» » Original squid ClearOS 5.2

# ORIGINAL SQUID CLEAROS 5.2

# OPTIONS FOR AUTHENTICATION #
auth_param basic program /usr/lib/squid/squid_ldap_auth -b "ou=Users,ou=Accounts,dc=clearos,dc=lan" -f "(&(pcnProxyFlag=TRUE)(uid=%s))" -h 127.0.0.1 -D "cn=manager,cn=internal,dc=clearos,dc=lan" -W /etc/squid/ldap.conf -s one -v 3 -U pcnProxyPassword -d auth_param basic children 50 auth_param basic realm ClearOS Enterprise - Web Proxy auth_param basic credentialsttl 2 hours
 
# ACCESS CONTROLS #

#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$ 
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.0/8
# webconfig: acl_start acl webconfig_lan src 192.168.1.0/24
acl webconfig_to_lan dst 192.168.1.0/24

# webconfig: acl_end acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 acl SSL_ports port 81 83 10000
acl Safe_ports port 80 acl Safe_ports port 21
acl Safe_ports port 443 acl Safe_ports port 70
acl Safe_ports port 210 acl Safe_ports port 1025-65535
acl Safe_ports port 280 acl Safe_ports port 488
acl Safe_ports port 591 acl Safe_ports port 777
acl Safe_ports port 81 82 83 10000
acl CONNECT method CONNECT

#selalu menerima cachemgr akses dari localhost http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # http_access allow localhost http_access allow webconfig_to_lan http_access allow webconfig_lan http_access deny all icp_access allow reply_body_max_size 0 allow all 

# NETWORK OPTIONS #
# webconfig: http_port_start
http_port 192.168.1.1:3128 transparent
http_port 127.0.0.1:3128 transparent
# webconfig: http_port_end 

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM #

hierarchy_stoplist cgi-bin ? 
cache_dir ufs /var/spool/squid 10240 16 256
maximun_object_sizee 81920 KB access_log /var/log/squid/access.log squid url_rewrite_children 15 

# OPTIONS FOR TUNING THE CACHE #

acl QUERY urlpatch_regex cgi-bin \?
cache deny QUERY 

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320  # HTTP OPTIONS #

acl apache rep_header Server ^Apache broken_vary_encoding allow apache 

# ERROR PAGE OPTIONS #

error_directory /etc/squid/errors 
coredump_dir /var/spool/squid
# balance_on_multiple_ip on
follow_x_forwarded_for allow

Posted by
Labels:
at 12:32 PM
Next
Newer Post
Previous
This is the last post.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 
Top