squid-example-conf/redame.md

SQUID EXAMPLE CONF

acl localnet src all               # Allow all IPs (replaces 0.0.0.0/0)
# Remove the following two lines as 'fc00::/7' and 'fe80::/10' overlap with '::/0'
# acl localnet src fc00::/7       # RFC 4193 local private network range
# acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines


acl SSL_ports port 1-65535
acl Safe_ports port 1-65535
# acl SSL_ports port 443
# acl Safe_ports port 80             # http
# acl Safe_ports port 21             # ftp
# acl Safe_ports port 443            # https
# acl Safe_ports port 70             # gopher
# acl Safe_ports port 210            # wais
# acl Safe_ports port 1025-65535     # unregistered ports
# acl Safe_ports port 280            # http-mgmt
# acl Safe_ports port 488            # gss-http
# acl Safe_ports port 591            # filemaker
# acl Safe_ports port 777            # multiling http
acl CONNECT method CONNECT

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd
auth_param basic realm BitMasterProxy
acl authenticated proxy_auth REQUIRED

# Allow authenticated users and deny everything else
http_access allow authenticated
http_access deny all

# Only allow cachemgr access from localhost
http_access allow all manager
http_access deny manager

# Squid listens on port 3128
http_port 3128

# Uncomment and adjust to add a disk cache directory
cache_dir ufs /var/spool/squid 100 16 256

# Default logging settings
access_log daemon:/var/log/squid/access.log squid
cache_log /var/log/squid/cache.log

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Store ID bypass and caching settings
cache deny all
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320