 51200
#pipeline_prefetch on
cache_dir aufs /var/lib/vz/squid/cache/squid3-2/aufs-small 1024 16 256 max-size=32768
cache_dir aufs /var/lib/vz/squid/cache/squid3-2/aufs-large 4096 16 256
cache_mem 2048 MB
minimum_object_size 0 KB
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
memory_pools on
maximum_object_size 128 MB
minimum_object_size 0 KB
maximum_object_size_in_memory 512 KB
ie_refresh on
cache_access_log /var/log/squid3/access-2.log
#cache_access_log /dev/null
#cache_log /var/log/squid3/cache-2.log
cache_log /dev/null
#cache_store_log /var/log/squid3/store-2.log
cache_store_log /dev/null
logfile_rotate 0
log_mime_hdrs off
log_icp_queries off
buffered_logs on
redirect_rewrites_host_header off
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl SSL_ports port 443          # https
acl SSL_ports port 563          # snews
acl SSL_ports port 873          # rsync
acl SSL_ports port 8080          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
debug_options ALL,1
client_lifetime 12 hour
half_closed_clients off
pconn_timeout 5 minutes
request_timeout 5 minutes
connect_timeout 30 seconds
authenticate_ttl 15 minutes
authenticate_ip_ttl 15 minutes
max_open_disk_fds 32768
acl java_jvm browser Java/1. J/SSL
#acl localhost src 127.0.0.1/32
#acl reti_abilitate src 127.0.0.1/32
acl reti_abilitate src 10.5.1.0/24
acl netlite src 212.29.137.82/32 #netlite office
acl netlite src 87.248.52.82/32 #netlite office
acl no_cache_siti dstdomain "/etc/squid3/no-cache-siti.txt"
acl siti_pubblici dstdomain "/etc/squid3/siti-pubblici.txt"
acl lan-allowed-ip src "/etc/squid3/good-lan-ip.txt"
http_access allow lan-allowed-ip
# MAC Utenti Bovolone
acl MAC arp "/etc/squid3/mac.txt"
acl emerge browser Wget
http_access allow emerge
always_direct allow emerge
acl aptupdate browser APT-HTTP
http_access allow aptupdate
always_direct allow aptupdate
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny connect !SSL_ports
http_access allow netlite
http_access deny !reti_abilitate
http_access allow siti_pubblici
http_access allow java_jvm
no_cache deny no_cache_siti
always_direct allow no_cache_siti
#request_header_access Allow allow all
#request_header_access Authorization allow all
#request_header_access WWW-Authenticate allow all
#request_header_access Proxy-Authorization allow all
#request_header_access Proxy-Authenticate allow all
#request_header_access Cache-Control allow all
#request_header_access Content-Encoding allow all
#request_header_access Content-Length allow all
#request_header_access Content-Type allow all
#request_header_access Date allow all
#request_header_access Expires allow all
#request_header_access Host allow all
#request_header_access If-Modified-Since allow all
#request_header_access Last-Modified allow all
#request_header_access Location allow all
#request_header_access Pragma allow all
#request_header_access Accept allow all
#request_header_access Accept-Charset allow all
#request_header_access Accept-Encoding allow all
#request_header_access Accept-Language allow all
#request_header_access Content-Language allow all
#request_header_access Mime-Version allow all
#request_header_access Retry-After allow all
#request_header_access Title allow all
#request_header_access Connection allow all
#request_header_access Proxy-Connection allow all
#request_header_access User-Agent allow all
#request_header_access From allow all
#request_header_access Referer allow all
#request_header_access Cookie allow all
#request_header_access All deny all
request_header_access All allow all
follow_x_forwarded_for deny all
forwarded_for delete
via off
forwarded_for off
http_reply_access allow all
icp_access allow all
coredump_dir /var/cache
balance_on_multiple_ip off
#http_access deny !MAC
# utilizzati per ftp anonimo
ftp_user [email protected]
ftp_passive on
acl ftp proto FTP
acl ftp_port port 21
http_access allow ftp_port CONNECT
ftp_epsv off
#dns_v4_first on
http_access allow all

andrea

Tagged under: , , , , , , ,

What you can read next

Reverse Proxy Apache HTTPS High Security and Mod_Security
Ubuntu Server e versioni multiple di PHP
Forti client SSL VPN CLI come collegarsi in vpn con Linux

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

Questo sito utilizza Akismet per ridurre lo spam. Scopri come vengono elaborati i dati derivati dai commenti.