opt/squid/squid.conf

# /etc/squid/squid.conf
#
# configuration file for squid
# for all options see /etc/squid/squid.conf.default
#

# Socket address where squid will listen
http_port 3128

# email-address of cache manager who will receive
# mail if cache dies
cache_mgr root

# Effective user/group squid will run
cache_effective_user squid
cache_effective_group squid

# Directory where cache swap files will be stored
# Size 100MB, 16/256 subdirecctories
cache_dir ufs /var/squid 100 16 256

# Log files
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

# Where the error-messages and icons are stored
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors

# Filename to write the process-id to 
pid_filename /var/run/squid.pid

# Minimum access lists
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443 	# https, snews
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

# ACL for local network
acl local_net src 192.168.0.0/24

# Allow cachemgr access from localhost and local network
http_access allow manager localhost
http_access allow manager local_net
http_access deny manager

# Deny requests to unknown ports
http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports

# Allow access from localhost and local network
http_access allow localhost
http_access allow local_net

# Deny the rest
http_access deny all

# End of file