Squid3

Version 2.0
Software used in Version 2.0.
GPL License
Software distributed under
GNU GPL license.

Contents

[edit]

Squid version 3 (iSAKv2)

iSAKv2 is using Squid3 because of the acl type ext_user.

[edit]

Squid configuration

[edit]

File /etc/squid/squid.conf

#########################################################
# File: /etc/squid/squid.conf                           #
# Squid version 3.0                                     #
#                                                       #
# iSAK v2.0.0 - http://isak.gplindustries.com           #
#########################################################

# General Configuration
visible_hostname  proxy.domain.tld
cache_mgr         root@domain.tld
http_port         3128 vhost

# Cache and logs
cache_dir         ufs /var/spool/squid 100 16 256
coredump_dir      /var/spool/squid
error_directory   /usr/share/squid/errors/French
log_fqdn          off

# Don't cache URLs
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# Login external ACL program
external_acl_type extacl_login children=2 ttl=0 negative_ttl=0 %SRC /path/to/iSAK-2.0.0/iSAKidentServer/iSAKidentServer

# ACL
acl all           src      0.0.0.0/0.0.0.0
acl manager       proto    cache_object
acl localhost     src      127.0.0.1/255.255.255.255
acl to_localhost  dst      127.0.0.0/8
acl SSL_ports     port     443  # https
acl Safe_ports    port     80   # http
acl Safe_ports    port     21   # ftp
acl Safe_ports    port     443  # https
acl CONNECT       method   CONNECT
acl login         external extacl_login # External login

# User lists
acl users_marketing     ext_user Bob Suzie
acl users_sales         ext_user Marc Paul
acl users_devel         ext_user Isabelle Guy

# Blacklists
acl bl_adult_dom      dstdomain -i "/path/to/blacklists/adult_domains"
acl bl_adult_url      url_regex -i "/path/to/blacklists/adult_urls"
acl bl_freemail_dom   dstdomain -i "/path/to/blacklists/freemail_domains"
acl bl_freemail_url   url_regex -i "/path/to/blacklists/freemail_urls"

# Règles d'accès
http_access allow manager localhost to_localhost
http_access deny  manager
http_access deny  !login
http_access deny  !Safe_ports
http_access deny  CONNECT !SSL_ports
http_access allow localhost

http_access deny bl_adult_dom
http_access deny bl_adult_url
http_access deny bl_freemail_dom
http_access deny bl_freemail_url

http_access allow users_marketing
http_access allow users_sales
http_access allow users_devel

http_access deny all

# Custom error pages
deny_info http://isak/portal/?redirect=%s login # Login failed

http_reply_access allow all
icp_access        allow  all
always_direct     allow all

# EOF
[edit]

Blacklists

If you need blacklists, take a look at Blacklists.

Retrieved from "http://isak.gplindustries.com/wiki/Squid3"