| 1 | ### BEGIN LLIUREX_CHANGES ### |
|---|
| 2 | # /etc/squid/squid.conf |
|---|
| 3 | # |
|---|
| 4 | ###################################################### |
|---|
| 5 | ## Some sections of this file are ## |
|---|
| 6 | ## AUTOMATICALLY GENERATED or MODIFIED by LliureX, ## |
|---|
| 7 | ###################################################### |
|---|
| 8 | ## |
|---|
| 9 | # |
|---|
| 10 | http_port {{ SRV_IP }}:{{ PROXY_HTTP_PORT }} |
|---|
| 11 | http_port 127.0.0.1:{{ PROXY_HTTP_PORT }} |
|---|
| 12 | visible_hostname {{ PROXY_HOST }} |
|---|
| 13 | dns_nameservers server |
|---|
| 14 | # enabling single-word hostnames resolution |
|---|
| 15 | dns_defnames on |
|---|
| 16 | #enabling ipv4 resolution first |
|---|
| 17 | dns_v4_first on |
|---|
| 18 | acl SSL_ports port "/etc/squid/lliurex/allow-SSL-ports.conf" |
|---|
| 19 | acl our_networks src "/etc/squid/lliurex/allow-src-networks.conf" |
|---|
| 20 | acl allow_dst dst "/etc/squid/lliurex/allow-dst-networks.conf" |
|---|
| 21 | acl deny_dst dst "/etc/squid/lliurex/deny-dst-networks.conf" |
|---|
| 22 | acl allow_domain dstdomain "/etc/squid/lliurex/allow-dst-domains.conf" |
|---|
| 23 | acl deny_domain dstdomain "/etc/squid/lliurex/deny-dst-domains.conf" |
|---|
| 24 | acl deny_domain_expr dstdom_regex "/etc/squid/lliurex/deny-dst-domains-expr.conf" |
|---|
| 25 | |
|---|
| 26 | |
|---|
| 27 | acl HOSTS dst "/etc/squid/lliurex/no_cache_networks.conf" |
|---|
| 28 | no_cache deny HOSTS |
|---|
| 29 | deny_info http://{{ PROXY_HOST }}/lliurex-proxy/deny allow_dst |
|---|
| 30 | deny_info http://{{ PROXY_HOST }}/lliurex-proxy/deny deny_dst |
|---|
| 31 | # set cache dir size in MB in 16 folders with 256 subfolders, aufs--> multithread with POSIX threads mode |
|---|
| 32 | cache_dir aufs /var/spool/squid 4000 16 256 |
|---|
| 33 | # set the RAM memory used by squid (recommends 1/3 of total ram memory) |
|---|
| 34 | cache_mem 512 MB |
|---|
| 35 | # objects bigger than this size aren't stored in cache |
|---|
| 36 | maximum_object_size {{ PROXY_MAX_FILE_SIZE }} KB |
|---|
| 37 | pid_filename /var/run/squid.pid |
|---|
| 38 | |
|---|
| 39 | |
|---|
| 40 | #acl manager proto cache_object |
|---|
| 41 | acl localhost src 127.0.0.1/32 |
|---|
| 42 | acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 |
|---|
| 43 | |
|---|
| 44 | acl Safe_ports port 80 # http |
|---|
| 45 | acl Safe_ports port 21 # ftp |
|---|
| 46 | acl Safe_ports port 443 # https |
|---|
| 47 | acl Safe_ports port 70 # gopher |
|---|
| 48 | acl Safe_ports port 210 # wais |
|---|
| 49 | acl Safe_ports port 1025-65535 # unregistered ports |
|---|
| 50 | acl Safe_ports port 280 # http-mgmt |
|---|
| 51 | acl Safe_ports port 488 # gss-http |
|---|
| 52 | acl Safe_ports port 591 # filemaker |
|---|
| 53 | acl Safe_ports port 777 # multiling http |
|---|
| 54 | acl CONNECT method CONNECT |
|---|
| 55 | |
|---|
| 56 | http_access deny manager |
|---|
| 57 | |
|---|
| 58 | http_access deny CONNECT !SSL_ports |
|---|
| 59 | |
|---|
| 60 | http_access allow allow_dst |
|---|
| 61 | http_access deny deny_dst |
|---|
| 62 | http_access deny deny_domain |
|---|
| 63 | http_access deny deny_domain_expr |
|---|
| 64 | http_access allow allow_domain |
|---|
| 65 | http_access deny !Safe_ports |
|---|
| 66 | http_access allow our_networks |
|---|
| 67 | http_access allow localhost |
|---|
| 68 | http_access deny all |
|---|
| 69 | |
|---|
| 70 | icp_access deny all |
|---|
| 71 | |
|---|
| 72 | hierarchy_stoplist cgi-bin ? |
|---|
| 73 | |
|---|
| 74 | access_log /var/log/squid/access.log squid |
|---|
| 75 | |
|---|
| 76 | refresh_pattern ^ftp: 1440 20% 10080 |
|---|
| 77 | refresh_pattern ^gopher: 1440 0% 1440 |
|---|
| 78 | refresh_pattern (cgi-bin|\?) 0 0% 0 |
|---|
| 79 | refresh_pattern . 00 20% 4320 |
|---|
| 80 | |
|---|
| 81 | icp_port 3130 |
|---|
| 82 | |
|---|
| 83 | coredump_dir /var/spool/squid |
|---|
