-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsquid_http_proxy.conf
51 lines (42 loc) · 1.57 KB
/
squid_http_proxy.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
visible_hostname squid-friendly-proxy
maximum_object_size 512 MB
maximum_object_size_in_memory 10240 KB
cache_dir aufs {{ settings.cache_dir }} {{ settings.cache_size_mb }} 16 256
{%- if settings.listen_ip is iterable and settings.listen_ip is not string %}
{%- for ipaddr in settings.listen_ip %}
http_port {{ ipaddr }}:{{ settings.listen_port }}
{%- endfor %}
{%- else %}
{%- if settings.listen_ip == "*" or settings.listen_ip == "" %}
http_port {{ settings.listen_port }}
{%- else %}
http_port {{ settings.listen_ip }}:{{ settings.listen_port }}
{%- endif %}
{%- endif %}
acl safe_http_s port 80
acl safe_http_s port 443
# hardening: disable unused protocols
icp_port 0
htcp_port 0
icp_access deny all
htcp_access deny all
# don't cache domains not listed in the mirrors file
#cache deny !to_archive_mirrors
cache allow all
# only allow ports we trust
http_access deny !safe_http_s
# safety: protect innocent [web] applications running on the proxy server who think the only one who can access services on "localhost" is a local user
http_access deny to_localhost
# allow access from all nets defined as local
http_access allow localnet
# speed up shutdown
shutdown_lifetime 2 second
# refresh pattern for debs and udebs
refresh_pattern deb$ 129600 100% 129600
refresh_pattern udeb$ 129600 100% 129600
refresh_pattern tar.gz$ 129600 100% 129600
refresh_pattern tar.xz$ 129600 100% 129600
refresh_pattern tar.bz2$ 129600 100% 129600
# handle meta-release and changelogs.ubuntu.com special
# (fine to have this on debian too)
refresh_pattern changelogs.ubuntu.com\/.* 0 1% 1