Squid: различия между версиями
Перейти к навигации
Перейти к поиску
Vovan (обсуждение | вклад) (Новая страница: « cat squid.conf <pre> acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT # white…») |
Vovan (обсуждение | вклад) |
||
Строка 56: | Строка 56: | ||
# blacklist mode | # blacklist mode | ||
− | |||
http_access allow all | http_access allow all | ||
Текущая версия на 13:05, 4 декабря 2021
cat squid.conf
acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 443 # https acl CONNECT method CONNECT # whitelist mode ##acl http dstdomain "/etc/squid/http.txt" # whitelisted domains ##acl httpip dst "/etc/squid/httpip.txt" # whitelisted IP addressed ##acl https dstdomain "/etc/squid/https.txt" # domains allowing https only ##acl httpsip dst "/etc/squid/httpsip.txt" # whitelisted IP addressed for https only # blacklist mode acl bl_http dstdomain "/etc/squid/bl_http.txt" # blacklist domains acl bl_httpip dst "/etc/squid/bl_httpip.txt" # blacklist IP addressed acl bl_https dstdomain "/etc/squid/bl_https.txt" # domains blocking https only acl bl_httpsip dst "/etc/squid/bl_httpsip.txt" # blacklisted IP addressed for https only # kafe acl kafe src 172.16.99.7 acl kafe src 172.16.90.7 # block anything not targeting authorized ports http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # manager access http_access allow localhost manager http_access deny manager # whitelist mode # allow domains in the whitelists # replace 'localhost' by an ACL with your IP # if you don't run Squid locally ##http_access allow localhost http Safe_ports ##http_access allow localhost httpip Safe_ports ##http_access allow CONNECT localhost https SSL_ports ##http_access allow CONNECT localhost httpsip SSL_ports # whitelist mode # deny anything else, just in case ##http_access deny all # allow all for kafe http_access allow kafe all # blacklist mode http_access deny all bl_http Safe_ports http_access deny all bl_httpip Safe_ports http_access deny CONNECT all bl_https SSL_ports http_access deny CONNECT all bl_httpsip SSL_ports # blacklist mode http_access allow all # port your proxy listens to http_port 3128 # just for cosmetics when access denied pages are shown visible_hostname proxy.nntc cache_mgr support@nntc.nnov.ru # some websites (like Google) react badly to v6 dns inquiries # (if you know why, please let me know) dns_v4_first on # this adds querystrings into your logs. # consider enabling this if you grant access to other users # as querystrings often contain private information # (although they should not...) strip_query_terms off # default cache configuration coredump_dir /var/spool/squid refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 # logging access_log /var/log/squid/combined.log combined access_log /var/log/squid/access.log squid
cat bl_http.txt
.google.com .yandex.ru .yahoo.com .mail.ru .youtube.com
cat bl_https.txt
.google.com .yandex.ru .yahoo.com .mail.ru .youtube.com
cat bl_httpip.txt
1.2.3.4
cat bl_httpsip.txt
1.2.3.4