Table of Contents

Squid (squid.py)

Squid Recommended Configuration with whitelist


Table of Contents


/etc/squid/squid.conf

#===============================================================================
#/etc/squid/squid.conf
#  -rw-r-----  root squid
#
#===============================================================================

#-------------------------------------------------------------------------------
# Port
#-------------------------------------------------------------------------------
http_port 8080

acl SSL_ports port 443

acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https

acl CONNECT method CONNECT


#-------------------------------------------------------------------------------
# ACL1 : test-group1
#-------------------------------------------------------------------------------
acl all src all
acl test-group1 src xx.xx.xx.xx # test-server-1
acl test-group1 src xx.xx.xx.xx # test-server-2

acl specialurl1 urlregex test.example.com

httpaccess allow test-group1 specialurl1
http_access deny test-group1 all


#-------------------------------------------------------------------------------
# ACL2 : localnet
#-------------------------------------------------------------------------------
acl test-group2 src xx.xx.xx.xx  xx.xx.xx.xx

acl whitelist dstdomain "/etc/squid/whitelist"
http_access allow whitelist


#-------------------------------------------------------------------------------
# ACL3 : localnet
#-------------------------------------------------------------------------------
acl localnet src 10.50.0.0/24    # Office
acl localnet src 172.16.0.0/24  # 
acl localnet src 192.168.0.0/16 # 

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager




#-------------------------------------------------------------------------------
# Log
#-------------------------------------------------------------------------------
logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
access_log /var/log/squid/access.log combined


#-------------------------------------------------------------------------------
# Security
#-------------------------------------------------------------------------------
forwarded_for off

header_access Referer deny all
header_access X-Forwarded-For deny all
header_access Via deny all

visible_hostname unknown


/etc/squid/whitelist

.microsoft.com
.windows.com
.windowsupdate.com


Squid (squid.py)





Squid (squid.py)