opt/squid/squid.conf

# /etc/squid/squid.conf
#
# configuration file for squid
# for all options see /etc/squid/squid.conf.default
#

# Socket address where squid will listen
http_port 3128

# email-address of cache manager who will receive
# mail if cache dies
cache_mgr root

# Effective user/group squid will run
cache_effective_user squid
cache_effective_group squid

# Directory where cache swap files will be stored
# Size 100MB, 16/256 subdirecctories
cache_dir ufs /var/squid 100 16 256

# Log files
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# Where the error-messages and icons are stored
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors

# Filename to write the process-id to 
pid_filename /var/run/squid.pid

# Minimum access lists
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443 563	# https, snews
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

# ACL for local network
acl local_net src 192.168.0.0/24

# Allow cachemgr access from localhost and local network
http_access allow manager localhost
http_access allow manager local_net
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

# Allow access from localhost and local network
http_access allow localhost
http_access allow local_net

# Deny the rest
http_access deny all

# End of file
create branch for 2.2 2006-02-23 15:26:10 +00:00			`# /etc/squid/squid.conf`
			`#`
			`# configuration file for squid`
			`# for all options see /etc/squid/squid.conf.default`
			`#`

			`# Socket address where squid will listen`
			`http_port 3128`

			`# email-address of cache manager who will receive`
			`# mail if cache dies`
			`cache_mgr root`

			`# Effective user/group squid will run`
			`cache_effective_user squid`
			`cache_effective_group squid`

			`# Directory where cache swap files will be stored`
			`# Size 100MB, 16/256 subdirecctories`
			`cache_dir ufs /var/squid 100 16 256`

			`# Log files`
			`cache_access_log /var/log/squid/access.log`
			`cache_log /var/log/squid/cache.log`
			`cache_store_log /var/log/squid/store.log`

			`# Where the error-messages and icons are stored`
			`icon_directory /usr/share/squid/icons`
			`error_directory /usr/share/squid/errors`

			`# Filename to write the process-id to`
			`pid_filename /var/run/squid.pid`

			`# Minimum access lists`
			`acl all src 0.0.0.0/0.0.0.0`
			`acl manager proto cache_object`
			`acl localhost src 127.0.0.1/255.255.255.255`
			`acl SSL_ports port 443 563`
			`acl Safe_ports port 80 # http`
			`acl Safe_ports port 21 # ftp`
			`acl Safe_ports port 443 563 # https, snews`
			`acl Safe_ports port 70 # gopher`
			`acl Safe_ports port 210 # wais`
			`acl Safe_ports port 1025-65535 # unregistered ports`
			`acl Safe_ports port 280 # http-mgmt`
			`acl Safe_ports port 488 # gss-http`
			`acl Safe_ports port 591 # filemaker`
			`acl Safe_ports port 777 # multiling http`
			`acl CONNECT method CONNECT`

			`# ACL for local network`
			`acl local_net src 192.168.0.0/24`

			`# Allow cachemgr access from localhost and local network`
			`http_access allow manager localhost`
			`http_access allow manager local_net`
			`http_access deny manager`

			`# Deny requests to unknown ports`
			`http_access deny !Safe_ports`

			`# Deny CONNECT to other than SSL ports`
			`http_access deny CONNECT !SSL_ports`

			`# Allow access from localhost and local network`
			`http_access allow localhost`
			`http_access allow local_net`

			`# Deny the rest`
			`http_access deny all`

			`# End of file`