diff options
Diffstat (limited to 'data/templates/squid/squid.conf.tmpl')
-rw-r--r-- | data/templates/squid/squid.conf.tmpl | 111 |
1 files changed, 0 insertions, 111 deletions
diff --git a/data/templates/squid/squid.conf.tmpl b/data/templates/squid/squid.conf.tmpl deleted file mode 100644 index e8627b022..000000000 --- a/data/templates/squid/squid.conf.tmpl +++ /dev/null @@ -1,111 +0,0 @@ -### generated by service_webproxy.py ### - -acl net src all -acl SSL_ports port 443 -acl Safe_ports port 80 # http -acl Safe_ports port 21 # ftp -acl Safe_ports port 443 # https -acl Safe_ports port 873 # rsync -acl Safe_ports port 70 # gopher -acl Safe_ports port 210 # wais -acl Safe_ports port 1025-65535 # unregistered ports -acl Safe_ports port 280 # http-mgmt -acl Safe_ports port 488 # gss-http -acl Safe_ports port 591 # filemaker -acl Safe_ports port 777 # multiling http -acl CONNECT method CONNECT - -{% if authentication is vyos_defined %} -{% if authentication.children is vyos_defined %} -auth_param basic children {{ authentication.children }} -{% endif %} -{% if authentication.credentials_ttl is vyos_defined %} -auth_param basic credentialsttl {{ authentication.credentials_ttl }} minute -{% endif %} -{% if authentication.realm is vyos_defined %} -auth_param basic realm "{{ authentication.realm }}" -{% endif %} -{# LDAP based Authentication #} -{% if authentication.method is vyos_defined %} -{% if authentication.ldap is vyos_defined and authentication.method is vyos_defined('ldap') %} -auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' ~ authentication.ldap.bind_dn ~ '"' if authentication.ldap.bind_dn is vyos_defined }} {{ '-w "' ~ authentication.ldap.password ~ '"' if authentication.ldap.password is vyos_defined }} {{ '-f "' ~ authentication.ldap.filter_expression ~ '"' if authentication.ldap.filter_expression is vyos_defined }} {{ '-u "' ~ authentication.ldap.username_attribute ~ '"' if authentication.ldap.username_attribute is vyos_defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is vyos_defined }} -R -h "{{ authentication.ldap.server }}" -{% endif %} -acl auth proxy_auth REQUIRED -http_access allow auth -{% endif %} -{% endif %} - -http_access allow manager localhost -http_access deny manager -http_access deny !Safe_ports -http_access deny CONNECT !SSL_ports -http_access allow localhost -http_access allow net -http_access deny all - -{% if reply_block_mime is vyos_defined %} -{% for mime_type in reply_block_mime %} -acl BLOCK_MIME rep_mime_type {{ mime_type }} -{% endfor %} -http_reply_access deny BLOCK_MIME -{% endif %} - -{% if cache_size is vyos_defined %} -{% if cache_size | int > 0 %} -cache_dir ufs /var/spool/squid {{ cache_size }} 16 256 -{% else %} -# disabling disk cache -{% endif %} -{% endif %} -{% if mem_cache_size is vyos_defined %} -cache_mem {{ mem_cache_size }} MB -{% endif %} -{% if disable_access_log is vyos_defined %} -access_log none -{% else %} -access_log /var/log/squid/access.log squid -{% endif %} - -{# by default we'll disable the store log #} -cache_store_log none - -{% if append_domain is vyos_defined %} -append_domain {{ append_domain }} -{% endif %} -{% if maximum_object_size is vyos_defined %} -maximum_object_size {{ maximum_object_size }} KB -{% endif %} -{% if minimum_object_size is vyos_defined %} -minimum_object_size {{ minimum_object_size }} KB -{% endif %} -{% if reply_body_max_size is vyos_defined %} -reply_body_max_size {{ reply_body_max_size }} KB -{% endif %} -{% if outgoing_address is vyos_defined %} -tcp_outgoing_address {{ outgoing_address }} -{% endif %} - - -{% if listen_address is vyos_defined %} -{% for address, config in listen_address.items() %} -http_port {{ address | bracketize_ipv6 }}:{{ config.port if config.port is vyos_defined else default_port }} {{ 'intercept' if config.disable_transparent is not vyos_defined }} -{% endfor %} -{% endif %} -http_port 127.0.0.1:{{ default_port }} - -{# NOT insert the client address in X-Forwarded-For header #} -forwarded_for off - -{# SquidGuard #} -{% if url_filtering.disable is not vyos_defined and url_filtering.squidguard is vyos_defined %} -url_rewrite_program /usr/bin/squidGuard -c {{ squidguard_conf }} -url_rewrite_children 8 -url_rewrite_bypass on -{% endif %} - -{% if cache_peer is vyos_defined %} -{% for peer, config in cache_peer.items() %} -cache_peer {{ config.address }} {{ config.type }} {{ config.http_port }} {{ config.icp_port }} {{ config.options }} -{% endfor %} -never_direct allow all -{% endif %} |