-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsquid.conf
More file actions
56 lines (40 loc) · 1.36 KB
/
squid.conf
File metadata and controls
56 lines (40 loc) · 1.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
# Squid proxy for domain-based allowlisting
# Supports HTTPS CONNECT and HTTP to allowed domains only
# Domain allowlist (file-based for hot-reload via squid -k reconfigure)
acl allowed_domains dstdomain "/etc/squid/allowed-domains.txt"
# Port definitions
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443
acl CONNECT method CONNECT
# Deny non-safe ports
http_access deny !Safe_ports
# Deny CONNECT to non-SSL ports
http_access deny CONNECT !SSL_ports
# Allow CONNECT (HTTPS) to allowed domains
http_access allow CONNECT allowed_domains
# Allow HTTP to allowed domains
http_access allow allowed_domains
# Deny everything else
http_access deny all
# Listening port
http_port 3128
# Use Docker's embedded DNS resolver
dns_nameservers 127.0.0.11
# Log to files writable by the squid user (squid drops privileges,
# so it can't write to /dev/stdout or /dev/stderr).
# Debug with: docker exec agent2-proxy cat /var/log/squid/access.log
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
# No caching — pure forwarding proxy
cache deny all
# Suppress version in error pages and headers
httpd_suppress_version_string on
# Fast shutdown for container stop
shutdown_lifetime 1 seconds
# Suppress hostname warning
visible_hostname proxy
# PID file
pid_filename /run/squid.pid
# Coredump directory (required by squid)
coredump_dir /var/cache/squid