-
Notifications
You must be signed in to change notification settings - Fork 0
/
squid.conf
79 lines (67 loc) · 2.71 KB
/
squid.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Minimal Squid3 configuration file that uses a PHP script for authetication and
# port filtering.
#
# Full project:
# https://github.com/Luxian/squid3_php_auth
### General configuration
# This is the port you need to configure in browser when defining proxy server
# and port number
http_port 3128
# To boost the performance of pipelined requests to closer
# match that of a non-proxied environment Squid can try to fetch
# up to two requests in parallel from a pipeline.
#
# Defaults to off for bandwidth management and access logging
# reasons.
pipeline_prefetch on
### Authentication helper (Login)
# Command to run
# Change /usr/bin/php to the path returned by the following command:
# which php
#
# In Debian/Ubuntu usually is /usr/bin/php
auth_param basic program /usr/bin/php /etc/squid3/auth.php
# This is the number of processes that Squid will have to do concurrent
# authentications for all the clients. If you set too low a number and
# authentications are coming in too quickly, Squid will have to wait for a
# helper to finish an authentication cycle before trying with the next key pair
#
# If it's a personal server (few users), keep this to minimum to save memory
auth_param basic children 1
# This tells Squid how long an already authenticated user/password pair will
# be valid without needing to ask a helper to re-authenticate
#
# Setting this to a bigger value compensates for the small children value
auth_param basic credentialsttl 5 hours
# Create a AuthenticateClientList (ACL) that requires login
acl AuthenticatedUsers proxy_auth REQUIRED
# This might is required to make https pages accessible
# Solution found here:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660489#10
# Documentation: http://www.squid-cache.org/Doc/config/tcp_outgoing_address/
tcp_outgoing_address 0.0.0.0 all
### Port filtering
# List of ports user is allowed to connect. If user tries to connect to a port
# that is not defined in that list will get an error.
#
# For example: htpp://www.example.com:1234 will not work
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
### Finally, define which ACL to be used
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Allow clients only after login
http_access allow AuthenticatedUsers
# Deny all other request
http_access deny all