Search squid archive

Re: Squid proxy not working when upgrade from 27 to 3.5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



#
# Recommended minimum configuration:
#

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
# RFC1918 possible internal network
# RFC1918 possible internal network
# RFC1918 possible internal network
# RFC 4193 local private network range
# RFC 4291 link-local (directly plugged) machines
# http
# ftp
# https
# gopher
# wais
# unregistered ports
# http-mgmt
# gss-http
# filemaker
# multiling http
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443 8000 8004 8005
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT

access_log /var/log/squid/access.log

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
# Deny CONNECT to other than secure SSL ports
# Only allow cachemgr access from localhost
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
# Allow localhost always proxy functionality
# And finally deny all other access to this proxy
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Squid normally listens to port 3128
#http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir aufs /var/cache/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/cache/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20 10080
refresh_pattern ^gopher: 1440 0 1440
refresh_pattern -i  (/cgi-bin/|\?) 0 0 0
refresh_pattern . 0 20 4320

cache_dir ufs /var/cache/squid 100 16 256

cache_log /var/log/squid/cache.log

cache_mem 8 MB

cache_mgr webmaster

cache_replacement_policy lru

cache_store_log /var/log/squid/store.log

cache_swap_high 95

cache_swap_low 90

client_lifetime 1 days

connect_timeout 2 minutes

error_directory /usr/share/squid/errors/en

ftp_passive on

maximum_object_size 4096 KB

memory_replacement_policy lru

minimum_object_size 0 KB

visible_hostname oul163.ouhk.edu.hk
http_port 3128 accel vhost defaultsite=oul163.ouhk.edu.hk
#https_port 80 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8000 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8004 accel cert=/etc/squid/certs/ouhk2.crt
key=/etc/squid/certs/ouhk2.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk.crt
key=/etc/squid/certs/ouhk.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#https_port 8005 accel cert=/etc/squid/certs/ouhk3.crt
key=/etc/squid/certs/ouhk3.key defaultsite=oul163.ouhk.edu.hk vhost
protocol=https options=NO_SSLv3:NO_SSLv2
#ssl_bump allow all
#              Disable the following one
#ssl_bump options=NO_SSLv3
#always_direct allow all
#              Disable the following one
#sslproxy_cert_error allow all
sslproxy_options NO_SSLv3:NO_SSLv2

# the proxy-only indicates that caching will not be performed.
#cache_peer 192.168.31.113 parent 8001 0 proxy-only name=prdhrms
#cache_peer_domain prdhrms prdhrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8005 0 ssl sslflags=DONT_VERIFY_DOMAIN
proxy-only name=uathrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer_domain uathrms uathrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8004 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=sithrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer_domain sithrms sithrms.ouhk.edu.hk
#cache_peer 192.168.31.134 parent 8000 0 ssl sslflags=DONT_VERIFY_PEER
proxy-only name=devhrms ssloptions=NO_SSLv3:NO_SSLv2
#cache_peer 192.168.31.134 parent 8000 0 proxy-only originserver
name=devhrms ssll sslcafile=/certs/star_ouhk_edu_hk.crt
#cache_peer_domain devhrms devhrms.ouhk.edu.hk

# Create an additional ACL for local network access
acl localip src 192.168.0.0/24

# access control list
acl hrmsacl dstdomain .ouhk.edu.hk
http_access allow hrmsacl
#acl hrmsacl2 dstdomain devhrms.ouhk.edu.hk
#cache_peer_access devhrms allow hrmsacl2
#cache_peer_access prdhrms allow hrmsacl
#cache_peer_access uathrms allow hrmsacl
#cache_peer_access sithrms allow hrmsacl
#cache_peer_access devhrms allow hrmsacl
#cache_peer_access secure allow SSL_ports
cache_peer 192.168.31.113 parent 8001 1 proxy-only name=prdhrms
acl prdhrms-domain dstdomain prdhrms.ouhk.edu.hk
cache_peer_access prdhrms allow prdhrms-domain

cache_peer 192.168.31.134 parent 8005 0  proxy-only name=uathrms
acl uathrms-domain dstdomain uathrms.ouhk.edu.hk
cache_peer_access uathrms allow uathrms-domain

cache_peer 192.168.31.134 parent 8004 2  proxy-only name=sithrms
acl sithrms-domain dstdomain sithrms.ouhk.edu.hk
cache_peer_access sithrms allow sithrms-domain

cache_peer 192.168.31.134 parent 8000 3  proxy-only name=devhrms
acl devhrms-domain dstdomain devhrms.ouhk.edu.hk
cache_peer_access devhrms allow devhrms-domain




--
Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux