### generated by service_webproxy.py ### acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl net src all acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 873 # rsync acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT {% if domain_block is defined and domain_block is not none %} {% for domain in domain_block %} acl BLOCKDOMAIN dstdomain {{ domain }} {% endfor %} http_access deny BLOCKDOMAIN {% endif %} {% if authentication is defined and authentication is not none %} {% if authentication.children is defined and authentication.children is not none %} auth_param basic children {{ authentication.children }} {% endif %} {% if authentication.credentials_ttl is defined and authentication.credentials_ttl is not none %} auth_param basic credentialsttl {{ authentication.credentials_ttl }} minute {% endif %} {% if authentication.realm is defined and authentication.realm is not none %} auth_param basic realm "{{ authentication.realm }}" {% endif %} {# LDAP based Authentication #} {% if authentication.method is defined and authentication.method is not none %} {% if authentication.ldap is defined and authentication.ldap is not none and authentication.method == 'ldap' %} auth_param basic program /usr/lib/squid/basic_ldap_auth -v {{ authentication.ldap.version }} -b "{{ authentication.ldap.base_dn }}" {{ '-D "' + authentication.ldap.bind_dn + '"' if authentication.ldap.bind_dn is defined }} {{ '-w "' + authentication.ldap.password + '"' if authentication.ldap.password is defined }} {{ '-f "' + authentication.ldap.filter_expression + '"' if authentication.ldap.filter_expression is defined }} {{ '-u "' + authentication.ldap.username_attribute + '"' if authentication.ldap.username_attribute is defined }} -p {{ authentication.ldap.port }} {{ '-ZZ' if authentication.ldap.use_ssl is defined }} -R -h "{{ authentication.ldap.server }}" {% endif %} acl auth proxy_auth REQUIRED http_access allow auth {% endif %} {% endif %} http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow net http_access deny all {% if reply_block_mime is defined and reply_block_mime is not none %} {% for mime_type in reply_block_mime %} acl BLOCK_MIME rep_mime_type {{ mime_type }} {% endfor %} http_reply_access deny BLOCK_MIME {% endif %} {% if cache_size is defined and cache_size is not none %} {% if cache_size | int > 0 %} cache_dir ufs /var/spool/squid {{ cache_size }} 16 256 {% else %} # disabling disk cache {% endif %} {% endif %} {% if mem_cache_size is defined and mem_cache_size is not none %} cache_mem {{ mem_cache_size }} MB {% endif %} {% if disable_access_log is defined %} access_log none {% else %} access_log /var/log/squid/access.log squid {% endif %} {# by default we'll disable the store log #} cache_store_log none {% if append_domain is defined and append_domain is not none %} append_domain {{ append_domain }} {% endif %} {% if maximum_object_size is defined and maximum_object_size is not none %} maximum_object_size {{ maximum_object_size }} KB {% endif %} {% if minimum_object_size is defined and minimum_object_size is not none %} minimum_object_size {{ minimum_object_size }} KB {% endif %} {% if reply_body_max_size is defined and reply_body_max_size is not none %} reply_body_max_size {{ reply_body_max_size }} KB {% endif %} {% if outgoing_address is defined and outgoing_address is not none %} tcp_outgoing_address {{ outgoing_address }} {% endif %} {% if listen_address is defined and listen_address is not none %} {% for address, config in listen_address.items() %} http_port {{ address }}:{{ config.port if config.port is defined else default_port }} {{ 'intercept' if config.disable_transparent is not defined }} {% endfor %} {% endif %} http_port 127.0.0.1:{{ default_port }} {# NOT insert the client address in X-Forwarded-For header #} forwarded_for off {# SquidGuard #} {% if url_filtering is defined and url_filtering.disable is not defined %} {% if url_filtering.squidguard is defined and url_filtering.squidguard is not none %} url_rewrite_program /usr/bin/squidGuard -c {{ squidguard_conf }} url_rewrite_children 8 url_rewrite_bypass on {% endif %} {% endif %} {% if cache_peer is defined and cache_peer is not none %} {% for peer, config in cache_peer.items() %} cache_peer {{ config.address }} {{ config.type }} {{ config.http_port }} {{ config.icp_port }} {{ config.options }} {% endfor %} never_direct allow all {% endif %}