Nortel: различия между версиями
Перейти к навигации
Перейти к поиску
Vovan (обсуждение | вклад) (Новая страница: «=squid.conf= <pre> acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # …») |
Vovan (обсуждение | вклад) |
||
| Строка 1: | Строка 1: | ||
=squid.conf= | =squid.conf= | ||
<pre> | <pre> | ||
| + | # | ||
| + | # Recommended minimum configuration: | ||
| + | # | ||
| + | |||
| + | # Example rule allowing access from your local networks. | ||
| + | # Adapt to list your (internal) IP networks from where browsing | ||
| + | # should be allowed | ||
| + | #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network | ||
| + | #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network | ||
| + | acl localnet src 192.168.0.0/16 # RFC1918 possible internal network | ||
| + | #acl localnet src fc00::/7 # RFC 4193 local private network range | ||
| + | #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines | ||
| + | |||
acl SSL_ports port 443 | acl SSL_ports port 443 | ||
acl Safe_ports port 80 # http | acl Safe_ports port 80 # http | ||
| Строка 13: | Строка 26: | ||
acl Safe_ports port 777 # multiling http | acl Safe_ports port 777 # multiling http | ||
acl CONNECT method CONNECT | acl CONNECT method CONNECT | ||
| + | |||
| + | # | ||
| + | # Recommended minimum Access Permission configuration: | ||
| + | # | ||
| + | # Deny requests to certain unsafe ports | ||
http_access deny !Safe_ports | http_access deny !Safe_ports | ||
| + | |||
| + | # Deny CONNECT to other than secure SSL ports | ||
http_access deny CONNECT !SSL_ports | http_access deny CONNECT !SSL_ports | ||
| − | #http_access allow | + | |
| + | # Only allow cachemgr access from localhost | ||
| + | #http_access allow localnet | ||
#http_access deny manager | #http_access deny manager | ||
| − | acl | + | # We strongly recommend the following be uncommented to protect innocent |
| + | # web applications running on the proxy server who think the only | ||
| + | # one who can access services on "localhost" is a local user | ||
| + | #http_access deny to_localhost | ||
| + | |||
| + | # | ||
| + | # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS | ||
| + | # | ||
| + | |||
| + | # caching of system updates/large binaries | ||
| + | acl CacheArchives url_regex [-i] ^.*\.(tar|gz|bz2|rpm|deb|cab|exe|ms[iuf]|dat|zip])$ | ||
| + | |||
| + | # ONLY cache archives! | ||
| + | #cache allow CacheArchives | ||
| + | #cache deny All | ||
| + | |||
| + | |||
| + | # Example rule allowing access from your local networks. | ||
| + | # Adapt localnet in the ACL section to list your (internal) IP networks | ||
| + | # from where browsing should be allowed | ||
| + | http_access allow localnet | ||
| + | #http_access allow localhost | ||
| + | # And finally deny all other access to this proxy | ||
| + | #http_access deny all | ||
| + | |||
| + | # Squid normally listens to port 3128 | ||
| + | #http_port 3128 intercept | ||
http_port 3128 | http_port 3128 | ||
| − | cache_effective_user | + | # Uncomment and adjust the following to add a disk cache directory. |
| + | cache_dir ufs /srv/cache/squid 6000 16 256 | ||
| + | maximum_object_size 1 GB | ||
| + | max_open_disk_fds 32 | ||
| + | |||
| + | # Leave coredumps in the first cache dir | ||
| + | coredump_dir /srv/cache/squid | ||
| + | |||
| + | # run as nobody. this is default but set here so init script can find | ||
| + | cache_effective_user nobody | ||
| + | |||
| + | # logs - keep off ramdisk! | ||
| + | access_log daemon:/srv/log/squid/access.log squid | ||
| + | cache_log /srv/log/squid/squid.log | ||
| + | |||
| + | # keep mem useage right down - this is a router not a proxy ;=) | ||
cache_mem 1 MB | cache_mem 1 MB | ||
| − | |||
| − | + | # | |
| + | # Add any of your own refresh_pattern entries above these. | ||
| + | # | ||
refresh_pattern ^ftp: 1440 20% 10080 | refresh_pattern ^ftp: 1440 20% 10080 | ||
refresh_pattern ^gopher: 1440 0% 1440 | refresh_pattern ^gopher: 1440 0% 1440 | ||
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 | ||
| − | |||
refresh_pattern . 0 20% 4320 | refresh_pattern . 0 20% 4320 | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
</pre> | </pre> | ||
Текущая версия на 15:13, 30 апреля 2015
squid.conf
# # Recommended minimum configuration: # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network #acl localnet src fc00::/7 # RFC 4193 local private network range #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost #http_access allow localnet #http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # caching of system updates/large binaries acl CacheArchives url_regex [-i] ^.*\.(tar|gz|bz2|rpm|deb|cab|exe|ms[iuf]|dat|zip])$ # ONLY cache archives! #cache allow CacheArchives #cache deny All # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow localnet #http_access allow localhost # And finally deny all other access to this proxy #http_access deny all # Squid normally listens to port 3128 #http_port 3128 intercept http_port 3128 # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /srv/cache/squid 6000 16 256 maximum_object_size 1 GB max_open_disk_fds 32 # Leave coredumps in the first cache dir coredump_dir /srv/cache/squid # run as nobody. this is default but set here so init script can find cache_effective_user nobody # logs - keep off ramdisk! access_log daemon:/srv/log/squid/access.log squid cache_log /srv/log/squid/squid.log # keep mem useage right down - this is a router not a proxy ;=) cache_mem 1 MB # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320
