mirror of
https://github.com/YunoHost-Apps/squid3_ynh.git
synced 2024-09-03 20:26:11 +02:00
54 lines
2 KiB
SquidConf
54 lines
2 KiB
SquidConf
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
|
||
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
|
||
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
|
||
acl SSL_ports port 443 # https
|
||
acl SSL_ports port 563 # snews
|
||
acl SSL_ports port 873 # rsync
|
||
acl Safe_ports port 80 # http
|
||
acl Safe_ports port 21 # ftp
|
||
acl Safe_ports port 443 # https
|
||
acl Safe_ports port 70 # gopher
|
||
acl Safe_ports port 210 # wais
|
||
acl Safe_ports port 1025-65535 # unregistered ports
|
||
acl Safe_ports port 280 # http-mgmt
|
||
acl Safe_ports port 488 # gss-http
|
||
acl Safe_ports port 591 # filemaker
|
||
acl Safe_ports port 777 # multiling http
|
||
acl Safe_ports port 631 # cups
|
||
acl Safe_ports port 873 # rsync
|
||
acl Safe_ports port 901 # SWAT
|
||
acl purge method PURGE
|
||
acl CONNECT method CONNECT
|
||
|
||
###Directive pour n’autoriser que les comptes enregistrés dans le LDAP de Yunohost
|
||
auth_param basic program /usr/lib/__SQUID__/basic_ldap_auth -b dc=yunohost,dc=org -h 127.0.0.1 -f "uid=%s"
|
||
|
||
auth_param basic children 50
|
||
auth_param basic realm Web-Proxy
|
||
auth_param basic credentialsttl 1 minute
|
||
acl ldap_auth proxy_auth REQUIRED
|
||
|
||
visible_hostname web-proxy
|
||
http_access allow ldap_auth
|
||
http_access allow manager localhost
|
||
http_access deny manager
|
||
http_access allow purge localhost
|
||
http_access deny purge
|
||
http_access deny !Safe_ports
|
||
http_access deny CONNECT !SSL_ports
|
||
http_access allow localhost
|
||
http_access deny all
|
||
|
||
##cache DNS en local
|
||
dns_nameservers 127.0.0.1
|
||
##Port d'écoute du Proxy
|
||
http_port __PORT__
|
||
forwarded_for off ### mode transparant, la vrai IP est cachée
|
||
cache_dir aufs /var/spool/__SQUID__ 10000 16 256
|
||
hierarchy_stoplist cgi-bin ?
|
||
access_log /var/log/__SQUID__/access.log squid
|
||
refresh_pattern ^ftp: 1440 20% 10080
|
||
refresh_pattern ^gopher: 1440 0% 1440
|
||
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
|
||
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
|
||
refresh_pattern . 0 20% 4320
|