File "squid.conf"
Full path: /www/wwwroot/fabriciovc.eti.br/downloads/scripts/snmp/squid.conf
File size: 7.32 KiB (7497 bytes)
MIME-type: text/plain
Charset: utf-8
#
# OPTIONS FOR AUTHENTICATION
# -----------------------------------------------------------------------------
# TAG: auth_param
#auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=dominio,dc=com,dc=br" -v 3 -f uid=%s -h 192.168.3.1
#auth_param basic children 5
#auth_param basic realm Digite Seu Login para acessar a Internet
#auth_param basic credentialsttl 1 hour
#auth_param basic casesensitive off
#external_acl_type ldap_group %LOGIN /usr/lib/squid/squid_ldap_group -R -b "dc=dominio,dc=com,dc=br" -f "(&(cn=%g)(memberuid=%u))" -h 192.168.3.1
# ACCESS CONTROLS
# -----------------------------------------------------------------------------
# TAG: acl
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/24
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 631 # cups
acl SSL_ports port 873 # rsync
acl SSL_ports port 2083 # webmail
acl SSL_ports port 2096 # webmail
acl SSL_ports port 7071 # zimbra
acl SSL_ports port 8000 # fsecure
acl SSL_ports port 8443 # UniFI
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 8011 # Datasoul
acl purge method PURGE
acl CONNECT method CONNECT
# TAG: http_access
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# -- ACLs ---------------------------------------------------------------------
# ACLs de usuarios
#acl proxy-acessototal external ldap_group proxy-acessototal
#acl proxy-downloads external ldap_group proxy-downloads
#acl proxy-bloqueado external ldap_group proxy-bloqueado
#acl proxy-rsocial external ldap_group proxy-rsocial
#acl proxy-youtube external ldap_group proxy-youtube
# ACL para pedir autenticacao
#acl password proxy_auth REQUIRED
# ACL para não fazer cache
acl nocache url_regex -i "/etc/squid/regras/nocache"
# ACL de downloads e sites
acl downloads urlpath_regex -i "/etc/squid/regras/downloads"
acl sites-bloqueados url_regex -i "/etc/squid/regras/sites-bloqueados"
acl sites-contabil url_regex -i "/etc/squid/regras/sites-contabil"
acl sites-downloads urlpath_regex -i "/etc/squid/regras/sites-downloads"
acl sites-liberados url_regex -i "/etc/squid/regras/sites-liberados"
acl sites-permitidos url_regex -i "/etc/squid/regras/sites-permitidos"
acl sites-proibidos url_regex -i "/etc/squid/regras/sites-proibidos"
acl sites-rsocial url_regex -i "/etc/squid/regras/sites-rsocial"
acl sites-youtube url_regex -i "/etc/squid/regras/sites-youtube"
# ACL de MACs
acl mac-permitidos arp "/etc/squid/regras/mac-permitidos"
# -- HTTP ACCESS --------------------------------------------------------------
# ACCESS - não fazer cache
no_cache deny nocache
# ACCESS - sites liberados
http_access allow sites-liberados
# ACCESS - liberar tudo
#http_access allow all
# ACCESS - macs e usuarios com acesso total
http_access allow mac-permitido
# ACCESS - sites permitidos mediante senha
http_access allow sites-permitidos
# ACCESS - sites proibidos
http_access deny sites-proibidos
# ACCESS - sites especificos liberados de acordo com usuario
http_access allow sites-contabil
http_access allow sites-rsocial
http_access allow sites-youtube
# ACCESS - controle de downloads
http_access allow sites-downloads
http_access deny downloads
# ACCESS - bloqueio de sites
http_access deny sites-bloqueados
http_access deny sites-downloads
http_access deny sites-rsocial
http_access deny sites-youtube
# ACCESS - usuarios autenticados liberados
http_access allow all
# =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# Allow localhost
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
# TAG: icp_access
icp_access allow localnet
icp_access deny all
# NETWORK OPTIONS
# -----------------------------------------------------------------------------
# TAG: http_port
http_port 3128 transparent
# TAG: https_port
# none
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------
# TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?
# MEMORY CACHE OPTIONS
# -----------------------------------------------------------------------------
# TAG: cache_mem (bytes)
cache_mem 8 MB
# TAG: maximum_object_size_in_memory (bytes)
maximum_object_size_in_memory 8 KB
# TAG: memory_replacement_policy
memory_replacement_policy lru
# DISK CACHE OPTIONS
# -----------------------------------------------------------------------------
# TAG: cache_peer
#cache_peer 172.16.2.253 parent 3128 0 no-query no-digest
#never_direct allow all
# TAG: cache_dir
#cache_dir aufs /var/spool/squid 1024 16 256
cache_dir aufs /var/spool/squid 10 16 256
# TAG: minimum_object_size (bytes)
minimum_object_size 0 KB
# TAG: maximum_object_size (bytes)
#maximum_object_size 20480 KB
maximum_object_size 1 KB
# TAG: fqdncache_size
fqdncache_size 1024
# TAG: negative_ttl
negative_ttl 1 minutes
# TAG: cache
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
# TAG: access_log
access_log /var/log/squid/access.log squid
# TAG: cache_log
cache_log /var/log/squid/cache.log
# TAG: cache_store_log
cache_store_log /var/log/squid/store.log
# TAG: logfile_rotate
logfile_rotate 7
# TAG: pid_filename
pid_filename /var/run/squid.pid
# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
# HTTP OPTIONS
# -----------------------------------------------------------------------------
# TAG: upgrade_http0.9
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
# TAG: broken_vary_encoding
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
# TAG: extension_methods
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
# ERROR PAGE OPTIONS
# -----------------------------------------------------------------------------
# TAG: error_directory
error_directory /usr/share/squid/errors/pt-br
# DNS OPTIONS
# -----------------------------------------------------------------------------
# TAG: hosts_file
# hosts_file /etc/hosts
# TAG: visible_hostname
visible_hostname roteador.pibcuritiba.org.br
# MISCELLANEOUS
# -----------------------------------------------------------------------------
# TAG: coredump_dir
coredump_dir /var/spool/squid