source: npl/internetserver/squid/squid.conf @ 0bdb49c

#       WELCOME TO SQUID 2
#       ------------------
#
#       This is the Syn-3 Squid configuration file. You may wish
#       to look at the Squid home page (http://www.squid-cache.org/)
#       for the FAQ and other documentation.

# NETWORK OPTIONS
# -----------------------------------------------------------------------------

#  TAG: http_port
#Default:
http_port 3128
http_port 3129 transparent

#  TAG: https_port
# Note: This option is only available if Squid is rebuilt with the
#       --enable-ssl option
#Default:
# none

#  TAG: ssl_unclean_shutdown
# Note: This option is only available if Squid is rebuilt with the
#       --enable-ssl option
#Default:
# ssl_unclean_shutdown off

#  TAG: icp_port
#Default:
# icp_port 3130

#  TAG: htcp_port
#Default:
# htcp_port 4827

#  TAG: mcast_groups
#Default:
# none

#  TAG: udp_incoming_address
#  TAG: udp_outgoing_address
#Default:
# udp_incoming_address 0.0.0.0
# udp_outgoing_address 255.255.255.255


# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------

#  TAG: cache_peer
#Default:
# none

#  TAG: cache_peer_domain
#Default:
# none

#  TAG: neighbor_type_domain
#Default:
# none

#  TAG: icp_query_timeout       (msec)
#Default:
# icp_query_timeout 0

#  TAG: maximum_icp_query_timeout       (msec)
#Default:
# maximum_icp_query_timeout 2000

#  TAG: mcast_icp_query_timeout (msec)
#Default:
# mcast_icp_query_timeout 2000

#  TAG: dead_peer_timeout       (seconds)
#Default:
# dead_peer_timeout 10 seconds

#  TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?

#  TAG: no_cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

#  TAG: cache_mem       (bytes)
#Default:
cache_mem 32 MB

#  TAG: cache_swap_low  (percent, 0-100)
#  TAG: cache_swap_high (percent, 0-100)
#Default:
# cache_swap_low 90
# cache_swap_high 95

#  TAG: maximum_object_size     (bytes)
#Default:
maximum_object_size 4096 KB

#  TAG: minimum_object_size     (bytes)
#Default:
# minimum_object_size 0 KB

#  TAG: maximum_object_size_in_memory   (bytes)
#Default:
# maximum_object_size_in_memory 8 KB

#  TAG: ipcache_size    (number of entries)
#  TAG: ipcache_low     (percent)
#  TAG: ipcache_high    (percent)
#       The size, low-, and high-water marks for the IP cache.
#
#Default:
# ipcache_size 1024
# ipcache_low 90
# ipcache_high 95

#  TAG: fqdncache_size  (number of entries)
#Default:
# fqdncache_size 1024

#  TAG: cache_replacement_policy
#Default:
# cache_replacement_policy lru

#  TAG: memory_replacement_policy
#Default:
# memory_replacement_policy lru


# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

#  TAG: cache_dir
cache_dir ufs /home/system/proxy/cache 2048 16 256

#  TAG: cache_access_log
access_log /var/log/squid/access.log

#  TAG: cache_log
cache_log none

#  TAG: cache_store_log
cache_store_log none

#  TAG: cache_swap_log
#Default:
# none

#  TAG: emulate_httpd_log       on|off
#Default:
# emulate_httpd_log off

#  TAG: log_ip_on_direct        on|off
#Default:
# log_ip_on_direct on

#  TAG: mime_table
#Default:
# mime_table /etc/mime.conf

#  TAG: log_mime_hdrs   on|off
#Default:
# log_mime_hdrs off

#  TAG: useragent_log
# Note: This option is only available if Squid is rebuilt with the
#       --enable-useragent-log option
#Default:
# none

#  TAG: referer_log
# Note: This option is only available if Squid is rebuilt with the
#       --enable-referer-log option
#Default:
# none

#  TAG: pid_filename
pid_filename /var/run/squid.pid

#  TAG: debug_options
#Default:
# debug_options ALL,1

#  TAG: log_fqdn        on|off
#Default:
# log_fqdn off

#  TAG: client_netmask
#Default:
# client_netmask 255.255.255.255


# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------

#  TAG: ftp_user
#Default:
# ftp_user Squid@

#  TAG: ftp_list_width
#Default:
# ftp_list_width 32

#  TAG: ftp_passive
#Default:
# ftp_passive on

#  TAG: ftp_sanitycheck
#Default:
# ftp_sanitycheck on

#  TAG: ftp_telnet_protocol
#Default:
# ftp_telnet_protocol on

#  TAG: cache_dns_program
# Note: This option is only available if Squid is rebuilt with the
#       --disable-internal-dns option
#Default:
# cache_dns_program /usr/bin/dnsserver

#  TAG: dns_children
# Note: This option is only available if Squid is rebuilt with the
#       --disable-internal-dns option
#Default:
# dns_children 5

#  TAG: dns_retransmit_interval
#Default:
# dns_retransmit_interval 5 seconds

#  TAG: dns_timeout
#Default:
# dns_timeout 2 minutes

#  TAG: dns_defnames    on|off
# Note: This option is only available if Squid is rebuilt with the
#       --disable-internal-dns option
#Default:
# dns_defnames off

#  TAG: dns_nameservers
#Default:
# none

#  TAG: hosts_file
hosts_file /etc/hosts

#  TAG: diskd_program
#Default:
# diskd_program /usr/bin/diskd

#  TAG: unlinkd_program
#Default:
# unlinkd_program /usr/bin/unlinkd

#  TAG: pinger_program
# Note: This option is only available if Squid is rebuilt with the
#       --enable-icmp option
#Default:
# pinger_program /usr/bin/pinger

#  TAG: redirect_program
#Default:
# none

#  TAG: redirect_children
#Default:
# redirect_children 5

#  TAG: redirect_rewrites_host_header
#Default:
# redirect_rewrites_host_header on

#  TAG: redirector_access
#Default:
# none

#  TAG: auth_param


#auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
#auth_param ntlm children 5
auth_param basic program /usr/bin/squid_ldap_auth -v 3 -u uid -b "ou=Users,dc=syn-3" -h ldap-master
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off



#  TAG: authenticate_cache_garbage_interval
#Default:
authenticate_cache_garbage_interval 1 minute

#  TAG: authenticate_ttl
#Default:
authenticate_ttl 1 minute

#  TAG: authenticate_ip_ttl
#Default:
# authenticate_ip_ttl 0 seconds

#  TAG: external_acl_type
#Default:
# none
external_acl_type ldap_group ttl=300 %LOGIN /usr/bin/squid_ldap_group -b "ou=Groups,dc=syn-3" -h ldap-master -f "(&(memberuid=%v)(cn=%a))"
external_acl_type wbinfo_group %LOGIN /usr/bin/wbinfo_group.pl

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

#  TAG: wais_relay_host
#  TAG: wais_relay_port
#       Relay WAIS request to host (1st arg) at port (2 arg).
#
#Default:
# wais_relay_port 0

#  TAG: request_header_max_size (KB)
#Default:
# request_header_max_size 20 KB

#  TAG: request_body_max_size   (KB)
#Default:
# request_body_max_size 0 KB

#  TAG: refresh_pattern
#Suggested default:
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

#  TAG: quick_abort_min (KB)
#  TAG: quick_abort_max (KB)
#  TAG: quick_abort_pct (percent)
#Default:
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95

#  TAG: negative_ttl    time-units
#Default:
# negative_ttl 5 minutes

#  TAG: positive_dns_ttl        time-units
#Default:
# positive_dns_ttl 6 hours

#  TAG: negative_dns_ttl        time-units
#Default:
# negative_dns_ttl 1 minute

#  TAG: range_offset_limit      (bytes)
#Default:
# range_offset_limit 0 KB


# TIMEOUTS
# -----------------------------------------------------------------------------

#  TAG: forward_timeout time-units
#Default:
# forward_timeout 4 minutes

#  TAG: connect_timeout time-units
#Default:
# connect_timeout 1 minute

#  TAG: peer_connect_timeout    time-units
#Default:
# peer_connect_timeout 30 seconds

#  TAG: read_timeout    time-units
#Default:
# read_timeout 15 minutes

#  TAG: request_timeout
#Default:
# request_timeout 5 minutes

#  TAG: persistent_request_timeout
#Default:
# persistent_request_timeout 1 minute

#  TAG: client_lifetime time-units
#Default:
# client_lifetime 1 day

#  TAG: half_closed_clients
#Default:
# half_closed_clients on

#  TAG: pconn_timeout
#Default:
# pconn_timeout 120 seconds

#  TAG: ident_timeout
#Default:
# ident_timeout 10 seconds

#  TAG: shutdown_lifetime       time-units
#Default:
shutdown_lifetime 1 seconds


# ACCESS CONTROLS
acl syn3SourceList_private_adressen src "/home/system/proxy/filterlists/SourceList_private_adressen"
acl syn3SourceList_All src "/home/system/proxy/filterlists/SourceList_All"
acl syn3PortList_SSL_Ports port "/home/system/proxy/filterlists/PortList_SSL_Ports"
acl syn3DestList_to_localhost dst "/home/system/proxy/filterlists/DestList_to_localhost"
acl syn3SourceList_localhost src "/home/system/proxy/filterlists/SourceList_localhost"
acl syn3PortList_Safe_ports port "/home/system/proxy/filterlists/PortList_Safe_ports"
acl syn3domainIP_Default url_regex "/home/system/proxy/filterlists/domainIP_Default"
acl syn3Group_Internet external ldap_group Internet
acl syn3ReqPro_Management_protocol proto "/home/system/proxy/filterlists/ReqPro_Management_protocol"
acl syn3ReqHead_CONNECT method "/home/system/proxy/filterlists/ReqHead_CONNECT"

#  TAG: http_access
http_access deny syn3ReqPro_Management_protocol
http_access deny !syn3PortList_Safe_ports
http_access deny !syn3PortList_SSL_Ports syn3ReqHead_CONNECT
http_access deny syn3DestList_to_localhost
http_access allow syn3SourceList_localhost
http_access deny !syn3SourceList_private_adressen
http_access allow syn3SourceList_All
#syn3default_rules

#  TAG: http_reply_access
#Default:
# http_reply_access allow all
#
#Recommended minimum configuration:
# Insert your own rules here.
# and finally allow by default
http_reply_access allow syn3SourceList_All

#  TAG: icp_access
#Default:
# icp_access deny all
#
#Allow ICP queries from everyone
icp_access allow syn3SourceList_All

#  TAG: miss_access
#Default setting:
miss_access allow syn3SourceList_All

#  TAG: follow_x_forwarded_for
follow_x_forwarded_for allow syn3SourceList_localhost


#  TAG: cache_peer_access
#Default:
# none

#  TAG: ident_lookup_access
#Default:
ident_lookup_access deny syn3SourceList_All

#  TAG: tcp_outgoing_tos
#Default:
# none

#  TAG: tcp_outgoing_address
#Default:
# none

#  TAG: reply_header_max_size   (KB)
#Default:
# reply_header_max_size 20 KB

#  TAG: reply_body_max_size     bytes allow|deny acl acl...
#Default:
reply_body_max_size 0 allow syn3SourceList_All


# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

#  TAG: cache_mgr
#Default:
# cache_mgr webmaster

#  TAG: cache_effective_user
#Default:
cache_effective_user nobody

#  TAG: cache_effective_group
#Default:
cache_effective_group nogroup

#  TAG: visible_hostname
#Default:
# none

#  TAG: unique_hostname
#Default:
# none

#  TAG: hostname_aliases
#Default:
# none


# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------

#  TAG: announce_period
#Default:
# announce_period 0
#
#To enable announcing your cache, just uncomment the line below.
#announce_period 1 day

#  TAG: announce_host
#  TAG: announce_file
#  TAG: announce_port
#Default:
# announce_host tracker.ircache.net
# announce_port 3131


# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------

#  TAG: httpd_accel_host
#  TAG: httpd_accel_port
#Default:
# httpd_accel_port 80

#  TAG: httpd_accel_single_host on|off
#Default:
# httpd_accel_single_host off

#  TAG: httpd_accel_with_proxy  on|off
#Default:
# httpd_accel_with_proxy off

#  TAG: httpd_accel_uses_host_header    on|off
#Default:
# httpd_accel_uses_host_header off


# MISCELLANEOUS
# -----------------------------------------------------------------------------

#  TAG: dns_testnames
#Default:
# dns_testnames netscape.com internic.net nlanr.net microsoft.com

#  TAG: logfile_rotate
#Default:
# logfile_rotate 10

#  TAG: append_domain
#Default:
# none

#  TAG: tcp_recv_bufsize        (bytes)
#Default:
# tcp_recv_bufsize 0 bytes

#  TAG: err_html_text
#Default:
# none

#  TAG: deny_info
#Default:
# none

#  TAG: memory_pools    on|off
#Default:
# memory_pools on

#  TAG: memory_pools_limit      (bytes)
#Default:
# memory_pools_limit 5 MB

#  TAG: forwarded_for   on|off
#Default:
# forwarded_for on

#  TAG: log_icp_queries on|off
#Default:
# log_icp_queries on

#  TAG: icp_hit_stale   on|off
#Default:
# icp_hit_stale off

#  TAG: minimum_direct_hops
#Default:
# minimum_direct_hops 4

#  TAG: minimum_direct_rtt
#Default:
# minimum_direct_rtt 400

#  TAG: cachemgr_passwd
#Default:
# none

#  TAG: store_avg_object_size   (kbytes)
#Default:
# store_avg_object_size 13 KB

#  TAG: store_objects_per_bucket
#Default:
# store_objects_per_bucket 20

#  TAG: client_db       on|off
#Default:
# client_db on

#  TAG: netdb_low
#  TAG: netdb_high
#Default:
# netdb_low 900
# netdb_high 1000

#  TAG: netdb_ping_period
#Default:
# netdb_ping_period 5 minutes

#  TAG: query_icmp      on|off
#Default:
# query_icmp off

#  TAG: test_reachability       on|off
#Default:
# test_reachability off

#  TAG: buffered_logs   on|off
#Default:
# buffered_logs off

#  TAG: reload_into_ims on|off
#Default:
# reload_into_ims off

#  TAG: always_direct
#Default:
# none

#  TAG: never_direct
#Default:
# none

#  TAG: header_access
#       Usage: header_access header_name allow|deny [!]aclname ...
#
#       WARNING: Doing this VIOLATES the HTTP standard.  Enabling
#       this feature could make you liable for problems which it
#       causes.
#Default:
# none

#  TAG: header_replace
#       By default, headers are removed if denied.
#Default:
# none

#  TAG: icon_directory
#       Where the icons are stored. These are normally kept in
#Default:
# icon_directory /usr/share/icons

#  TAG: short_icon_urls
#Default:
# short_icon_urls off

#  TAG: error_directory
#Default:
# error_directory /usr/share/errors/English

#  TAG: maximum_single_addr_tries
#Default:
# maximum_single_addr_tries 1

#  TAG: snmp_port
#Default:
# snmp_port 3401

#  TAG: snmp_access
#Example:
# snmp_access allow snmppublic localhost
# snmp_access deny all
#
#Default:
# snmp_access deny all

#  TAG: snmp_incoming_address
#  TAG: snmp_outgoing_address
#Default:
# snmp_incoming_address 0.0.0.0
# snmp_outgoing_address 255.255.255.255

#  TAG: as_whois_server
#Default:
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net

#  TAG: wccp_router
#       Use this option to define your WCCP ``home'' router for
#       Squid.   Setting the 'wccp_router' to 0.0.0.0 (the default)
#       disables WCCP.
#
#Default:
# wccp_router 0.0.0.0

#  TAG: wccp_version
#Default:
# wccp_version 4

#  TAG: wccp_incoming_address
#  TAG: wccp_outgoing_address
#Default:
# wccp_incoming_address 0.0.0.0
# wccp_outgoing_address 255.255.255.255


# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------

#  TAG: delay_pools
# Note: This option is only available if Squid is rebuilt with the
#       --enable-delay-pools option
#Default:
# delay_pools 0

#  TAG: delay_class
# Note: This option is only available if Squid is rebuilt with the
#       --enable-delay-pools option
#Default:
# none

#  TAG: delay_access
# Note: This option is only available if Squid is rebuilt with the
#       --enable-delay-pools option
#Default:
# none

#  TAG: delay_parameters
# Note: This option is only available if Squid is rebuilt with the
#       --enable-delay-pools option
#delay_parameters pool aggregate
#delay_parameters pool aggregate individual
#delay_parameters pool aggregate network individual
#delay_parameters 1 -1/-1 8000/8000
#delay_parameters 2 32000/32000 8000/8000 600/8000
#Default:
# none

#  TAG: delay_initial_bucket_level      (percent, 0-100)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-delay-pools option
#Default:
# delay_initial_bucket_level 50

#  TAG: incoming_icp_average
#  TAG: incoming_http_average
#  TAG: incoming_dns_average
#  TAG: min_icp_poll_cnt
#  TAG: min_dns_poll_cnt
#  TAG: min_http_poll_cnt
#       Heavy voodoo here.  I can't even believe you are reading this.
#       Are you crazy?  Don't even think about adjusting these unless
#       you understand the algorithms in comm_select.c first!
#
#Default:
# incoming_icp_average 6
# incoming_http_average 4
# incoming_dns_average 4
# min_icp_poll_cnt 8
# min_dns_poll_cnt 8
# min_http_poll_cnt 8

#  TAG: max_open_disk_fds
#Default:
# max_open_disk_fds 0

#  TAG: offline_mode
#Default:
# offline_mode off

#  TAG: uri_whitespace
#Default:
# uri_whitespace strip

#  TAG: broken_posts
#Default:
# none

#  TAG: mcast_miss_addr
# Note: This option is only available if Squid is rebuilt with the
#       -DMULTICAST_MISS_STREAM option
#Default:
# mcast_miss_addr 255.255.255.255

#  TAG: mcast_miss_ttl
# Note: This option is only available if Squid is rebuilt with the
#       -DMULTICAST_MISS_TTL option
#Default:
# mcast_miss_ttl 16

#  TAG: mcast_miss_port
# Note: This option is only available if Squid is rebuilt with the
#       -DMULTICAST_MISS_STREAM option
#Default:
# mcast_miss_port 3135

#  TAG: mcast_miss_encode_key
# Note: This option is only available if Squid is rebuilt with the
#       -DMULTICAST_MISS_STREAM option
#Default:
# mcast_miss_encode_key XXXXXXXXXXXXXXXX

#  TAG: nonhierarchical_direct
#Default:
# nonhierarchical_direct on

#  TAG: prefer_direct
#Default:
# prefer_direct off

#  TAG: strip_query_terms
#       By default, Squid strips query terms from requested URLs before
#       logging.  This protects your user's privacy.
#
#Default:
# strip_query_terms on

#  TAG: coredump_dir
#Default:
# coredump_dir none
#
# Leave coredumps in the first cache dir
coredump_dir /var/cache

#  TAG: redirector_bypass
#Default:
# redirector_bypass off

#  TAG: ignore_unknown_nameservers
#Default:
# ignore_unknown_nameservers on

#  TAG: digest_generation
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#Default:
# digest_generation on

#  TAG: digest_bits_per_entry
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#Default:
# digest_bits_per_entry 5

#  TAG: digest_rebuild_period   (seconds)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#Default:
# digest_rebuild_period 1 hour

#  TAG: digest_rewrite_period   (seconds)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#Default:
# digest_rewrite_period 1 hour

#  TAG: digest_swapout_chunk_size       (bytes)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#Default:
# digest_swapout_chunk_size 4096 bytes

#  TAG: digest_rebuild_chunk_percentage (percent, 0-100)
# Note: This option is only available if Squid is rebuilt with the
#       --enable-cache-digests option
#Default:
# digest_rebuild_chunk_percentage 10

#  TAG: chroot
#Default:
# none

#  TAG: client_persistent_connections
#  TAG: server_persistent_connections
#Default:
# client_persistent_connections on
# server_persistent_connections on

#  TAG: detect_broken_pconn
#Default:
# detect_broken_pconn off

#  TAG: balance_on_multiple_ip
#Default:
# balance_on_multiple_ip on

#  TAG: pipeline_prefetch
#Default:
# pipeline_prefetch off

#  TAG: extension_methods
#Default:
# none

#  TAG: request_entities
#Default:
# request_entities off

#  TAG: high_response_time_warning      (msec)
#Default:
# high_response_time_warning 0

#  TAG: high_page_fault_warning
#Default:
# high_page_fault_warning 0

#  TAG: high_memory_warning
#Default:
# high_memory_warning 0

#  TAG: store_dir_select_algorithm
#Default:
# store_dir_select_algorithm least-load

#  TAG: forward_log
#Default:
# none

#  TAG: ie_refresh      on|off
#Default:
# ie_refresh off

#  TAG: vary_ignore_expire      on|off
#Default:
# vary_ignore_expire off

#  TAG: sleep_after_fork        (microseconds)
#Default:
# sleep_after_fork 0