Mageia Bugzilla – Attachment 5698 Details for
Bug 14775
drakgw: web-browser can only access outside world through https
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
New squid.conf that works with squid-3.3.13-1.1.mga4
squid.conf (text/plain), 2.32 KB, created by
Bjarne Thomsen
on 2014-12-12 18:33:09 CET
(
hide
)
Description:
New squid.conf that works with squid-3.3.13-1.1.mga4
Filename:
MIME Type:
Creator:
Bjarne Thomsen
Created:
2014-12-12 18:33:09 CET
Size:
2.32 KB
patch
obsolete
># ># Recommended minimum configuration: ># ># test by "squid -k pars" ># ># Example rule allowing access from your local networks. ># Adapt to list your (internal) IP networks from where browsing ># should be allowed >acl localnet src 192.168.0.0/16 # RFC1918 possible internal network >acl mynetwork src 192.168.5.0/24 > >acl SSL_ports port 443 >acl Safe_ports port 80 # http >acl Safe_ports port 21 # ftp >acl Safe_ports port 443 # https >acl Safe_ports port 70 # gopher >acl Safe_ports port 210 # wais >acl Safe_ports port 1025-65535 # unregistered ports >acl Safe_ports port 280 # http-mgmt >acl Safe_ports port 488 # gss-http >acl Safe_ports port 591 # filemaker >acl Safe_ports port 777 # multiling http >acl CONNECT method CONNECT > ># ># Recommended minimum Access Permission configuration: ># ># Deny requests to certain unsafe ports >http_access deny !Safe_ports > ># Deny CONNECT to other than secure SSL ports >http_access deny CONNECT !SSL_ports > ># Only allow cachemgr access from localhost >http_access allow localhost manager >http_access deny manager > ># We strongly recommend the following be uncommented to protect innocent ># web applications running on the proxy server who think the only ># one who can access services on "localhost" is a local user >#http_access deny to_localhost > ># ># INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS ># > ># Example rule allowing access from your local networks. ># Adapt localnet in the ACL section to list your (internal) IP networks ># from where browsing should be allowed >http_access allow mynetwork >http_access allow localnet >http_access allow localhost >http_reply_access allow all >icp_access allow all > >visible_hostname windbox >append_domain .astronomy >err_html_text admin@astronomy >deny_info ERR_CACHE_ACCESS_DENIED all > ># Squid normally listens to port 3128 >http_port 3128 intercept >http_port 8080 > ># Uncomment and adjust the following to add a disk cache directory. >cache_dir ufs /var/spool/squid 100 16 256 >cache_store_log none > ># Leave coredumps in the first cache dir >memory_pools off >coredump_dir /var/spool/squid >ie_refresh on > ># ># Add any of your own refresh_pattern entries above these. ># >refresh_pattern ^ftp: 1440 20% 10080 >refresh_pattern ^gopher: 1440 0% 1440 >refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 >refresh_pattern . 0 20% 4320 >shutdown_lifetime 5 seconds >cache_effective_user squid >cache_effective_group squid
# # Recommended minimum configuration: # # test by "squid -k pars" # # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl mynetwork src 192.168.5.0/24 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow mynetwork http_access allow localnet http_access allow localhost http_reply_access allow all icp_access allow all visible_hostname windbox append_domain .astronomy err_html_text admin@astronomy deny_info ERR_CACHE_ACCESS_DENIED all # Squid normally listens to port 3128 http_port 3128 intercept http_port 8080 # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /var/spool/squid 100 16 256 cache_store_log none # Leave coredumps in the first cache dir memory_pools off coredump_dir /var/spool/squid ie_refresh on # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 shutdown_lifetime 5 seconds cache_effective_user squid cache_effective_group squid
View Attachment As Raw
Actions:
View
Attachments on
bug 14775
: 5698