Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I need a example of squid.conf to put in my PC, I want a simple example with all free! I don't want anything blocked.
It is just I conect free in my LAN.
Read the docs here http://www.squid-cache.org/ and there's a sample one in /etc/squid. Anyway here's mine, its from a Mandriva 2006 box with squid-2.5.STABLE10. It was generated automatically by Mandriva's Internet Connection Sharing setup wizard:
Code:
http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_dir diskd /var/spool/squid 100 16 256 cache_store_log none auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 half_closed_clients off acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow to_localhost acl mynetwork src 192.168.1.0/255.255.255.0 http_access allow mynetwork http_access allow localhost http_reply_access allow all icp_access allow all visible_hostname myfirewall@mydomain.com httpd_accel_host virtual httpd_accel_with_proxy on httpd_accel_uses_host_header on append_domain .mydomain err_html_text admin@mydomain.com deny_info ERR_CUSTOM_ACCESS_DENIED all memory_pools off coredump_dir /var/spool/squid ie_refresh on
Keep in mind that although it appears to restrict access to non-localhost machines to certain ports this doesn't actually have any effect unless you firewall outgoing access and force everything on your LAN to go through the Squid proxy. If you don't block outgoing access but instead redirect all outgoing http traffic to port 3128 this just functions as a normal transparent proxy (this is how I use it).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.