1 # Do not modify '/var/ipfire/proxy/squid.conf' directly since any changes
2 # you make will be overwritten whenever you resave proxy settings using the
3 # web interface! Instead, modify the file '/var/ipfire/proxy/acl' and then
4 # restart squid using the web interface. Changes made to the 'acl' file
5 # will propagate to the 'squid.conf' file at that time.
6 # [Scott Tregear, 22 Feb 2005]
8 # Uncomment the following line to enable logging of User-Agent header:
9 #useragent_log /var/log/squid/user_agent.log
11 # Uncomment the following line to enable logging of Referer header:
12 #referer_log /var/log/squid/referer.log
14 acl all src 0.0.0.0/0.0.0.0
15 acl localhost src 127.0.0.1/255.255.255.255
16 acl SSL_ports port 443 563
17 acl Safe_ports port 80 # http
18 acl Safe_ports port 21 # ftp
19 acl Safe_ports port 443 563 # https, snews
20 acl Safe_ports port 70 # gopher
21 acl Safe_ports port 210 # wais
22 acl Safe_ports port 1025-65535 # unregistered ports
23 acl Safe_ports port 280 # http-mgmt
24 acl Safe_ports port 488 # gss-http
25 acl Safe_ports port 591 # filemaker
26 acl Safe_ports port 777 # multiling http
27 acl Safe_ports port __PROXY_PORT__ # Squid port (for icons)
29 acl IPCop_http port 81
30 acl IPCop_https port 444
31 acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__
32 acl IPCop_networks src __GREEN_NET__ __BLUE_NET__
33 acl CONNECT method CONNECT
36 #local machine, no restriction
37 http_access allow localhost
39 #GUI admin if local machine connects
40 http_access allow IPCop_ips IPCop_networks IPCop_http
41 http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
43 #Deny not web services
44 http_access deny !Safe_ports
45 http_access deny CONNECT !SSL_ports
47 #Finally allow IPCop_networks clients
48 http_access allow IPCop_networks