| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- #
- # Recommended minimum configuration:
- #
- acl SSL_ports port 443
- acl Safe_ports port 80 # http
- acl Safe_ports port 443 # https
- acl CONNECT method CONNECT
- acl 1984tech url_regex "squid/1984tech.conf"
- http_access deny 1984tech
- deny_info ERR_1984TECH 1984tech
- #
- # Recommended minimum Access Permission configuration:
- #
- # Deny requests to certain unsafe ports
- http_access deny !Safe_ports
- # Deny CONNECT to other than secure SSL ports
- http_access deny CONNECT !SSL_ports
- # Only allow cachemgr access from localhost
- http_access allow localhost manager
- http_access allow ALL
- http_access deny manager
- http_access deny to_localhost
- # Squid normally listens to port 3128
- http_port 127.0.0.1:3128 intercept options=NO_SSLv3:NO_SSLv2
- # указываем HTTPS порт с нужными опциями
- https_port 127.0.0.1:3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=squid/squidCA.pem
- always_direct allow all
- sslproxy_cert_error allow all
- sslproxy_flags DONT_VERIFY_PEER
- #укажем правило со списком блокируемых ресурсов (в файле домены вида .domain.com)
- acl blocked ssl::server_name_regex "squid/1984tech.conf"
- acl step1 at_step SslBump1
- ssl_bump peek step1
- #терминируем соединение, если клиент заходит на запрещенный ресурс
- ssl_bump terminate blocked
- ssl_bump splice all
- # Leave coredumps in the first cache dir
- coredump_dir /var/squid/cache
|
