73 lines
2.3 KiB
Plaintext
73 lines
2.3 KiB
Plaintext
always_direct allow all
|
|
|
|
acl localhost src 127.0.0.1/32
|
|
acl to_localhost dst 127.0.0.0/8
|
|
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
|
|
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
|
|
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
|
|
acl SSL_ports port 443
|
|
acl Safe_ports port 80 # http
|
|
acl Safe_ports port 21 # ftp
|
|
acl Safe_ports port 443 # https
|
|
acl Safe_ports port 70 # gopher
|
|
acl Safe_ports port 210 # wais
|
|
acl Safe_ports port 1025-65535 # unregistered ports
|
|
acl Safe_ports port 280 # http-mgmt
|
|
acl Safe_ports port 488 # gss-http
|
|
acl Safe_ports port 591 # filemaker
|
|
acl Safe_ports port 777 # multiling http
|
|
acl CONNECT method CONNECT
|
|
|
|
http_access allow all
|
|
http_access allow manager localhost
|
|
http_access deny manager
|
|
|
|
htcp_access allow localnet
|
|
htcp_access deny all
|
|
|
|
|
|
visible_hostname git.local-domain
|
|
|
|
http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem version=4
|
|
#http_port 3128 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
|
|
#https_port 3129 ssl-bump generate-host-certificates=on cert=/apps/CA_crt.pem key=/apps/CA_key.pem options=NO_SSLv3 dhparams=/apps/dhparam.pem
|
|
|
|
always_direct allow all
|
|
acl excluded_sites ssl::server_name .wellsfargo.com
|
|
ssl_bump splice excluded_sites
|
|
ssl_bump bump all
|
|
|
|
sslproxy_cert_error deny all
|
|
sslcrtd_program /apps/squid/libexec/ssl_crtd -s /apps/squid/var/lib/ssl_db -M 4MB sslcrtd_children 8 startup=1 idle=1
|
|
|
|
icap_enable on
|
|
icap_preview_enable on
|
|
icap_preview_size 128
|
|
icap_send_client_ip on
|
|
|
|
adaptation_access url_check allow all
|
|
|
|
access_log /apps/squid/var/logs/access.log squid
|
|
|
|
# these are basically to make everything canched
|
|
refresh_pattern ^http: 999999999 1000000000% 999999999 ignore-no-cache override-expire ignore-reload
|
|
refresh_pattern ^https: 999999999 1000000000% 999999999 ignore-no-cache override-expire ignore-reload
|
|
|
|
debug_options 11,2 22,10
|
|
|
|
refresh_pattern ^ftp: 1440 20% 10080
|
|
refresh_pattern ^gopher: 1440 0% 1440
|
|
refresh_pattern (cgi-bin|\?) 0 0% 0
|
|
refresh_pattern . 0 20% 4320
|
|
|
|
icp_port 3130
|
|
|
|
|
|
coredump_dir /apps/squid/var/cache
|
|
|
|
|
|
cache_mem 1000 MB
|
|
|
|
maximum_object_size 4096 MB
|
|
cache_dir aufs /apps/squid/var/cache/squid 10000 16 256
|