You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

80 lines
2.6 KiB

  1. #
  2. # Recommended minimum configuration:
  3. #
  4. # Example rule allowing access from your local networks.
  5. # Adapt to list your (internal) IP networks from where browsing
  6. # should be allowed
  7. acl localnet src 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
  8. acl localnet src 10.0.0.0/8 # RFC 1918 local private network (LAN)
  9. acl localnet src 100.64.0.0/10 # RFC 6598 shared address space (CGN)
  10. acl localhet src 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
  11. acl localnet src 172.16.0.0/12 # RFC 1918 local private network (LAN)
  12. acl localnet src 192.168.0.0/16 # RFC 1918 local private network (LAN)
  13. acl localnet src fc00::/7 # RFC 4193 local private network range
  14. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  15. acl SSL_ports port 443
  16. acl Safe_ports port 80 # http
  17. acl Safe_ports port 21 # ftp
  18. acl Safe_ports port 443 # https
  19. acl Safe_ports port 70 # gopher
  20. acl Safe_ports port 210 # wais
  21. acl Safe_ports port 1025-65535 # unregistered ports
  22. acl Safe_ports port 280 # http-mgmt
  23. acl Safe_ports port 488 # gss-http
  24. acl Safe_ports port 591 # filemaker
  25. acl Safe_ports port 777 # multiling http
  26. acl CONNECT method CONNECT
  27. #
  28. # Recommended minimum Access Permission configuration:
  29. #
  30. # Deny requests to certain unsafe ports
  31. http_access deny !Safe_ports
  32. # Deny CONNECT to other than secure SSL ports
  33. http_access deny CONNECT !SSL_ports
  34. # Only allow cachemgr access from localhost
  35. http_access allow localhost manager
  36. http_access deny manager
  37. # We strongly recommend the following be uncommented to protect innocent
  38. # web applications running on the proxy server who think the only
  39. # one who can access services on "localhost" is a local user
  40. #http_access deny to_localhost
  41. #
  42. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  43. #
  44. # Example rule allowing access from your local networks.
  45. # Adapt localnet in the ACL section to list your (internal) IP networks
  46. # from where browsing should be allowed
  47. http_access allow localnet
  48. http_access allow localhost
  49. # And finally deny all other access to this proxy
  50. http_access deny all
  51. # Uncomment and adjust the following to add a disk cache directory.
  52. #cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256
  53. #
  54. # Add any of your own refresh_pattern entries above these.
  55. #
  56. refresh_pattern ^ftp: 1440 20% 10080
  57. refresh_pattern ^gopher: 1440 0% 1440
  58. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  59. refresh_pattern . 0 20% 4320
  60. # Squid user
  61. cache_effective_user squid
  62. #
  63. # Logs, best to use only for debugging as they can become very large
  64. #
  65. access_log none # daemon:/tmp/squid_access.log
  66. cache_log /dev/null # /tmp/squid_cache.log