Live Journal

All About Log

squid.conf Pl@Net standar

# Do not modify ‘/var/smoothwall/proxy/squid.conf’ directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface!
# Instead, modify the file ‘/var/smoothwall/proxy/advanced/acls/include.acl’ and
# then restart the proxy service using the web interface. Changes made to the
# ‘include.acl’ file will propagate to the ‘squid.conf’ file at that time.

shutdown_lifetime 5 seconds
icp_port 0


acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

cache_effective_user squid
cache_effective_group squid
umask 022

pid_filename /var/run/

cache_mem 6 MB
cache_dir aufs /var/squid/cache 12000 16 256

error_directory /usr/local/squid/advproxy/errors.swe/English

memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none

log_mime_hdrs off
emulate_httpd_log on
forwarded_for off
via off

acl within_timeframe time MTWHFAS 00:00-24:00

acl all src
acl localhost src
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 800 # Squids port (for icons)

acl SWE_http  port 81
acl SWE_https port 441
acl SWE_ips              dst
acl SWE_networks         src “/var/smoothwall/proxy/advanced/acls/src_subnets.acl”
acl SWE_servers          dst “/var/smoothwall/proxy/advanced/acls/src_subnets.acl”
acl SWE_green_network    src
acl SWE_green_servers    dst

#Access to squid:
#local machine, no restriction
http_access allow         localhost

#GUI admin if local machine connects
http_access allow         SWE_ips SWE_networks SWE_http
http_access allow CONNECT SWE_ips SWE_networks SWE_https

#Deny not web services
http_access deny          !Safe_ports
http_access deny  CONNECT !SSL_ports

#Set custom configured ACLs
http_access allow SWE_networks within_timeframe
http_access deny  all

#Strip HTTP Header
header_access X-Forwarded-For deny all
header_access Via deny all

maximum_object_size 4096 KB
minimum_object_size 0 KB

request_body_max_size 0 KB
reply_body_max_size 0 allow all


url_rewrite_program /usr/sbin/squidGuard
url_rewrite_children 5


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: