]>
Commit | Line | Data |
---|---|---|
35f994e9 MT |
1 | # Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes\r |
2 | # you make will be overwritten whenever you resave proxy settings using the\r | |
3 | # web interface! Instead, modify the file '/var/ipcop/proxy/acl' and then\r | |
4 | # restart squid using the web interface. Changes made to the 'acl' file\r | |
5 | # will propagate to the 'squid.conf' file at that time.\r | |
6 | # [Scott Tregear, 22 Feb 2005]\r | |
7 | \r | |
8 | # Uncomment the following line to enable logging of User-Agent header:\r | |
9 | #useragent_log /var/log/squid/user_agent.log\r | |
10 | \r | |
11 | # Uncomment the following line to enable logging of Referer header:\r | |
12 | #referer_log /var/log/squid/referer.log\r | |
13 | \r | |
14 | acl all src 0.0.0.0/0.0.0.0\r | |
15 | acl localhost src 127.0.0.1/255.255.255.255\r | |
16 | acl SSL_ports port 443 563 \r | |
17 | acl Safe_ports port 80 # http \r | |
18 | acl Safe_ports port 21 # ftp \r | |
19 | acl Safe_ports port 443 563 # https, snews \r | |
20 | acl Safe_ports port 70 # gopher \r | |
21 | acl Safe_ports port 210 # wais \r | |
22 | acl Safe_ports port 1025-65535 # unregistered ports \r | |
23 | acl Safe_ports port 280 # http-mgmt \r | |
24 | acl Safe_ports port 488 # gss-http \r | |
25 | acl Safe_ports port 591 # filemaker \r | |
26 | acl Safe_ports port 777 # multiling http \r | |
27 | acl Safe_ports port __PROXY_PORT__ # Squid port (for icons) \r | |
28 | \r | |
29 | acl IPCop_http port 81\r | |
30 | acl IPCop_https port 444\r | |
31 | acl IPCop_ips dst __GREEN_IP__ __BLUE_IP__\r | |
32 | acl IPCop_networks src __GREEN_NET__ __BLUE_NET__\r | |
33 | acl CONNECT method CONNECT \r | |
34 | \r | |
35 | ##Access to squid:\r | |
36 | #local machine, no restriction\r | |
37 | http_access allow localhost\r | |
38 | \r | |
39 | #GUI admin if local machine connects\r | |
40 | http_access allow IPCop_ips IPCop_networks IPCop_http\r | |
41 | http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https\r | |
42 | \r | |
43 | #Deny not web services\r | |
44 | http_access deny !Safe_ports\r | |
45 | http_access deny CONNECT !SSL_ports\r | |
46 | \r | |
47 | #Finally allow IPCop_networks clients\r | |
48 | http_access allow IPCop_networks\r | |
49 | http_access deny all\r |