[squid-users] Refresh ACL list only
Samuel Anderson
sam at idsdoc.com
Tue Mar 17 19:49:08 UTC 2015
This is my config file. It takes about 30 seconds to reload when using the
command (sudo squid3 -k reconfigure)
http_port 3128
visible_hostname squid.######.local
error_directory /etc/squid3/errors/en
# Recommended minimum configuration:
#
#acl manager proto cache_object
#acl localhost src 127.0.0.1/32 ::1
#acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/22 # RFC1918 possible internal network
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#Kerberos and NTLM authentication
auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm
/usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp
--domain=####### --kerberos /usr/lib/squid3/negotiate_kerberos_auth -d -s
GSS_C_NO_NAME
auth_param negotiate children 30
auth_param negotiate keep_alive off
# LDAP authentication
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b
"DC=#####,DC=local" -D "CN=SQUID,OU=##### Service
Accounts,DC=#####,DC=local" -w "#########" -f sAMAccountName=%s -h
###################
auth_param basic children 150
auth_param basic realm Please enter your Domain credentials to continue
auth_param basic credentialsttl 1 hour
# AD group membership commands
external_acl_type ldap_group ttl=60 children-startup=10 children-max=50
children-idle=2 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -K -S -b
"DC=######,DC=local" -D "CN=SQUID,OU=Service Accounts,DC=#####,DC=local" -w
"#########" -f "(&(objectclass=person)
(sAMAccountname=%v)(memberof=CN=%a,OU=PROXY,ou=ALL
Groups,DC=#####,DC=local))" -h ######################
#########################################################################
acl auth proxy_auth REQUIRED
##### Individual Allow Groups LDAP #####
acl ALLOW-ABORTION external ldap_group INTERNET-ALLOW-ABORTION
acl ALLOW-ANTISPYWARE external ldap_group INTERNET-ALLOW-ANTISPYWARE
acl ALLOW-AUDIO-VIDEO external ldap_group INTERNET-ALLOW-AUDIO-VIDEO
acl ALLOW-BLOG external ldap_group INTERNET-ALLOW-BLOG
acl ALLOW-CELLPHONES external ldap_group INTERNET-ALLOW-CELLPHONES
acl ALLOW-CHAT external ldap_group INTERNET-ALLOW-CHAT
acl ALLOW-CHILDCARE external ldap_group INTERNET-ALLOW-CHILDCARE
acl ALLOW-CLEANING external ldap_group INTERNET-ALLOW-CLEANING
acl ALLOW-CLOTHING external ldap_group INTERNET-ALLOW-CLOTHING
acl ALLOW-CONTRACEPTION external ldap_group INTERNET-ALLOW-CONTRACEPTION
acl ALLOW-CULINARY external ldap_group INTERNET-ALLOW-CULINARY
acl ALLOW-DATING external ldap_group INTERNET-ALLOW-DATING
acl ALLOW-DRUGS external ldap_group INTERNET-ALLOW-DRUGS
acl ALLOW-ECOMMERCE external ldap_group INTERNET-ALLOW-ECOMMERCE
acl ALLOW-ENTERTAINMENT external ldap_group INTERNET-ALLOW-ENTERTAINMENT
acl ALLOW-FILEHOSTING external ldap_group INTERNET-ALLOW-FILEHOSTING
acl ALLOW-FRENCHEDUCATION external ldap_group INTERNET-ALLOW-FRENCHEDUCATION
acl ALLOW-GAMES external ldap_group INTERNET-ALLOW-GAMES
acl ALLOW-GARDENING external ldap_group INTERNET-ALLOW-GARDENING
acl ALLOW-GUNS external ldap_group INTERNET-ALLOW-GUNS
acl ALLOW-HACKING external ldap_group INTERNET-ALLOW-HACKING
acl ALLOW-HOMEREPAIR external ldap_group INTERNET-ALLOW-HOMEREPAIR
acl ALLOW-HYGIENE external ldap_group INTERNET-ALLOW-HYGIENE
acl ALLOW-INSTANTMESSAGING external ldap_group
INTERNET-ALLOW-INSTANTMESSAGING
acl ALLOW-JEWELRY external ldap_group INTERNET-ALLOW-JEWELRY
acl ALLOW-JOBSEARCH external ldap_group INTERNET-ALLOW-JOBSEARCH
acl ALLOW-MARKETINGWARE external ldap_group INTERNET-ALLOW-MARKETINGWARE
acl ALLOW-MEDICAL external ldap_group INTERNET-ALLOW-MEDICAL
acl ALLOW-MOBILE-PHONE external ldap_group INTERNET-ALLOW-MOBILE-PHONE
acl ALLOW-NEWS external ldap_group INTERNET-ALLOW-NEWS
acl ALLOW-ONLINEAUCTIONS external ldap_group INTERNET-ALLOW-ONLINEAUCTIONS
acl ALLOW-ONLINEGAMES external ldap_group INTERNET-ALLOW-ONLINEGAMES
acl ALLOW-ONLINEPAYMENT external ldap_group INTERNET-ALLOW-ONLINEPAYMENT
acl ALLOW-PERSONALFINANCE external ldap_group INTERNET-ALLOW-PERSONALFINANCE
acl ALLOW-PETS external ldap_group INTERNET-ALLOW-PETS
acl ALLOW-RADIO external ldap_group INTERNET-ALLOW-RADIO
acl ALLOW-RELIGION external ldap_group INTERNET-ALLOW-RELIGION
acl ALLOW-SECT external ldap_group INTERNET-ALLOW-SECT
acl ALLOW-SEXUALITYEDUCATION external ldap_group
INTERNET-ALLOW-SEXUALITYEDUCATION
acl ALLOW-SHOPPING external ldap_group INTERNET-ALLOW-SHOPPING
acl ALLOW-SOCIALNETWORKING external ldap_group
INTERNET-ALLOW-SOCIALNETWORKING
acl ALLOW-SPORTNEWS external ldap_group INTERNET-ALLOW-SPORTNEWS
acl ALLOW-SPORTS external ldap_group INTERNET-ALLOW-SPORTS
acl ALLOW-VACATION external ldap_group INTERNET-ALLOW-VACATION
acl ALLOW-VIOLENCE external ldap_group INTERNET-ALLOW-VIOLENCE
##### Block Groups LDAP #####
acl HIGHLY-RESTRICTIVE external ldap_group PROXY-HIGHLY-RESTRICTIVE
acl MEDIUM-RESTRICTIVE external ldap_group PROXY-MEDIUM-RESTRICTIVE
acl MINIMAL-RESTRICTIVE external ldap_group PROXY-MINIMAL-RESTRICTIVE
acl UNRESTRICTED external ldap_group PROXY-UNRESTRICTED
acl DEV external ldap_group PROXY-DEV
acl SALES external ldap_group PROXY-SALES
acl REQGROUPS external ldap_group PROXY-HIGHLY-RESTRICTIVE
PROXY-MEDIUM-RESTRICTIVE PROXY-MINIMAL-RESTRICTIVE PROXY-UNRESTRICTED
PROXY-DEV PROXY-SALES
##### Blacklist Paths #####
acl ABORTION dstdomain "/etc/squid3/blacklists/abortion/domains
acl ADS dstdomain "/etc/squid3/blacklists/ads/domains"
acl ADULT dstdomain "/etc/squid3/blacklists/adult/domains"
acl AGGRESSIVE dstdomain "/etc/squid3/blacklists/aggressive/domains
acl ALCOHOL dstdomain "/etc/squid3/blacklists/alcohol/domains
acl ANTISPYWARE dstdomain "/etc/squid3/blacklists/antispyware/domains
acl ARTNUDES dstdomain "/etc/squid3/blacklists/artnudes/domains
acl ASTROLOGY dstdomain "/etc/squid3/blacklists/astrology/domains
acl AUDIO-VIDEO dstdomain "/etc/squid3/blacklists/audio-video/domains"
acl BANKING dstdomain "/etc/squid3/blacklists/banking/domains
acl BEERLIQUORINFO dstdomain "/etc/squid3/blacklists/beerliquorinfo/domains
acl BEERLIQUORSALE dstdomain "/etc/squid3/blacklists/beerliquorsale/domains
acl BITCOIN dstdomain "/etc/squid3/blacklists/bitcoin/domains
acl BLOG dstdomain "/etc/squid3/blacklists/blog/domains
acl BOOKS dstdomain "/etc/squid3/blacklists/books/domains
acl CELEBRITY dstdomain "/etc/squid3/blacklists/celebrity/domains
acl CELLPHONES dstdomain "/etc/squid3/blacklists/cellphones/domains
acl CHAT dstdomain "/etc/squid3/blacklists/chat/domains
acl CHILDCARE dstdomain "/etc/squid3/blacklists/childcare/domains
acl CLEANING dstdomain "/etc/squid3/blacklists/cleaning/domains
acl CLOTHING dstdomain "/etc/squid3/blacklists/clothing/domains
acl CONTRACEPTION dstdomain "/etc/squid3/blacklists/contraception/domains
acl CULINARY dstdomain "/etc/squid3/blacklists/culinary/domains
acl DATING dstdomain "/etc/squid3/blacklists/dating/domains
acl DESKTOPSILLIES dstdomain "/etc/squid3/blacklists/desktopsillies/domains
acl DIALERS dstdomain "/etc/squid3/blacklists/dialers/domains
acl DRUGS dstdomain "/etc/squid3/blacklists/drugs/domains
acl ECOMMERCE dstdomain "/etc/squid3/blacklists/ecommerce/domains
acl ENTERTAINMENT dstdomain "/etc/squid3/blacklists/entertainment/domains
acl FILEHOSTING dstdomain "/etc/squid3/blacklists/filehosting/domains
acl FILESHARING dstdomain "/etc/squid3/blacklists/filesharing/domains
acl FRENCHEDUCATION dstdomain
"/etc/squid3/blacklists/frencheducation/domains
acl GAMBLING dstdomain "/etc/squid3/blacklists/gambling/domains"
acl GAMES dstdomain "/etc/squid3/blacklists/games/domains"
acl GARDENING dstdomain "/etc/squid3/blacklists/gardening/domains"
acl GOVERNMENT dstdomain "/etc/squid3/blacklists/government/domains"
acl GUNS dstdomain "/etc/squid3/blacklists/guns/domains"
acl HACKING dstdomain "/etc/squid3/blacklists/hacking/domains"
acl HOMEREPAIR dstdomain "/etc/squid3/blacklists/homerepair/domains"
acl HUMOR dstdomain "/etc/squid3/blacklists/humor/domains
acl HUNTING dstdomain "/etc/squid3/blacklists/hunting/domains
acl HYGIENE dstdomain "/etc/squid3/blacklists/hygiene/domains"
acl INSTANTMESSAGING dstdomain
"/etc/squid3/blacklists/instantmessaging/domains"
acl JEWELRY dstdomain "/etc/squid3/blacklists/jewelry/domains"
acl JOBSEARCH dstdomain "/etc/squid3/blacklists/jobsearch/domains"
acl KIDSTIMEWASTING dstdomain
"/etc/squid3/blacklists/kidstimewasting/domains"
acl LINGERIE dstdomain "/etc/squid3/blacklists/lingerie/domains
acl MAGAZINES dstdomain "/etc/squid3/blacklists/magazines/domains
acl MALWARE dstdomain "/etc/squid3/blacklists/malware/domains
acl MAIL dstdomain "/etc/squid3/blacklists/mail/domains"
acl MARKETINGWARE dstdomain "/etc/squid3/blacklists/marketingware/domains"
acl MEDICAL dstdomain "/etc/squid3/blacklists/medical/domains"
acl MIXED_ADULT dstdomain "/etc/squid3/blacklists/mixed_adult/domains"
acl MOBILE-PHONE dstdomain "/etc/squid3/blacklists/mobile-phone/domains"
acl NATURISM dstdomain "/etc/squid3/blacklists/naturism/domains"
acl NEWS dstdomain "/etc/squid3/blacklists/news/domains"
acl ONLINEAUCTIONS dstdomain "/etc/squid3/blacklists/onlineauctions/domains"
acl ONLINEGAMES dstdomain "/etc/squid3/blacklists/onlinegames/domains"
acl ONLINEPAYMENT dstdomain "/etc/squid3/blacklists/onlinepayment/domains"
acl PERSONALFINANCE dstdomain
"/etc/squid3/blacklists/personalfinance/domains"
acl PETS dstdomain "/etc/squid3/blacklists/pets/domains"
acl PHISHING dstdomain "/etc/squid3/blacklists/phishing/domains"
acl PORN dstdomain "/etc/squid3/blacklists/porn/domains"
acl PRESS dstdomain "/etc/squid3/blacklists/press/domains
acl PROXY dstdomain "/etc/squid3/blacklists/proxy/domains"
acl RADIO dstdomain "/etc/squid3/blacklists/radio/domains"
acl RELIGION dstdomain "/etc/squid3/blacklists/religion/domains"
acl REMOTE-CONTROL dstdomain "/etc/squid3/blacklists/remote-control/domains
acl RINGTONES dstdomain "/etc/squid3/blacklists/ringtones/domains"
acl SEARCHENGINES dstdomain "/etc/squid3/blacklists/searchengines/domains"
acl SECT dstdomain "/etc/squid3/blacklists/sect/domains"
acl SEXUALITY dstdomain "/etc/squid3/blacklists/sexuality/domains"
acl SEXUALITYEDUCATION dstdomain
"/etc/squid3/blacklists/sexualityeducation/domains"
acl SHOPPING dstdomain "/etc/squid3/blacklists/shopping/domains"
acl SOCIAL_NETWORKS dstdomain
"/etc/squid3/blacklists/social_networks/domains
acl SOCIALNETWORKING dstdomain
"/etc/squid3/blacklists/socialnetworking/domains"
acl SPORTNEWS dstdomain "/etc/squid3/blacklists/sportnews/domains"
acl SPORTS dstdomain "/etc/squid3/blacklists/sports/domains"
acl SPYWARE dstdomain "/etc/squid3/blacklists/spyware/domains"
acl TOBACCO dstdomain "/etc/squid3/blacklists/tobacco/domains
acl UPDATESITES dstdomain "/etc/squid3/blacklists/updatesites/domains"
acl VACATION dstdomain "/etc/squid3/blacklists/vacation/domains"
acl VIOLENCE dstdomain "/etc/squid3/blacklists/violence/domains"
acl VIRUSINFECTED dstdomain "/etc/squid3/blacklists/virusinfected/domains"
acl WAREZ dstdomain "/etc/squid3/blacklists/warez/domains"
acl WEATHER dstdomain "/etc/squid3/blacklists/weather/domains"
acl WEAPONS dstdomain "/etc/squid3/blacklists/weapons/domains"
acl WEBMAIL dstdomain "/etc/squid3/blacklists/webmail/domains"
##### Whitelist Paths #####
acl GLOBAL-WHITELIST dstdomain "/etc/squid3/whitelists/GLOBAL-WHITELIST"
acl UNRESTRICTED-WHITELIST dstdomain
"/etc/squid3/whitelists/UNRESTRICTED-WHITELIST"
acl DEV-WHITELIST dstdomain "/etc/squid3/whitelists/DEV-WHITELIST"
acl SALES-WHITELIST dstdomain "/etc/squid3/whitelists/SALES-WHITELIST"
############################################################################################
##### HTTP_ACCESS Rules #####
# Block everyone who is not a member of one of (PROXY-HIGHLY-RESTRICTIVE
PROXY-MEDIUM-RESTRICTIVE PROXY-MINIMAL-RESTRICTIVE PROXY-UNRESTRICTED
PROXY-DEV PROXY-SALES)
http_access deny !auth all
http_access deny !REQGROUPS all
# Allow all traffic to everyone to anything in (GLOBAL-WHITELIST)
http_access allow GLOBAL-WHITELIST all
# Allow categories LDAP
http_access allow ALLOW-ABORTION ABORTION
http_access allow ALLOW-ANTISPYWARE ANTISPYWARE
http_access allow ALLOW-AUDIO-VIDEO AUDIO-VIDEO
http_access allow ALLOW-BLOG BLOG
http_access allow ALLOW-CELLPHONES CELLPHONES
http_access allow ALLOW-CHAT CHAT
http_access allow ALLOW-CHILDCARE CHILDCARE
http_access allow ALLOW-CLEANING CLEANING
http_access allow ALLOW-CLOTHING CLOTHING
http_access allow ALLOW-CONTRACEPTION CONTRACEPTION
http_access allow ALLOW-CULINARY CULINARY
http_access allow ALLOW-DATING DATING
http_access allow ALLOW-DRUGS DRUGS
http_access allow ALLOW-ECOMMERCE ECOMMERCE
http_access allow ALLOW-ENTERTAINMENT ENTERTAINMENT
http_access allow ALLOW-FILEHOSTING FILEHOSTING
http_access allow ALLOW-FRENCHEDUCATION FRENCHEDUCATION
http_access allow ALLOW-GAMES GAMES
http_access allow ALLOW-GARDENING GARDENING
http_access allow ALLOW-GUNS GUNS
http_access allow ALLOW-HACKING HACKING
http_access allow ALLOW-HOMEREPAIR HOMEREPAIR
http_access allow ALLOW-HYGIENE HYGIENE
http_access allow ALLOW-INSTANTMESSAGING INSTANTMESSAGING
http_access allow ALLOW-JEWELRY JEWELRY
http_access allow ALLOW-JOBSEARCH JOBSEARCH
http_access allow ALLOW-MARKETINGWARE MARKETINGWARE
http_access allow ALLOW-MEDICAL MEDICAL
http_access allow ALLOW-MOBILE-PHONE MOBILE-PHONE
http_access allow ALLOW-NEWS NEWS
http_access allow ALLOW-ONLINEAUCTIONS ONLINEAUCTIONS
http_access allow ALLOW-ONLINEGAMES ONLINEGAMES
http_access allow ALLOW-ONLINEPAYMENT ONLINEPAYMENT
http_access allow ALLOW-PERSONALFINANCE PERSONALFINANCE
http_access allow ALLOW-PETS PETS
http_access allow ALLOW-RADIO RADIO
http_access allow ALLOW-RELIGION RELIGION
http_access allow ALLOW-SECT SECT
http_access allow ALLOW-SEXUALITYEDUCATION SEXUALITYEDUCATION
http_access allow ALLOW-SHOPPING SHOPPING
http_access allow ALLOW-SOCIALNETWORKING SOCIALNETWORKING
http_access allow ALLOW-SPORTNEWS SPORTNEWS
http_access allow ALLOW-SPORTS SPORTS
http_access allow ALLOW-VACATION VACATION
http_access allow ALLOW-VIOLENCE VIOLENCE
#### DEV ####
http_access allow DEV DEV-WHITELIST
http_access deny DEV ADULT
http_access deny DEV AGGRESSIVE
http_access deny DEV ALCOHOL
http_access deny DEV ARTNUDES
http_access deny DEV ASTROLOGY
http_access deny DEV BEERLIQUORINFO
http_access deny DEV BEERLIQUORSALE
http_access deny DEV DESKTOPSILLIES
http_access deny DEV DIALERS
http_access deny DEV GAMBLING
http_access deny DEV KIDSTIMEWASTING
http_access deny DEV LINGERIE
http_access deny DEV MALWARE
http_access deny DEV MIXED_ADULT
http_access deny DEV NATURISM
http_access deny DEV PHISHING
http_access deny DEV PORN
http_access deny DEV PROXY
http_access deny DEV RINGTONES
http_access deny DEV SEXUALITY
http_access deny DEV SOCIAL_NETWORKS
http_access deny DEV SOCIALNETWORKING
http_access deny DEV SPYWARE
http_access deny DEV TOBACCO
http_access deny DEV VIRUSINFECTED
http_access deny DEV WAREZ
http_access deny DEV WEAPONS
#### SALES ####
http_access allow SALES SALES-WHITELIST
http_access deny SALES ADULT
http_access deny SALES AGGRESSIVE
http_access deny SALES ALCOHOL
http_access deny SALES ARTNUDES
http_access deny SALES ASTROLOGY
http_access deny SALES BEERLIQUORINFO
http_access deny SALES BEERLIQUORSALE
http_access deny SALES DESKTOPSILLIES
http_access deny SALES DIALERS
http_access deny SALES GAMBLING
http_access deny SALES KIDSTIMEWASTING
http_access deny SALES LINGERIE
http_access deny SALES MALWARE
http_access deny SALES MIXED_ADULT
http_access deny SALES NATURISM
http_access deny SALES PHISHING
http_access deny SALES PORN
http_access deny SALES PROXY
http_access deny SALES RINGTONES
http_access deny SALES SEXUALITY
http_access deny SALES SPYWARE
http_access deny SALES TOBACCO
http_access deny SALES VIRUSINFECTED
http_access deny SALES WAREZ
http_access deny SALES WEAPONS
#### UNRESTRICTED ####
http_access allow UNRESTRICTED UNRESTRICTED-WHITELIST
http_access deny UNRESTRICTED ADULT
http_access deny UNRESTRICTED AGGRESSIVE
http_access deny UNRESTRICTED ALCOHOL
http_access deny UNRESTRICTED ARTNUDES
http_access deny UNRESTRICTED ASTROLOGY
http_access deny UNRESTRICTED BEERLIQUORINFO
http_access deny UNRESTRICTED BEERLIQUORSALE
http_access deny UNRESTRICTED DESKTOPSILLIES
http_access deny UNRESTRICTED DIALERS
http_access deny UNRESTRICTED GAMBLING
http_access deny UNRESTRICTED KIDSTIMEWASTING
http_access deny UNRESTRICTED LINGERIE
http_access deny UNRESTRICTED MALWARE
http_access deny UNRESTRICTED MIXED_ADULT
http_access deny UNRESTRICTED NATURISM
http_access deny UNRESTRICTED PHISHING
http_access deny UNRESTRICTED PORN
http_access deny UNRESTRICTED PROXY
http_access deny UNRESTRICTED RINGTONES
http_access deny UNRESTRICTED SEXUALITY
http_access deny UNRESTRICTED SPYWARE
http_access deny UNRESTRICTED TOBACCO
http_access deny UNRESTRICTED VIRUSINFECTED
http_access deny UNRESTRICTED WAREZ
http_access deny UNRESTRICTED WEAPONS
#### MINIMAL-RESTRICTIVE ####
http_access deny MINIMAL-RESTRICTIVE ADS
http_access deny MINIMAL-RESTRICTIVE ADULT
http_access deny MINIMAL-RESTRICTIVE AGGRESSIVE
http_access deny MINIMAL-RESTRICTIVE ALCOHOL
http_access deny MINIMAL-RESTRICTIVE ARTNUDES
http_access deny MINIMAL-RESTRICTIVE ASTROLOGY
http_access deny MINIMAL-RESTRICTIVE BEERLIQUORINFO
http_access deny MINIMAL-RESTRICTIVE BEERLIQUORSALE
http_access deny MINIMAL-RESTRICTIVE CELEBRITY
http_access deny MINIMAL-RESTRICTIVE DESKTOPSILLIES
http_access deny MINIMAL-RESTRICTIVE DIALERS
http_access deny MINIMAL-RESTRICTIVE DRUGS
http_access deny MINIMAL-RESTRICTIVE ENTERTAINMENT
http_access deny MINIMAL-RESTRICTIVE FILESHARING
http_access deny MINIMAL-RESTRICTIVE GAMBLING
http_access deny MINIMAL-RESTRICTIVE GAMES
http_access deny MINIMAL-RESTRICTIVE GUNS
http_access deny MINIMAL-RESTRICTIVE HUMOR
http_access deny MINIMAL-RESTRICTIVE HUNTING
http_access deny MINIMAL-RESTRICTIVE INSTANTMESSAGING
http_access deny MINIMAL-RESTRICTIVE KIDSTIMEWASTING
http_access deny MINIMAL-RESTRICTIVE LINGERIE
http_access deny MINIMAL-RESTRICTIVE MAGAZINES
http_access deny MINIMAL-RESTRICTIVE MALWARE
http_access deny MINIMAL-RESTRICTIVE MIXED_ADULT
http_access deny MINIMAL-RESTRICTIVE NATURISM
http_access deny MINIMAL-RESTRICTIVE ONLINEAUCTIONS
http_access deny MINIMAL-RESTRICTIVE ONLINEGAMES
http_access deny MINIMAL-RESTRICTIVE PHISHING
http_access deny MINIMAL-RESTRICTIVE PORN
http_access deny MINIMAL-RESTRICTIVE PROXY
http_access deny MINIMAL-RESTRICTIVE RINGTONES
http_access deny MINIMAL-RESTRICTIVE SEXUALITY
http_access deny MINIMAL-RESTRICTIVE SEXUALITYEDUCATION
http_access deny MINIMAL-RESTRICTIVE SPYWARE
http_access deny MINIMAL-RESTRICTIVE TOBACCO
http_access deny MINIMAL-RESTRICTIVE VIOLENCE
http_access deny MINIMAL-RESTRICTIVE VIRUSINFECTED
http_access deny MINIMAL-RESTRICTIVE WAREZ
http_access deny MINIMAL-RESTRICTIVE WEAPONS
#### MEDIUM-RESTRICTIVE ####
http_access deny MEDIUM-RESTRICTIVE ABORTION
http_access deny MEDIUM-RESTRICTIVE ADS
http_access deny MEDIUM-RESTRICTIVE ADULT
http_access deny MEDIUM-RESTRICTIVE AGGRESSIVE
http_access deny MEDIUM-RESTRICTIVE ALCOHOL
http_access deny MEDIUM-RESTRICTIVE ARTNUDES
http_access deny MEDIUM-RESTRICTIVE ASTROLOGY
http_access deny MEDIUM-RESTRICTIVE AUDIO-VIDEO
http_access deny MEDIUM-RESTRICTIVE BEERLIQUORINFO
http_access deny MEDIUM-RESTRICTIVE BEERLIQUORSALE
http_access deny MEDIUM-RESTRICTIVE BITCOIN
http_access deny MEDIUM-RESTRICTIVE CELEBRITY
http_access deny MEDIUM-RESTRICTIVE CHAT
http_access deny MEDIUM-RESTRICTIVE CONTRACEPTION
http_access deny MEDIUM-RESTRICTIVE DATING
http_access deny MEDIUM-RESTRICTIVE DESKTOPSILLIES
http_access deny MEDIUM-RESTRICTIVE DIALERS
http_access deny MEDIUM-RESTRICTIVE DRUGS
http_access deny MEDIUM-RESTRICTIVE ECOMMERCE
http_access deny MEDIUM-RESTRICTIVE ENTERTAINMENT
http_access deny MEDIUM-RESTRICTIVE FILEHOSTING
http_access deny MEDIUM-RESTRICTIVE FILESHARING
http_access deny MEDIUM-RESTRICTIVE FRENCHEDUCATION
http_access deny MEDIUM-RESTRICTIVE GAMBLING
http_access deny MEDIUM-RESTRICTIVE GAMES
http_access deny MEDIUM-RESTRICTIVE GARDENING
http_access deny MEDIUM-RESTRICTIVE GUNS
http_access deny MEDIUM-RESTRICTIVE HACKING
http_access deny MEDIUM-RESTRICTIVE HOMEREPAIR
http_access deny MEDIUM-RESTRICTIVE HUMOR
http_access deny MEDIUM-RESTRICTIVE HUNTING
http_access deny MEDIUM-RESTRICTIVE HYGIENE
http_access deny MEDIUM-RESTRICTIVE INSTANTMESSAGING
http_access deny MEDIUM-RESTRICTIVE JEWELRY
http_access deny MEDIUM-RESTRICTIVE JOBSEARCH
http_access deny MEDIUM-RESTRICTIVE KIDSTIMEWASTING
http_access deny MEDIUM-RESTRICTIVE LINGERIE
http_access deny MEDIUM-RESTRICTIVE MAGAZINES
http_access deny MEDIUM-RESTRICTIVE MALWARE
http_access deny MEDIUM-RESTRICTIVE MARKETINGWARE
http_access deny MEDIUM-RESTRICTIVE MEDICAL
http_access deny MEDIUM-RESTRICTIVE MIXED_ADULT
http_access deny MEDIUM-RESTRICTIVE MOBILE-PHONE
http_access deny MEDIUM-RESTRICTIVE NATURISM
http_access deny MEDIUM-RESTRICTIVE NEWS
http_access deny MEDIUM-RESTRICTIVE ONLINEAUCTIONS
http_access deny MEDIUM-RESTRICTIVE ONLINEGAMES
http_access deny MEDIUM-RESTRICTIVE PHISHING
http_access deny MEDIUM-RESTRICTIVE PORN
http_access deny MEDIUM-RESTRICTIVE PRESS
http_access deny MEDIUM-RESTRICTIVE PROXY
http_access deny MEDIUM-RESTRICTIVE RINGTONES
http_access deny MEDIUM-RESTRICTIVE SECT
http_access deny MEDIUM-RESTRICTIVE SEXUALITY
http_access deny MEDIUM-RESTRICTIVE SEXUALITYEDUCATION
http_access deny MEDIUM-RESTRICTIVE SHOPPING
http_access deny MEDIUM-RESTRICTIVE SOCIAL_NETWORKS
http_access deny MEDIUM-RESTRICTIVE SOCIALNETWORKING
http_access deny MEDIUM-RESTRICTIVE SPORTNEWS
http_access deny MEDIUM-RESTRICTIVE SPORTS
http_access deny MEDIUM-RESTRICTIVE SPYWARE
http_access deny MEDIUM-RESTRICTIVE TOBACCO
http_access deny MEDIUM-RESTRICTIVE VACATION
http_access deny MEDIUM-RESTRICTIVE VIOLENCE
http_access deny MEDIUM-RESTRICTIVE VIRUSINFECTED
http_access deny MEDIUM-RESTRICTIVE WAREZ
http_access deny MEDIUM-RESTRICTIVE WEAPONS
#### HIGHLY-RESTRICTIVE ####
http_access deny HIGHLY-RESTRICTIVE ABORTION
http_access deny HIGHLY-RESTRICTIVE ADS
http_access deny HIGHLY-RESTRICTIVE ADULT
http_access deny HIGHLY-RESTRICTIVE AGGRESSIVE
http_access deny HIGHLY-RESTRICTIVE ALCOHOL
http_access deny HIGHLY-RESTRICTIVE ANTISPYWARE
http_access deny HIGHLY-RESTRICTIVE ARTNUDES
http_access deny HIGHLY-RESTRICTIVE ASTROLOGY
http_access deny HIGHLY-RESTRICTIVE AUDIO-VIDEO
http_access deny HIGHLY-RESTRICTIVE BEERLIQUORINFO
http_access deny HIGHLY-RESTRICTIVE BEERLIQUORSALE
http_access deny HIGHLY-RESTRICTIVE BITCOIN
http_access deny HIGHLY-RESTRICTIVE BLOG
http_access deny HIGHLY-RESTRICTIVE BOOKS
http_access deny HIGHLY-RESTRICTIVE CELEBRITY
http_access deny HIGHLY-RESTRICTIVE CELLPHONES
http_access deny HIGHLY-RESTRICTIVE CHAT
http_access deny HIGHLY-RESTRICTIVE CHILDCARE
http_access deny HIGHLY-RESTRICTIVE CLEANING
http_access deny HIGHLY-RESTRICTIVE CLOTHING
http_access deny HIGHLY-RESTRICTIVE CONTRACEPTION
http_access deny HIGHLY-RESTRICTIVE CULINARY
http_access deny HIGHLY-RESTRICTIVE DATING
http_access deny HIGHLY-RESTRICTIVE DESKTOPSILLIES
http_access deny HIGHLY-RESTRICTIVE DIALERS
http_access deny HIGHLY-RESTRICTIVE DRUGS
http_access deny HIGHLY-RESTRICTIVE ECOMMERCE
http_access deny HIGHLY-RESTRICTIVE ENTERTAINMENT
http_access deny HIGHLY-RESTRICTIVE FILEHOSTING
http_access deny HIGHLY-RESTRICTIVE FILESHARING
http_access deny HIGHLY-RESTRICTIVE FRENCHEDUCATION
http_access deny HIGHLY-RESTRICTIVE GAMBLING
http_access deny HIGHLY-RESTRICTIVE GAMES
http_access deny HIGHLY-RESTRICTIVE GARDENING
http_access deny HIGHLY-RESTRICTIVE GUNS
http_access deny HIGHLY-RESTRICTIVE HACKING
http_access deny HIGHLY-RESTRICTIVE HOMEREPAIR
http_access deny HIGHLY-RESTRICTIVE HUMOR
http_access deny HIGHLY-RESTRICTIVE HUNTING
http_access deny HIGHLY-RESTRICTIVE HYGIENE
http_access deny HIGHLY-RESTRICTIVE INSTANTMESSAGING
http_access deny HIGHLY-RESTRICTIVE JEWELRY
http_access deny HIGHLY-RESTRICTIVE JOBSEARCH
http_access deny HIGHLY-RESTRICTIVE KIDSTIMEWASTING
http_access deny HIGHLY-RESTRICTIVE LINGERIE
http_access deny HIGHLY-RESTRICTIVE MAGAZINES
http_access deny HIGHLY-RESTRICTIVE MALWARE
http_access deny HIGHLY-RESTRICTIVE MARKETINGWARE
http_access deny HIGHLY-RESTRICTIVE MEDICAL
http_access deny HIGHLY-RESTRICTIVE MIXED_ADULT
http_access deny HIGHLY-RESTRICTIVE MOBILE-PHONE
http_access deny HIGHLY-RESTRICTIVE NATURISM
http_access deny HIGHLY-RESTRICTIVE NEWS
http_access deny HIGHLY-RESTRICTIVE ONLINEAUCTIONS
http_access deny HIGHLY-RESTRICTIVE ONLINEGAMES
http_access deny HIGHLY-RESTRICTIVE ONLINEPAYMENT
http_access deny HIGHLY-RESTRICTIVE PERSONALFINANCE
http_access deny HIGHLY-RESTRICTIVE PETS
http_access deny HIGHLY-RESTRICTIVE PHISHING
http_access deny HIGHLY-RESTRICTIVE PORN
http_access deny HIGHLY-RESTRICTIVE PRESS
http_access deny HIGHLY-RESTRICTIVE PROXY
http_access deny HIGHLY-RESTRICTIVE RADIO
http_access deny HIGHLY-RESTRICTIVE RELIGION
http_access deny HIGHLY-RESTRICTIVE RINGTONES
http_access deny HIGHLY-RESTRICTIVE SECT
http_access deny HIGHLY-RESTRICTIVE SEXUALITY
http_access deny HIGHLY-RESTRICTIVE SEXUALITYEDUCATION
http_access deny HIGHLY-RESTRICTIVE SHOPPING
http_access deny HIGHLY-RESTRICTIVE SOCIAL_NETWORKS
http_access deny HIGHLY-RESTRICTIVE SOCIALNETWORKING
http_access deny HIGHLY-RESTRICTIVE SPORTNEWS
http_access deny HIGHLY-RESTRICTIVE SPORTS
http_access deny HIGHLY-RESTRICTIVE SPYWARE
http_access deny HIGHLY-RESTRICTIVE TOBACCO
http_access deny HIGHLY-RESTRICTIVE VACATION
http_access deny HIGHLY-RESTRICTIVE VIOLENCE
http_access deny HIGHLY-RESTRICTIVE VIRUSINFECTED
http_access deny HIGHLY-RESTRICTIVE WAREZ
http_access deny HIGHLY-RESTRICTIVE WEAPONS
# Allow All
http_access allow all
#########################################################################
#### DENY PAGES ####
deny_info ERR_ACCESS_DENIED_ABORTION ABORTION
deny_info ERR_ACCESS_DENIED_ADS ADS
deny_info ERR_ACCESS_DENIED_ADULT ADULT
deny_info ERR_ACCESS_DENIED_AGGRESSIVE AGGRESSIVE
deny_info ERR_ACCESS_DENIED_ALCOHOL ALCOHOL
deny_info ERR_ACCESS_DENIED_ANTISPYWARE ANTISPYWARE
deny_info ERR_ACCESS_DENIED_ARTNUDES ARTNUDES
deny_info ERR_ACCESS_DENIED_ASTROLOGY ASTROLOGY
deny_info ERR_ACCESS_DENIED_AUDIO-VIDEO AUDIO-VIDEO
deny_info ERR_ACCESS_DENIED_BANKING BANKING
deny_info ERR_ACCESS_DENIED_BEERLIQUORINFO BEERLIQUORINFO
deny_info ERR_ACCESS_DENIED_BEERLIQUORSALE BEERLIQUORSALE
deny_info ERR_ACCESS_DENIED_BITCOIN BITCOIN
deny_info ERR_ACCESS_DENIED_BLOG BLOG
deny_info ERR_ACCESS_DENIED_BOOKS BOOKS
deny_info ERR_ACCESS_DENIED_CELEBRITY CELEBRITY
deny_info ERR_ACCESS_DENIED_CELLPHONES CELLPHONES
deny_info ERR_ACCESS_DENIED_CHAT CHAT
deny_info ERR_ACCESS_DENIED_CHILDCARE CHILDCARE
deny_info ERR_ACCESS_DENIED_CLEANING CLEANING
deny_info ERR_ACCESS_DENIED_CLOTHING CLOTHING
deny_info ERR_ACCESS_DENIED_CONTRACEPTION CONTRACEPTION
deny_info ERR_ACCESS_DENIED_CULINARY CULINARY
deny_info ERR_ACCESS_DENIED_DATING DATING
deny_info ERR_ACCESS_DENIED_DESKTOPSILLIES DESKTOPSILLIES
deny_info ERR_ACCESS_DENIED_DIALERS DIALERS
deny_info ERR_ACCESS_DENIED_DRUGS DRUGS
deny_info ERR_ACCESS_DENIED_ECOMMERCE ECOMMERCE
deny_info ERR_ACCESS_DENIED_ENTERTAINMENT ENTERTAINMENT
deny_info ERR_ACCESS_DENIED_FILEHOSTING FILEHOSTING
deny_info ERR_ACCESS_DENIED_FILESHARING FILESHARING
deny_info ERR_ACCESS_DENIED_FRENCHEDUCATION FRENCHEDUCATION
deny_info ERR_ACCESS_DENIED_GAMBLING GAMBLING
deny_info ERR_ACCESS_DENIED_GAMES GAMES
deny_info ERR_ACCESS_DENIED_GARDENING GARDENING
deny_info ERR_ACCESS_DENIED_GOVERNMENT GOVERNMENT
deny_info ERR_ACCESS_DENIED_GUNS GUNS
deny_info ERR_ACCESS_DENIED_HACKING HACKING
deny_info ERR_ACCESS_DENIED_HOMEREPAIR HOMEREPAIR
deny_info ERR_ACCESS_DENIED_HUMOR HUMOR
deny_info ERR_ACCESS_DENIED_HUNTING HUNTING
deny_info ERR_ACCESS_DENIED_HYGIENE HYGIENE
deny_info ERR_ACCESS_DENIED_INSTANTMESSAGING INSTANTMESSAGING
deny_info ERR_ACCESS_DENIED_JEWELRY JEWELRY
deny_info ERR_ACCESS_DENIED_JOBSEARCH JOBSEARCH
deny_info ERR_ACCESS_DENIED_KIDSTIMEWASTING KIDSTIMEWASTING
deny_info ERR_ACCESS_DENIED_LINGERIE LINGERIE
deny_info ERR_ACCESS_DENIED_MAGAZINES MAGAZINES
deny_info ERR_ACCESS_DENIED_MALWARE MALWARE
deny_info ERR_ACCESS_DENIED_MAIL MAIL
deny_info ERR_ACCESS_DENIED_MARKETINGWARE MARKETINGWARE
deny_info ERR_ACCESS_DENIED_MEDICAL MEDICAL
deny_info ERR_ACCESS_DENIED_MIXED_ADULT MIXED_ADULT
deny_info ERR_ACCESS_DENIED_MOBILE-PHONE MOBILE-PHONE
deny_info ERR_ACCESS_DENIED_NATURISM NATURISM
deny_info ERR_ACCESS_DENIED_NEWS NEWS
deny_info ERR_ACCESS_DENIED_ONLINEAUCTIONS ONLINEAUCTIONS
deny_info ERR_ACCESS_DENIED_ONLINEGAMES ONLINEGAMES
deny_info ERR_ACCESS_DENIED_ONLINEPAYMENT ONLINEPAYMENT
deny_info ERR_ACCESS_DENIED_PERSONALFINANCE PERSONALFINANCE
deny_info ERR_ACCESS_DENIED_PETS PETS
deny_info ERR_ACCESS_DENIED_PHISHING PHISHING
deny_info ERR_ACCESS_DENIED_PORN PORN
deny_info ERR_ACCESS_DENIED_PRESS PRESS
deny_info ERR_ACCESS_DENIED_PROXY PROXY
deny_info ERR_ACCESS_DENIED_RADIO RADIO
deny_info ERR_ACCESS_DENIED_RELIGION RELIGION
deny_info ERR_ACCESS_DENIED_RINGTONES RINGTONES
deny_info ERR_ACCESS_DENIED_SEARCHENGINE SEARCHENGINE
deny_info ERR_ACCESS_DENIED_SECT SECT
deny_info ERR_ACCESS_DENIED_SEXUALITY SEXUALITY
deny_info ERR_ACCESS_DENIED_SEXUALITYEDUCATION SEXUALITYEDUCATION
deny_info ERR_ACCESS_DENIED_SHOPPING SHOPPING
deny_info ERR_ACCESS_DENIED_SOCIAL_NETWORKS SOCIAL_NETWORKS
deny_info ERR_ACCESS_DENIED_SOCIALNETWORKING SOCIALNETWORKING
deny_info ERR_ACCESS_DENIED_SPORTNEWS SPORTNEWS
deny_info ERR_ACCESS_DENIED_SPORTS SPORTS
deny_info ERR_ACCESS_DENIED_SPYWARE SPYWARE
deny_info ERR_ACCESS_DENIED_TOBACCO TOBACCO
deny_info ERR_ACCESS_DENIED_UPDATESITES UPDATESITES
deny_info ERR_ACCESS_DENIED_VACATION VACATION
deny_info ERR_ACCESS_DENIED_VIOLENCE VIOLENCE
deny_info ERR_ACCESS_DENIED_VIRUSINFECTED VIRUSINFECTED
deny_info ERR_ACCESS_DENIED_WAREZ WAREZ
deny_info ERR_ACCESS_DENIED_WEATHER WEATHER
deny_info ERR_ACCESS_DENIED_WEAPONS WEAPONS
deny_info ERR_ACCESS_DENIED_WEBMAIL WEBMAIL
#########################################################################
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
cache deny all
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
On Tue, Mar 17, 2015 at 1:32 PM, Brendan Kearney <bpk678 at gmail.com> wrote:
> On Tue, 2015-03-17 at 16:13 -0300, Marcus Kool wrote:
> > it has a configuration option to respond with
> > 'allow all' during a reconfiguration.
>
> a Fail-Open policy can be a security gap, and should be considered
> carefully before implementing. the intention of the whitelisted URLs is
> to prevent access to content that is otherwise forbidden. failing open,
> even briefly, undermines that control. what is the default setting
> there?
>
>
--
Samuel Anderson | Information Technology Administrator | International
Document Services
IDS | 11629 South 700 East, Suite 200 | Draper, UT 84020-4607
--
CONFIDENTIALITY NOTICE:
This e-mail and any attachments are confidential. If you are not an
intended recipient, please contact the sender to report the error and
delete all copies of this message from your system. Any unauthorized
review, use, disclosure or distribution is prohibited.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150317/ba8b93ea/attachment-0001.html>
More information about the squid-users
mailing list