upstream/oracle/userland-gate: components/squid/squid.conf.default@775168282b2f (annotated)

211 f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	1	#
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	2	# Recommended minimum configuration:
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	3	#
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	4	acl manager proto cache_object
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	5	acl localhost src 127.0.0.1/32 ::1
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	6	acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	7
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	8	# Example rule allowing access from your local networks.
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	9	# Adapt to list your (internal) IP networks from where browsing
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	10	# should be allowed
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	11	acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	12	acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	13	acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	14	acl localnet src fc00::/7 # RFC 4193 local private network range
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	15	acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	16
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	17	acl SSL_ports port 443
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	18	acl Safe_ports port 80 # http
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	19	acl Safe_ports port 21 # ftp
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	20	acl Safe_ports port 443 # https
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	21	acl Safe_ports port 70 # gopher
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	22	acl Safe_ports port 210 # wais
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	23	acl Safe_ports port 1025-65535 # unregistered ports
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	24	acl Safe_ports port 280 # http-mgmt
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	25	acl Safe_ports port 488 # gss-http
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	26	acl Safe_ports port 591 # filemaker
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	27	acl Safe_ports port 777 # multiling http
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	28	acl CONNECT method CONNECT
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	29
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	30	#
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	31	# Recommended minimum Access Permission configuration:
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	32	#
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	33	# Only allow cachemgr access from localhost
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	34	http_access allow manager localhost
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	35	http_access deny manager
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	36
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	37	# Deny requests to certain unsafe ports
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	38	http_access deny !Safe_ports
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	39
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	40	# Deny CONNECT to other than secure SSL ports
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	41	http_access deny CONNECT !SSL_ports
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	42
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	43	# We strongly recommend the following be uncommented to protect innocent
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	44	# web applications running on the proxy server who think the only
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	45	# one who can access services on "localhost" is a local user
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	46	#http_access deny to_localhost
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	47
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	48	#
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	49	# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	50	#
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	51
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	52	# Example rule allowing access from your local networks.
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	53	# Adapt localnet in the ACL section to list your (internal) IP networks
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	54	# from where browsing should be allowed
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	55	http_access allow localnet
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	56	http_access allow localhost
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	57
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	58	# And finally deny all other access to this proxy
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	59	http_access deny all
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	60
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	61	# Squid normally listens to port 3128
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	62	http_port 3128
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	63
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	64	# We recommend you to use at least the following line.
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	65	hierarchy_stoplist cgi-bin ?
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	66
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	67	# Uncomment and adjust the following to add a disk cache directory.
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	68	#cache_dir ufs /var/squid/cache 100 16 256
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	69
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	70	# Leave coredumps in the first cache dir
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	71	coredump_dir /var/squid/cache
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	72
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	73	# Add any of your own refresh_pattern entries above these.
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	74	refresh_pattern ^ftp: 1440 20% 10080
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	75	refresh_pattern ^gopher: 1440 0% 1440
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	76	refresh_pattern -i (/cgi-bin/\|\?) 0 0% 0
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	77	refresh_pattern . 0 20% 4320
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	78
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	79	# TAG: cache_effective_user
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	80	# If you start Squid as root, it will change its effective/real
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	81	# UID/GID to the user specified below. The default is to change
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	82	# to UID to nobody. If you define cache_effective_user, but not
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	83	# cache_effective_group, Squid sets the GID to the effective
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	84	# user's default group ID (taken from the password file) and
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	85	# supplementary group list from the from groups membership of
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	86	# cache_effective_user.
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	87	#
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	88	#Default:
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	89	cache_effective_user webservd
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	90
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	91	# TAG: cache_effective_group
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	92	# If you want Squid to run with a specific GID regardless of
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	93	# the group memberships of the effective user then set this
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	94	# to the group (or GID) you want Squid to run as. When set
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	95	# all other group privileges of the effective user is ignored
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	96	# and only this GID is effective. If Squid is not started as
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	97	# root the user starting Squid must be member of the specified
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	98	# group.
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	99	#
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	100	#Default:
f37f16a2a99c 7035372 update squid to 3.1.8 Srinivasa Sarva <srinivasa.sarva@oracle.com> parents: diff changeset	101	# none

author	Rich Burridge <rich.burridge@oracle.com>
	Mon, 05 Dec 2011 11:48:52 -0800
changeset 609	775168282b2f
parent 211	f37f16a2a99c
permissions	-rw-r--r--