2squid配置文件.pdf
文本预览下载声明
2.squid配置文件
# 目前防火墙配置 (80 基本网页;30061 新邮件端口;5000 case端口;)
# ptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 3128
# ptables -t nat -A PREROUTING -p tcp --dport 30061 -j REDIRECT --to-ports 3128
# ptables -t nat -A PREROUTING -p tcp --dport 5000 -j REDIRECT --to-ports 3128
# Example rule allow ng access from your local networks.
# Adapt to l st your ( nternal) IP networks from where brows ng
# should be allowed
acl localnet src /8 # RFC1918 poss ble nternal network
acl localnet src /12 # RFC1918 poss ble nternal network
acl localnet src /16 # RFC1918 poss ble nternal network
acl localnet src fc00::/7 # RFC 4193 local pr vate network range
acl localnet src fe80::/10 # RFC 4291 l nk-local (d rectly plugged) mach nes
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wa s
acl Safe_ports port 1025-65535 # unreg stered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # f lemaker
acl Safe_ports port 777 # mult l ng http
acl CONNECT method CONNECT
acl broken302 http_status 110 400-404 302 500-505
http_access deny broken302
#
# Recommended m n mum Access Perm ss on conf gurat on:
#
# Deny requests to certa n unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports
#http_access allow CONNECT SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
acl QQupload req_m me_type - text/octet
no_cache deny QQupload
# We strongly recommend the follow ng be uncommented to protect nnocent
# web appl cat ons runn ng on the proxy server who th nk the only
# one who can access serv
显示全部