[squid-users] Squid proxy without name resolution for internet adresses behind parent proxy

mbaltruschat marcel at baltruschat.net
Sun Apr 30 11:58:00 UTC 2017


Hello Amos,

thats the configuration of the new squid. As i said, its anonymized, so the
hostnames maybe are a bit
"strange".

Maybe a few words to the parent proxys:

192.168.1.1 and 192.168.2.1 are the ips of the Firewall, second one is a
backup ip

192.168.3.1 and 192.168.4.1 are parent Proxys for accessing apps inside the
corporate Network
which cannot be accessed "DIRECT", only by internal proxy

Regards
Marcel

---------------------------
http_port 8080
icp_port 0
check_hostnames off
ssl_unclean_shutdown on
dns_nameservers 192.168.50.2
cache_mgr support at dept3.corporate.net

error_directory /usr/local/squid/share/errors/de-de
logfile_rotate 7

# Logb�cher einschalten
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl Bastion dstdomain 192.168.1.1
### 2014-03-20 ###
acl Bastion dstdomain 192.168.2.1
acl APPONE dstdomain app1.publicwebsite.de
acl APPONE dstdomain APP2.publicwebsite.de
acl APPONE dstdomain www.publicwebsite.de
acl DEPT2 dstdomain www.dept2.corporate.net # Intranet DEPT2
###
### 2015-11-05 ###
acl APPTWOPROXY dstdomain 192.168.3.1
acl APPTWO dstdomain 192.168.100.3 # Verbindungen in die Firewall zum
APPTWO-Server  - Developement
acl APPTWO dstdomain 192.168.100.4 # Verbindungen in die Firewall zum
APPTWO-Server  - Testing
acl APPTWO dstdomain 192.168.100.5 # Verbindungen in die Firewall zum
APPTWO-Server  - Produtcion
acl APPTWO dstdomain APPTWOent.corporate.net # Verbindungen in die Firewall
zum APPTWO-Server  - Development
acl APPTWO dstdomain APPTWOqas.corporate.net # Verbindungen in die Firewall
zum APPTWO-Server  - Testing
acl APPTWO dstdomain APPTWOdbp1.corporate.net # Verbindungen in die Firewall
zum APPTWO-Server  - Production
##################
acl CORP dstdomain .corporate.net
acl empfang src 192.168.4.55
acl local src 192.168.50.0/23

#Test für WSUS Range Header Problem  mit Windows 10 Upgrades
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com

#for proxychain test
#cache_peer 192.168.50.19 parent 8080 7 proxy-only no-query no-digest
Default

### 2014-03-20 ###
cache_peer 192.168.1.1 parent 80 7 proxy-only no-query no-digest Default
cache_peer 192.168.2.1 parent 80 7 proxy-only no-query no-digest
cache_peer 192.168.3.1 parent 80 7 proxy-only no-query no-digest
cache_peer 192.168.4.1 parent 3128 7 proxy-only no-query no-digest


cache_peer_domain 192.168.1.1 !CORP
cache_peer_domain 192.168.2.1 !CORP
cache_peer_domain 192.168.3.1 APPTWO !CORP
cache_peer_domain 192.168.2.1 www.app1.publicwebsite2.de
cache_peer_domain 192.168.2.1 app1.publicwebsite.de
cache_peer_domain 192.168.2.1 APP1.publicwebsite.de
cache_peer_domain 192.168.2.1 www.publicwebsite.de
cache_peer_domain 192.168.4.1 www.min.mk.corporate.net
cache_peer_domain 192.168.3.1 APPTWOent.APPTWO.corporate.net
cache_peer_domain 192.168.3.1 APPTWOqas.APPTWO.corporate.net
cache_peer_domain 192.168.3.1 APPTWOdbp1.APPTWO.corporate.net
cache_peer_domain 192.168.3.1 192.168.100.3
cache_peer_domain 192.168.3.1 192.168.100.4
cache_peer_domain 192.168.3.1 192.168.100.5


cache_peer_access 192.168.1.1 allow !CORP !APP1 !APPTWO
cache_peer_access 192.168.2.1 allow APP1 !CORP !APPTWO
cache_peer_access 192.168.4.1 allow DEPT2 !CORP !APPTWO
cache_peer_access 192.168.3.1 allow APPTWO

##################
http_access deny empfang
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow CORP
http_access allow Bastion
http_access allow APP1
http_access allow DEPT2

### 2015-11-05 ###
http_access allow APPTWOPROXY
http_access allow APPTWO
http_access allow all


#Test für WSUS Range Header Problem mit Windows 10 Upgrades
range_offset_limit 200 MB windowsupdate
maximum_object_size 2048 MB
quick_abort_min -1


always_direct allow CORP
always_direct allow APPTWOPROXY
never_direct allow APP1
never_direct allow DEPT2
never_direct allow APPTWO
never_direct allow !CORP




--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-proxy-without-name-resolution-for-internet-adresses-behind-parent-proxy-tp4682225p4682239.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list