This repository has been archived by the owner on Nov 16, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
squid.conf
84 lines (70 loc) · 2.61 KB
/
squid.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# cache size in MB / no. of subdirectories / no. of subsubdirectories
cache_dir ufs /var/spool/squid3 100 16 256
#maximum object size in cache (default: 4 MB)
#maximum_object_size 128 MB
maximum_object_size 4 MB
# Memory used for caching
cache_mem 32 MB
# No access log
#access_log /var/log/squid3/access.log combined
access_log none
# Hostname shown in messages
visible_hostname fff
# Bind Squid to port ... and configure as transparent proxy
http_port 3128 intercept
# In addition a forward proxy is required
http_port 3129
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
# Allow connects from Freifunk Franken network
acl fff src 10.50.0.0/16
# DNS by Freifunk-IP of localhost and Google DNS
dns_nameservers 10.50.32.5 8.8.8.8
# Bind outgoing address to Freifunk-Server IP to allow for VPN Routing
tcp_outgoing_address 10.50.32.5
udp_outgoing_address 10.50.32.5
# Privacy options
via off
forwarded_for delete
# standard http anonymizer
request_header_access From deny all
#request_header_access Referer deny all
#request_header_access User-Agent deny all
## paranoid http anonymizer
#request_header_access Authorization allow all
#request_header_access Proxy-Authorization allow all
#request_header_access Cache-Control allow all
#request_header_access Content-Length allow all
#request_header_access Content-Type allow all
#request_header_access Date allow all
#request_header_access Host allow all
#request_header_access If-Modified-Since allow all
#request_header_access Pragma allow all
#request_header_access Accept allow all
#request_header_access Accept-Charset allow all
#request_header_access Accept-Encoding allow all
#request_header_access Accept-Language allow all
#request_header_access Connection allow all
#request_header_access All deny all
# Access controls
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow fff
http_access allow localhost
http_access deny all