##-------------------------------] ## Die Squid 2 Konfiguration ## ## 23.09.2006 ## Stefan Bauer ## info@edv-fix.de ##-------------------------------] ##-------------------] ## Grundsaetzliches ##-------------------] http_port 8080 cache_mem 128 MB debug_options ALL,1 # cache_swap_low 90 # cache_swap_high 95 cache_dir ufs /var/spool/squid 1000 16 256 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 ##-------------------] ## Authentifizierung ##-------------------] #auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/.htpasswd #auth_param basic children 5 #auth_param basic realm Squid proxy-caching web server #auth_param basic credentialsttl 2 hours #auth_param basic casesensitive off ##-------------------] ## Squid auf einer ## Ethernet-Bridge ##-------------------] httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on ##-------------------] ## Zugriffsrechte ##-------------------] acl all src 0.0.0.0/0.0.0.0 acl lan src 169.254.0.0/255.255.255.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 # https, snews acl Safe_ports port 80 21 443 563 70 210 1025-65535 acl purge method PURGE acl CONNECT method CONNECT acl FTP proto FTP #acl auth proxy_auth sb #acl kontrollierte_endungen urlpath_regex \.exe$ \.arj$ \.rar$ \.tgz$ \.tar.gz$ #acl kontrollierte_endungen urlpath_regex \.com$ \.zip$ \.bat$ \.inf$ \.mpg$ #acl kontrollierte_endungen urlpath_regex \.wav$ \.mp3$ \.mid$ \.mov$ \.ra$ #acl kontrollierte_endungen urlpath_regex \.au$ \.msi$ #acl verbotene_endungen urlpath_regex \.pif$ \.ocx$ \.vbs$ \.dr$ \.sha$ \.script$ #acl verbotene_endungen urlpath_regex \.scr$ \.hlp$ \.drv$ \.386$ \.shs$ \.eml$ \.nws$ #acl verbotene_urls dstdomain .antenne-bayern.de .antenne.de ##-------------------] ## Moegliche Ablaeufe ##-------------------] #acl porn url_regex "/var/squid/noporn.txt" #acl forbidden_domains dstdomain "/var/squid/forbidden_domains" #acl noporn url_regex "/var/squid/noporn.txt" #acl badlang url_regex "/var/squid/badlang.block.txt" http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #http_access deny forbidden_domains #http_access deny porn !noporn #http_access deny badlang #http_access deny verbotene_urls #http_access allow FTP auth #http_access deny verbotene_endungen #http_access allow kontrollierte_endungen auth http_access allow localhost http_access allow lan http_access deny all icp_access allow all miss_access allow all #http_reply_access allow all ##-------------------] ## Datenschutz ##-------------------] # Bei Log Eintraegen letzte Stelle schneiden client_netmask 255.255.255.0 # Alternativ logging deaktivieren # cache_access_log none cache_store_log none ##-------------------] ## Administratives ##-------------------] cache_mgr verwaltung@wasweisich.de visible_hostname nsa.fbi.gov coredump_dir /var/spool/squid error_directory /usr/share/squid/errors/German #authenticate_ip_ttl 15 minute