![]() Url_rewrite_children 20 startup=5 idle=5 concurrency=0 ![]() Url_rewrite_program /usr/sbin/ufdbgclient -l /var/log/squid Ssl_bump splice all peek at TLS/SSL connect data splice: no active bumping Enable squidGuard Sslproxy_cipher ALL:!SSLv2:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL TLS/SSL bumping definitionsĪcl tls_s3_server_hello at_step SslBump3 TLS/SSL bumping steps Sslproxy_options NO_SSLv2,NO_SSLv3,No_Compression Https_port 3130 intercept ssl-bump generate-host-certificates=off cert=/etc/pki/tls/certs/NSRV.crt key=/etc/pki/tls/private/NSRV.key sslflags=NO_DEFAULT_CA options=NO_SSLv2,NO_SSLv3,No_Compression dynamic_cert_mem_cache_size=128KB Http_port 3129 transparent Enable SSL transparent proxy Refresh_pattern (+.|)(download|(windows|)update|).(microsoft.|)com/.*.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims Always enable manual proxy Http_access allow localnet And finally deny all other access to this proxyĬache_mem 256 MB Leave coredumps in the first cache dirĬoredump_dir /var/spool/squid Add any of your own refresh_pattern entries above these. Url_rewrite_access deny self localnet self_port No authentication on green and trusted networks Http_access deny manager Skip URL rewriter for local addresses Http_access deny CONNECT !SSL_ports Only allow cachemgr access from localhost Http_access deny !Safe_ports Deny CONNECT to other than secure SSL ports ![]() Http_access allow localhost Deny requests to certain unsafe ports No_cache deny no_cache Allow access from green and trusted networks.Īcl localnet_dst src 192.168.0.0/24 Safe portsĪcl SSL_ports port 980 # httpd-admin (server-manager)Īcl Safe_ports port 1025-65535 # unregistered portsĪcl Safe_ports port 980 # httpd-admin (server-manager)Īcl CONNECT method CONNECT 20acl_00_portscustom Allow access from localhost # Uncomment this to enable debugĪcl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
0 Comments
Leave a Reply. |