[squid-users] ACL and outgoing IP

qdmetro q.dutheil at montpellier3m.fr
Wed Dec 28 08:22:47 UTC 2016 

Here the squid.conf :

auth_param negotiate program /usr/lib/squid3/squid_kerb_auth -s
GSS_C_NO_NAME HTTP/hostname.domain.com
auth_param negotiate children 200
auth_param negotiate keep_alive on
auth_param basic program /usr/lib/squid3/squid_ldap_auth -b
"ou=users,dc=ref,dc=local" -u uid ref.domain.com
url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
url_rewrite_children 80
acl SSL_ports port 443 4443
acl SSL_ports port 563 4431
acl SSL_ports port 873
acl SSL_ports port 7071
acl SSL_ports port 33333 33334
acl SSL_ports port 83
acl Safe_ports port 21
acl Safe_ports port 22
acl Safe_ports port 80 81
acl Safe_ports port 443
acl CONNECT method CONNECT
acl domain_auth proxy_auth REQUIRED
acl localhost src 127.0.0.1/32
acl password proxy_auth REQUIRED
visible_hostname name
snmp_port 3401
acl acl_snmp snmp_community com_name
snmp_access allow acl_snmp
acl localnet src 10.0.0.0/8
acl Microsoft dstdomain .microsoft.com
delay_pools 2
delay_class 2 2
delay_access 2 allow localnet
delay_parameters 2 12233386/12233386 12233386/12233386
forwarded_for on
follow_x_forwarded_for allow localnet
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow Microsoft
tcp_outgoing_address 192.168.1.1 Microsoft
http_access allow localnet password
http_access allow localnet domain_auth
http_access deny all
http_reply_access allow localnet
icp_access deny all
htcp_access deny all
http_port 3128
icp_port 3130
dns_v4_first on
cache_mem 4096 MB
cache_swap_low 75
cache_swap_high 90
cache_replacement_policy heap GDSF
cache_dir ufs /var/spool/squid3 5000 16 256
maximum_object_size_in_memory 128 KB
maximum_object_size 2 MB
access_log /var/log/squid3/access.log squid
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern (cgi-bin|\?)    0       0%      0
refresh_pattern .               0       20%     4320


Thanks for your help.



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/ACL-and-outgoing-IP-tp4680990p4680996.html
Sent from the Squid - Users mailing list archive at Nabble.com.

More information about the squid-users mailing list