kipyegonmark · March 12, 2016 16:18 · Mar 12, 2016 · Mar 12, 2016
diff --git a/squid.conf b/squid.conf
@@ -0,0 +1,145 @@
+#
+### Calomel.org Squid  squid.conf
+#
+########### squid.conf ###########
+#
+## interface, port and proxy type
+#http_port 10.10.10.1:8080 transparent
+http_port 10.10.10.1:8080
+
+## general options
+cache_mgr not_to_be_disturbed
+client_db on
+collapsed_forwarding on
+detect_broken_pconn on
+dns_defnames on
+dns_retransmit_interval 2 seconds
+dns_timeout 5 minutes
+forwarded_for off
+half_closed_clients off
+httpd_suppress_version_string on
+ignore_unknown_nameservers on
+pipeline_prefetch on
+retry_on_error on
+strip_query_terms off
+uri_whitespace strip
+visible_hostname localhost
+
+## timeouts
+forward_timeout 30 seconds
+connect_timeout 30 seconds
+read_timeout 30 seconds
+request_timeout 30 seconds
+persistent_request_timeout 1 minute
+client_lifetime 20 hours
+
+## host definitions
+acl all src 0.0.0.0/0
+acl localhost src 127.0.0.1/255.255.255.255
+acl to_localhost dst 127.0.0.0/8
+
+## proxy server client access
+acl mynetworks src 127.0.0.0/8 10.10.10.0/28
+http_access deny !mynetworks
+
+## max connections per ip
+acl maxuserconn src 127.0.0.0/8 10.0.10.0/28
+acl limitusercon maxconn 500
+http_access deny maxuserconn limitusercon
+
+## disable caching
+cache deny all
+cache_dir null /tmp
+
+## disable multicast icp
+icp_port 0
+icp_access deny all
+
+## disable ident lookups
+ident_lookup_access deny all
+
+## no-trust for on-the-fly Content-Encoding
+acl apache rep_header Server ^Apache
+broken_vary_encoding allow apache
+
+## logs
+logformat combined [%tl] %>A %{Host}>h "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
+access_log /var/log/squid/access.log combined
+cache_store_log /var/log/squid/store.log
+cache_log  /var/log/squid/cache.log
+logfile_rotate 8
+
+## support files
+coredump_dir /tmp
+pid_filename /var/log/squid/squid.pid
+
+## ports allowed
+acl Safe_ports port 80 443
+http_access deny !Safe_ports
+
+## ssl ports/method allowed
+acl SSL_ports port 443
+acl CONNECT method CONNECT
+http_access deny CONNECT !SSL_ports
+
+## protocols allowed
+acl Safe_proto proto HTTP SSL
+http_access deny !Safe_proto
+
+## browsers allowed
+# acl Safe_browser browser ^Mozilla/5\.0.*Firefox/2\.0\.0\.6
+# http_access deny !Safe_Browser
+
+## disable ads ( //squid_adservers.html )
+# acl ads dstdom_regex "/etc/squid/ad_block.txt"
+# http_access deny ads
+# deny_info TCP_RESET ads
+
+## Banned Sites
+# acl Bad_Site dstdom_regex myspace.com youtube.com facebook.com 
+# http_access deny Bad_Site
+
+## redirector
+# acl my_url dstdomain SITE_NAME.COM
+# redirector_access allow my_url
+# redirect_children 1
+# redirect_rewrites_host_header off
+# redirect_program /etc/squid/squid_redirector.pl
+
+## methods allowed
+acl Safe_method method CONNECT GET HEAD POST
+http_access deny !Safe_method
+
+## allow replies to client requests
+http_reply_access allow all
+
+## header re-write
+# header_replace Accept */*
+# header_replace Accept-Encoding gzip
+# header_replace Accept-Language en
+header_replace User-Agent OurBrowser/1.0 (Some Name)
+
+## header list ( DENY all - ALLOW listed )
+header_access Accept allow all
+header_access Accept-Encoding allow all
+header_access Accept-Language allow all
+header_access Authorization allow all
+header_access Cache-Control allow all
+header_access Content-Disposition allow all
+header_access Content-Encoding allow all
+header_access Content-Length allow all
+header_access Content-Location allow all
+header_access Content-Range allow all
+header_access Content-Type allow all
+header_access Cookie allow all
+header_access Expires allow all
+header_access Host allow all
+header_access If-Modified-Since allow all
+header_access Location allow all
+header_access Range allow all
+header_access Referer allow all
+header_access Set-Cookie allow all
+header_access WWW-Authenticate allow all
+header_access All deny all
+
+##########  END  ###########