Scribd
Upload
160 views5 pages

Squid - Conf Orig

This document contains the configuration file for a Squid proxy server. It defines access control lists (ACLs) for IP addresses and domains, enables basic authentication, and sets various caching, port, and DNS parameters. Key points: - ACLs define allowed/denied sources for internal networks, specific users and branches, blacklist domains, and time-based access. - Basic authentication is configured to authenticate users via username/password stored in a password file. - Caching is enabled with 512MB of cache memory. Refresh patterns manage how content is cached. - The proxy listens on port 8080 and uses specific DNS servers for name resolution. - Access controls allow internal networks and authenticated users,

Uploaded by

Eijizer Zion Narciso
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
160 views5 pages

Squid - Conf Orig

This document contains the configuration file for a Squid proxy server. It defines access control lists (ACLs) for IP addresses and domains, enables basic authentication, and sets various caching, port, and DNS parameters. Key points: - ACLs define allowed/denied sources for internal networks, specific users and branches, blacklist domains, and time-based access. - Basic authentication is configured to authenticate users via username/password stored in a password file. - Caching is enabled with 512MB of cache memory. Refresh patterns manage how content is cached. - The proxy listens on port 8080 and uses specific DNS servers for name resolution. - Access controls allow internal networks and authenticated users,

Uploaded by

Eijizer Zion Narciso
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 5

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1


acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

#acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network


#acl localnet src 172.16.96.0/20 # RFC 1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl localnet src 121.97.26.80/28
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl localnet src 172.16.96.0/20
acl localnet src 172.50.100.0/24

##squid total bandwidth limit ### <-gvillarosa

delay_pools 1
delay_class 1 1
delay_access 1 allow all
delay_parameters 1 128000/128000
# 512 kbits == 64 kbytes per second

##-- for claims <-- gvillarosa


acl stlukes dstdomain "/etc/squid/stlukes"
acl port_443 port 443
acl port_80 port 80
acl port_5721 port 5721
acl port_8080 port 8080
acl CONNECT method CONNECT

acl fb_users src 172.16.99.148 #Mabel


acl fb_users src 172.16.96.34 #Rommel MCIA
acl fb_users src 172.16.100.116 #HR WiFi
acl fb_users src 172.16.100.63 #HR LAN
acl fb_users src 172.16.100.97 #JTabamo
acl fb_users src 172.16.100.123 #HR WiFi Matt
acl fb_users src 172.16.101.49 #Boardroom
acl fb_users src 172.16.100.124 #HR LAN Matt
acl fb_users src 172.16.100.71
acl fb_users src 172.16.100.249 #PRTG
acl fb_users src 172.16.100.89 #VMadarang
acl fb_users src 172.27.101.44 #FTan
acl fb_users src 172.16.100.191 #Alex Balboa
#acl fb_users src 172.16.101.231 #Zhab
acl fb_users src 172.16.99.51 #Jonathan Malayo
acl fb_users src 172.16.99.52 #Rina CCD
acl fb_users src 172.16.101.225 #ASalvador
#acl fb_users src 172.16.99.102 #Ron Reyes
acl fb_users src 172.16.99.123 #Ice
acl fb_users src 172.16.99.173 #Nancy
acl fb_users src 172.16.99.29
acl fb_users src 172.16.99.151
acl fb_users src 172.16.100.95 #CBaviera
acl fb_users src 172.16.99.124 #Mac old
acl fb_users src 172.16.99.125 #Suzette
acl fb_users src 172.16.99.126 #Mac new
acl fb_users src 172.16.100.91 #JEK
acl fb_users src 172.16.99.50 #JManosa
acl fb_users src 172.16.99.171
acl fb_users src 172.16.99.148
acl fb_users src 172.16.99.172
acl fb_users src 172.16.99.137 #Madj
acl fb_users src 172.16.100.76 #RCS
acl fb_users src 172.16.99.181
acl fb_users src 172.16.100.52 #Pogs
acl fb_users src 172.16.100.65 #GVF
acl fb_users src 172.16.99.56 #CCamarillo
acl fb_users src 172.16.99.193
acl fb_users src 172.16.100.107 #NAF
acl fb_users src 172.16.96.189 #FGonzales
acl fb_users src 172.16.100.73 #FGonzales Laptop
acl fb_users src 172.16.96.26 #LA actuary
acl fb_users src 172.16.96.27 #JGADOT
acl fb_users src 172.16.96.28 #KMACARILAY
acl fb_users src 172.16.96.40 #HRD-STAFF
acl fb_users src 172.16.96.41 #ASACRAMENTO
acl fb_users src 172.16.96.55 #JINANOD
acl fb_users src 172.16.96.56 #RRODRIGUEZ
acl fb_users src 172.16.96.57 #RALLUNAR
acl fb_users src 172.16.96.61 #EVIRAY
acl fb_users src 172.16.96.66 #KROQUE
acl fb_users src 172.16.96.67 #RPASS
acl fb_users src 172.16.96.69 #SESGUERRA
acl fb_users src 172.16.96.76 #AANTALAN
acl fb_users src 172.16.96.77 #MMENESES
acl fb_users src 172.16.96.80
acl fb_users src 172.16.96.88 #ETOLENTINO
acl fb_users src 172.16.96.90 #RKATIGBAK
acl fb_users src 172.16.96.92 #VDAVID
acl fb_users src 172.16.96.93 #VFERNANDO
acl fb_users src 172.16.96.96 #LPILAR
acl fb_users src 172.16.96.97 #NMEDINA
acl fb_users src 172.16.96.98 #ASALA
acl fb_users src 172.16.96.101 #JSEVILLA
acl fb_users src 172.16.96.106 #RTOLEROS
acl fb_users src 172.16.96.111 #MPRADO-THINK
acl fb_users src 172.16.96.113 #SCARPIO-PC
acl fb_users src 172.16.96.115 #JDELROSARIO
acl fb_users src 172.16.96.116 #FCARE-PC
acl fb_users src 172.16.96.123 #BPINEDA
acl fb_users src 172.16.96.126 #RSANTIAGO
acl fb_users src 172.16.96.170 #RFULGENCIO
acl fb_users src 172.16.96.177 #MPARALEJAS
acl fb_users src 172.16.96.193 #ATRINIDAD
acl fb_users src 172.16.96.194 #JPRECILLA
acl fb_users src 172.16.96.196 #ONEECRUZ
acl fb_users src 172.16.96.199 #WMERCADO
acl fb_users src 172.16.96.201 #CARIAS
acl fb_users src 172.16.96.202 #RTAN
acl fb_users src 172.16.96.207 #AGCAMACHO
acl fb_users src 172.16.96.209 #JCUEVAS
acl fb_users src 172.16.96.239
acl fb_users src 172.16.96.250 #LENOVO-PC
acl fb_users src 172.16.96.253 #BPCAPISONDA
acl fb_users src 172.16.97.30 #WINDOWS-2JO6ED0
acl fb_users src 172.16.97.227 #RSANTOS
acl fb_users src 172.16.97.229 #TSOLLANO
acl fb_users src 172.16.97.239 #KPAMINTUAN-PC
acl fb_users src 172.16.98.184 #CBERMEJO
acl fb_users src 172.16.99.39 #PAUL
acl fb_users src 172.16.99.157 #LENRIQUEZ
acl fb_users src 172.16.99.159 #JREYES
acl fb_users src 172.16.99.164 #AGUMANGAN
acl fb_users src 172.16.99.166 #GRAYMUNDO
acl fb_users src 172.16.99.172 #JGENAVIA
acl fb_users src 172.16.99.173 #NDOLOTANORA
acl fb_users src 172.16.99.179 #CDELOSSANTOS
acl fb_users src 172.16.99.180 #SDEJESUS
acl fb_users src 172.16.99.217 #RMORALES
acl fb_users src 172.16.99.225 #RZALDIVAR
acl fb_users src 172.16.100.52 #AUDIT-FCARE
acl fb_users src 172.16.100.74 #DEFAULT-THINK
acl fb_users src 172.16.100.82 #CATHERINE-PC
acl fb_users src 172.16.100.95 #DESKTOP-M1O9I7G
acl fb_users src 172.16.100.96 #MARZ
acl fb_users src 172.16.100.100 #ETORIO-PC
acl fb_users src 172.16.100.220 #KCERVANTES
acl fb_users src 172.16.100.223 #CMGOJT
acl fb_users src 172.16.100.250 #CRO-MONITOR
acl branch src 172.19.100.0/23 #Makati
acl branch src 172.20.100.0/23 #Manila
acl branch src 172.21.100.0/23 #Caloocan
acl branch src 172.23.100.0/23 #Angeles
acl branch src 172.24.100.0/23 #Tarlac
acl branch src 172.25.100.0/23 #Dagupan
acl branch src 172.26.100.0/23 #Davao
acl branch src 172.27.100.0/23 #Cebu
acl branch src 172.28.100.0/23 #Iloilo
acl branch src 172.29.100.0/23 #Bacolod
acl branch src 172.30.100.0/23 #CDO
acl branch src 172.31.100.0/23 #Isabela
acl branch src 172.32.100.0/23 #Legaspi
acl branch src 172.33.100.0/23 #Delos Santos
acl branch src 172.35.100.0/23 #Cabanatuan
acl branch src 172.37.100.0/23 #Gen San
acl branch src 172.38.100.0/23 #FEU
acl branch src 172.41.100.0/23 #Olongapo
acl branch src 172.42.100.0/23 #Roxas
acl branch src 172.50.101.0/29 #TMC
acl branch src 172.50.101.8/29 #VRP
acl branch src 172.50.101.16/29 #SLMC
acl branch src 172.50.101.24/29 #SLMC Global
acl branch src 172.50.100.32/29 #Mega
acl branch src 172.50.100.40/29 #Muntinlupa
acl branch src 172.50.101.40/29 #Meycauayan
acl davao src 172.16.100.71
acl morning time 06:00-08:00
acl lunch time 12:00-13:00
acl dinner time 18:00-19:00

##-- for claims


http_access allow port_5721
http_access allow port_80 stlukes
http_access allow CONNECT port_443 stlukes
#http_access allow CONNECT port_80 stlukes
#http_access allow CONNECT port_8080 stlukes

acl SSL_ports port 443


acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8080
acl CONNECT method CONNECT

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid.passwd


auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off

acl claims proxy_auth REQUIRED


acl pass proxy_auth REQUIRED
acl blacklist dstdomain "/etc/squid/blacklist"
acl blacklist_fb dstdomain "/etc/squid/blacklist_fb"
acl blacklist_branches dstdomain "/etc/squid/blacklist_branches"
#acl pcmac arp "etc/squid/pcmac.lst"

## youtube bandwidth limit ###


#acl group1 url_regex -i youtube.com
#delay_pools 1
#delay_class 1 1
# 256 Kbit/s fill rate, 1024 Kbit/s reserve
#delay_parameters 1 32000/128000
#delay_access 1 allow group1

#icp_access allow localnet


#icp_acces deny allow

http_port 8080

hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?

http_access deny blacklist_fb


http_access allow fb_users
http_access deny blacklist_branches
http_access deny blacklist
#http_access deny blacklist pcmac
http_access allow davao
http_access allow morning
http_access allow lunch
http_access allow dinner
http_access allow pass

http_access allow branch


#http_access allow pcmac
http_access deny all

http_access allow localnet


http_access allow localhost
http_access allow manager localhost
http_access deny manager
http_access deny CONNECT !SSL_ports
http_access deny !Safe_ports
http_access deny all
no_cache deny QUERY

cache_mem 512 MB
#cache_dir ufs /var/cache/squid/ 256 16 256

refresh_pattern ^ftp: 1440 20% 10080


refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

cache_effective_user squid
cache_effective_group squid

dns_nameservers 202.78.97.41
dns_nameservers 210.4.2.61
dns_nameservers 210.4.2.20
#dns_nameservers 203.167.97.66
#dns_nameservers 203.167.97.200

coredump_dir /var/spool/squid

visible_hostname none

tcp_outgoing_address 10.1.1.111
-----------------------------------------------------------------------

Configuration
Edit the squid.conf file:
# vi /etc/squid/squid.conf

Find or add the following configuration directive:

tcp_outgoing_address 1.2.3.4
Save and close the file. Reload the squid proxy server / config file changes by
typing the following command:
# squid -k reconfigure

OR
# service squid reload

You might also like