[mdlug] sample squid.conf

Robert Adkins radkins at impelind.com
Thu Jan 24 13:29:47 EST 2008 

	The only comment I have right now is...

	What are you asking?

	Is there something in particular that you are interested in knowing
about the squid configuration?

	It's been a while since I have focused pretty strongly on the
squid.conf. So, I can only tell a little bit from the quick scan.

	There is a password authentication setup in place.

	It looks like there are certain user(s) that are allowed Internet
access at lunch time. There appears to be a list of sights that are "always"
available, maybe even always available to those who otherwise have
unfettered lunchtime only use of the Internet.


	-Rob

> -----Original Message-----
> From: mdlug-bounces at mdlug.org 
> [mailto:mdlug-bounces at mdlug.org] On Behalf Of Dean Durant
> Sent: Thursday, January 24, 2008 1:25 PM
> To: mdlug at mdlug.org
> Subject: [mdlug] sample squid.conf
> 
> Hello, I have inherited this squid server, and I don't know 
> that much about it.   It's behind a firewall I don't control, 
> and nobody else controls it either.  So actually, it isn't a 
> sample, it's in production.   Previously when I posted asking 
> about squid, some people offered to take a look at my 
> squid.conf.    So here it is:
> (any comments are greatly appreciate, thanks!)
> 
> http_port 3128
> 
> https_port 3128
> 
> hierarchy_stoplist cgi-bin ?
> 
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
> 
> cache_dir ext3 /usr/freeware/squid/cache 200 16 256
> 
> cache_access_log /usr/freeware/squid/logs/access.log
> 
> cache_log /usr/freeware/squid/logs/cache.log
> 
> cache_store_log /usr/freeware/squid/logs/store.log
> 
> pid_filename /usr/freeware/squid/logs/squid.pid
> 
> debug_options ALL,1
> 
> auth_param basic program /usr/freeware/squid/libexec/yp_auth 
> ab11.com passwd.byname auth_param basic children 10 
> auth_param basic realm Squid proxy-caching web server 
> auth_param basic credentialsttl 2 hours
> 
> refresh_pattern ^ftp:        1440    20%    10080
> refresh_pattern ^gopher:    1440    0%    1440
> refresh_pattern .        0    20%    4320
> 
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl fillmore dst 130.0.0.0/255.0.0.0
> acl origNet src 192.9.70.0/255.255.255.0 acl ab11NetU src 
> 130.16.64.0/255.255.192.0 acl ab11NetW src 
> 130.16.128.0/255.255.192.0 acl localhost src 
> 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 
> acl scanner dst 192.9.70.243 acl autoweb dst 198.172.237.21 
> acl SSL_ports port 443 563 acl Safe_ports port 1025-4000 acl 
> CONNECT method CONNECT acl lunch time 11:30-12:30
> 
> 
> acl folmar dstdomain .cvent.com
> acl cemail  dstdomain  .altair.com
> acl cemail2 dst 12.40.128.114/32
> acl cemail3 dst 63.85.107.47/32
> acl 401k dstdomain .accusereonline.com
> acl sapallow dst 130.10.198.10/32
> acl gmutils dst 130.170.126.202/32
> acl gmutils2 dstdomain pd.naeng.gm.com
> acl gmutils3 dstdomain .gm.com
> acl gmutils4 dst 130.170.0.0/16
> acl gmutils5 port 443
> acl marian src 130.16.128.127
> acl ebay dstdomain .ebay.com
> acl ship dstdomain .kshipijhotelroyale.com acl sols dst 
> 198.63.61.35 acl sols2 dstdomain www2.ab11-us.com acl sols3 
> dstdomain .ab11-us.com acl chry4 dstdomain 
> vpmpasswd.tcc.chrysler.com acl chry5 dstdomain 
> roadmap.tcc.chrylser.com acl chry6 dstdomain .chrysler.com 
> acl chry7 dstdomain intra-wiw.e.daimlerchrysler.com acl chry8 
> dstdomain web3270.appl.daimlerchrysler.com acl chry9 
> dstdomain dcanywhere.daimlerchrysler.com acl hotel1 dstdomain 
> .spg.com acl hotel2 dstdomain .starwoodhotels.com acl hotel3 
> dstdomain .atdmt.com acl hotel4 dstdomain 
> www.starwoodhotels.com acl hotel5 dst 15.173.128.247/32 acl 
> hotel6 dst 155.72.128.147/32 acl brasil1 dst 200.245.73.181
> 
> 
> acl yp_user proxy_auth
> 
> acl yp_user_denied proxy_auth 
> "/usr/freeware/squid/etc/ab11forbidden/user.txt" 
> 
> acl ab11_forbidden url_regex 
> "/usr/freeware/squid/etc/ab11forbidden/ab11_blocked.txt" 
>  
> acl ab11_forbidden_always url_regex 
> "/usr/freeware/squid/etc/ab11forbidden/ab11_deny.always" 
> acl ab11_forbidden_lunch url_regex 
> "/usr/freeware/squid/etc/ab11forbidden/ab11_deny.lunch" 
> http_access allow folmar
> http_access allow scanner
> http_access allow autoweb
> http_access allow sapallow
> http_access allow cemail2
> http_access allow cemail3
> http_access allow 401k
> http_access allow gmutils
> http_access allow gmutils2
> http_access allow gmutils4
> http_access allow gmutils5
> http_access allow ebay
> http_access allow marian
> http_access deny ab11_forbidden
> http_access allow ab11_forbidden_lunch lunch
> http_access deny ab11_forbidden_always
> http_access allow ship
> http_access allow sols
> http_access allow sols2
> http_access allow sols3
> http_access allow yp_user 
> http_access allow chry4
> http_access allow chry5
> http_access allow chry6
> http_access allow chry7
> http_access allow chry8
> http_access allow chry9
> http_access allow hotel1
> http_access allow hotel2
> http_access allow hotel3
> http_access allow hotel4
> http_access allow hotel5
> http_access allow hotel6
> http_access allow brasil1
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> 
> http_access allow fillmore
> http_access allow origNet
> http_access allow ab11NetW
> http_access allow ab11NetU
> http_access allow cemail
> 
> http_access deny all
> 
> http_reply_access allow all
> 
> icp_access allow all
> 
> 
> cache_mgr joe.soandso at ab11-us.com 
> 
> cache_effective_user squid 
> cache_effective_group squid 
> visible_hostname srvproxy228
> 
> 
> dns_testnames netscape.com internic.net nlanr.net picosoft.com
> 
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>

More information about the mdlug mailing list