apt cacher for debian
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

123 lines
4.2 KiB

  1. ## Tested and working on squid 3.3.10-r0 and Alpine 2.7.1 (kernel 3.10.19-0-grsec), 64-bit
  2. ## Example rule allowing access from your local networks.
  3. ## Adapt to list your (internal) IP networks from where browsing
  4. ## should be allowed
  5. acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
  6. acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
  7. acl localnet src 192.168.2.0/24 # RFC1918 possible internal network
  8. ## Allow anyone to use the proxy (you should lock this down to client networks only!):
  9. # acl localnet src all
  10. ## IPv6 local addresses:
  11. acl localnet src fc00::/7 # RFC 4193 local private network range
  12. acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
  13. acl SSL_ports port 443
  14. acl SSL_ports port 5003
  15. acl Safe_ports port 80 # http
  16. acl Safe_ports port 21 # ftp
  17. acl Safe_ports port 443 # https
  18. acl Safe_ports port 70 # gopher
  19. acl Safe_ports port 210 # waiss
  20. acl Safe_ports port 1025-65535 # unregistered ports
  21. acl Safe_ports port 280 # http-mgmt
  22. acl Safe_ports port 488 # gss-http
  23. acl Safe_ports port 591 # filemaker
  24. acl Safe_ports port 777 # multiling http
  25. acl CONNECT method CONNECT
  26. acl QUERY urlpath_regex cgi-bin \? asp aspx jsp
  27. ## Prevent caching jsp, cgi-bin etc
  28. cache deny QUERY
  29. ## Only allow access to the defined safe ports whitelist
  30. http_access deny !Safe_ports
  31. ## Deny CONNECT to other than secure SSL ports
  32. http_access deny CONNECT !SSL_ports
  33. ## Only allow cachemgr access from localhost
  34. http_access allow localhost manager
  35. http_access deny manager
  36. ## We strongly recommend the following be uncommented to protect innocent
  37. ## web applications running on the proxy server who think the only
  38. ## one who can access services on "localhost" is a local user
  39. http_access deny to_localhost
  40. ##
  41. ## INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
  42. ##
  43. ## Example rule allowing access from your local networks.
  44. ## Adapt localnet in the ACL section to list your (internal) IP networks
  45. ## from where browsing should be allowed
  46. http_access allow localnet
  47. http_access allow localhost
  48. ## And finally deny all other access to this proxy
  49. http_access deny all
  50. ## Squid normally listens to port 3128
  51. http_port 3128
  52. ## If you have multiple interfaces you can specify to listen on one IP like this:
  53. #http_port 1.2.3.4:3128
  54. ## Uncomment and adjust the following to add a disk cache directory.
  55. ## 1024 is the disk space to use for cache in MB, adjust as you see fit!
  56. ## Default is no disk cache
  57. #cache_dir ufs /var/cache/squid 1024 16 256
  58. ## Better, use 'aufs' cache type, see
  59. ##http://www.squid-cache.org/Doc/config/cache_dir/ for info.
  60. cache_dir aufs /var/spool/squid 10240 16 256
  61. ## Recommended to only change cache type when squid is stopped, and use 'squid -z' to
  62. ## ensure cache is (re)created correctly
  63. ## Leave coredumps in the first cache dir
  64. #coredump_dir /var/cache/squid
  65. ## Where does Squid log to?
  66. access_log /var/log/squid/access.log
  67. ## Use the below to turn off access logging
  68. #access_log none
  69. ## When logging, web auditors want to see the full uri, even with the query terms
  70. #strip_query_terms off
  71. ## Keep 7 days of logs
  72. #logfile_rotate 7
  73. ## How much RAM, in MB, to use for cache? Default since squid 3.1 is 256 MB
  74. cache_mem 64 MB
  75. ## Maximum size of individual objects to store in cache
  76. maximum_object_size 1 MB
  77. ## Amount of data to buffer from server to client
  78. read_ahead_gap 64 KB
  79. ## Use X-Forwarded-For header?
  80. ## Some consider this a privacy/security risk so it is often disabled
  81. ## However it can be useful to identify misbehaving/problematic clients
  82. #forwarded_for on
  83. forwarded_for delete
  84. ## Suppress sending squid version information
  85. httpd_suppress_version_string on
  86. ## How long to wait when shutting down squid
  87. shutdown_lifetime 30 seconds
  88. ## Replace the User Agent header. Be sure to deny the header first, then replace it :)
  89. #request_header_access User-Agent deny all
  90. #request_header_replace User-Agent Mozilla/5.0 (Windows; MSIE 9.0; Windows NT 9.0; en-US)
  91. ## What hostname to display? (defaults to system hostname)
  92. #visible_hostname a_proxy
  93. ## Use a different hosts file?
  94. #hosts_file /path/to/file
  95. ## Add any of your own refresh_pattern entries above these.
  96. refresh_pattern ^ftp: 1440 20% 10080
  97. refresh_pattern ^gopher: 1440 0% 1440
  98. refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
  99. refresh_pattern . 0 20% 4320