AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Thunderbird and gmail9/10/2023 ![]() ![]() Url_rewrite_children 20 startup=5 idle=5 concurrency=0 Url_rewrite_program /usr/sbin/ufdbgclient -l /var/log/squid ![]() Ssl_bump splice all peek at TLS/SSL connect data splice: no active bumping Enable squidGuard Sslproxy_cipher ALL:!SSLv2:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL TLS/SSL bumping definitionsĪcl tls_s3_server_hello at_step SslBump3 TLS/SSL bumping steps Sslproxy_options NO_SSLv2,NO_SSLv3,No_Compression Https_port 3130 intercept ssl-bump generate-host-certificates=off cert=/etc/pki/tls/certs/NSRV.crt key=/etc/pki/tls/private/NSRV.key sslflags=NO_DEFAULT_CA options=NO_SSLv2,NO_SSLv3,No_Compression dynamic_cert_mem_cache_size=128KB Http_port 3129 transparent Enable SSL transparent proxy Refresh_pattern (+.|)(download|(windows|)update|).(microsoft.|)com/.*.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims Always enable manual proxy Http_access allow localnet And finally deny all other access to this proxyĬache_mem 256 MB Leave coredumps in the first cache dirĬoredump_dir /var/spool/squid Add any of your own refresh_pattern entries above these. Url_rewrite_access deny self localnet self_port No authentication on green and trusted networks Http_access deny manager Skip URL rewriter for local addresses Http_access deny CONNECT !SSL_ports Only allow cachemgr access from localhost ![]() Http_access deny !Safe_ports Deny CONNECT to other than secure SSL ports Http_access allow localhost Deny requests to certain unsafe ports No_cache deny no_cache Allow access from green and trusted networks.Īcl localnet_dst src 192.168.0.0/24 Safe portsĪcl SSL_ports port 980 # httpd-admin (server-manager)Īcl Safe_ports port 1025-65535 # unregistered portsĪcl Safe_ports port 980 # httpd-admin (server-manager)Īcl CONNECT method CONNECT 20acl_00_portscustom Allow access from localhost ![]() # Uncomment this to enable debugĪcl no_cache dstdomain "/etc/squid/acls/no_cache.acl" ![]()
0 Comments
Read More
Leave a Reply. |