#
# ACCESS CONTROLS
#----------------------------------------------------------------------------
# ACL
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl Bad_ports port 1-65535acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 123 # time
acl Safe_ports port 25 993 # mail
acl Safe_ports port 443 # https
acl Safe_ports port 3128 # squid-proxy
acl Safe_ports port 5900 # vnc
acl Safe_ports2 port 443 5060 5190 5222 5523 11024 18630 32830 28680 # icq, qip
acl Safe_ports2 port 2041 2042 # mail agent
acl Safe_ports port 4001-4005 3639 19223 1433 3052 # R-Keaper
acl Safe_ports port 87 20 21 1020-1024 # Amicon
acl CONNECT method CONNECT
# HTTP ACCESS
http_access allow manager localhost
http_access deny manager
http_access allow CONNECT SSL_ports
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl our_network src 10.0.0.0/24
acl office src 10.0.0.20
acl full-access src 10.0.0.40
acl marketing src 10.0.0.50
# ACL RULES IN FILES
acl bad_url url_regex "/etc/squid/acl/bad_url.domain"
acl mail url_regex "/etc/squid/acl/mail.domain"
acl icq dstdomain "/etc/squid/acl/icq.dst"
acl icq2 dst "/etc/squid/acl/icq2.dst"
acl for_marketing url_regex "/etc/squid/acl/for_marketing.domain"
acl upload url_regex "/etc/squid/acl/upload.domain"
acl filetypes urlpath_regex -i "/etc/squid/acl/filetypes.acl"
acl banners url_regex "/etc/squid/acl/ads.acl"
# FLASH ACL
acl media rep_mime_type video/flv video/x-flv
acl media rep_mime_type application/x-shockwave-flash
acl media rep_mime_type -i video/mp4
acl media rep_mime_type -i video/flv
acl media rep_mime_type -t audio/x-scpls
acl media rep_mime_type -i ^application/x-shockwave-flash$
acl media rep_mime_type -i ^application/octet-stream$
acl media rep_mime_type -i application/octet-stream
acl media rep_mime_type -i ^application/x-mplayer2$
acl media rep_mime_type -i application/x-mplayer2
acl media rep_mime_type -i ^application/x-oleobject$
acl media rep_mime_type -i application/x-oleobject
acl media rep_mime_type -i application/x-pncmd
acl media rep_mime_type -i ^video/x-ms-asf$
acl media2 req_mime_type -i ^application/octet-stream$
acl media2 req_mime_type -i application/octet-stream
acl media2 req_mime_type -i ^application/x-mplayer2$
acl media2 req_mime_type -i application/x-mplayer2
acl media2 req_mime_type -i ^application/x-oleobject$
acl media2 req_mime_type -i application/x-oleobject
acl media2 req_mime_type -i application/x-pncmd
acl media2 req_mime_type -i ^video/x-ms-asf$
acl mediapr urlpath_regex \.flv(\?.*)?$
acl mediapr urlpath_regex \.swf(\?.*)?$
# ALLOW SAFE PORTS
http_access allow Safe_ports full-access
http_reply_access allow Safe_ports full-access
http_access allow Safe_ports2 full-access
http_reply_access allow Safe_ports2 full-access
http_access allow Safe_ports marketing
http_reply_access allow Safe_ports marketing
http_access allow Safe_ports2 marketing
http_reply_access allow Safe_ports2 marketing
http_access allow Safe_ports office
http_reply_access allow Safe_ports office
http_access allow Safe_ports our_network
http_reply_access allow Safe_ports our_network
# DENY BAD PORTS
http_access deny Bad_ports full-access
http_reply_access deny Bad_ports full-access
http_access deny Bad_ports marketing
http_reply_access deny Bad_ports marketing
http_access deny Safe_ports2 office
http_reply_access deny Safe_ports2 office
http_access deny Bad_ports office
http_reply_access deny Bad_ports office
http_access deny Safe_ports2 our_networ
khttp_reply_access deny Safe_ports2 our_network
http_access deny Bad_ports our_network
http_reply_access deny Bad_ports our_network
# DENY ACCESS GROUP 2 FOR MARKETING
http_access deny for_marketing marketing
# DENY ACCESS GROUP 3 FOR STANDART USERS
http_access deny bad_url office
http_access deny mail office
http_access deny icq office
http_access deny icq2 office
http_access deny for_marketing office
http_access deny upload office
http_access deny filetypes office
http_access deny banners office
# DENY ACCESS GROUP 4 FOR ALL GUESTS
http_access deny bad_url our_network
http_access deny mail our_network
http_access deny icq our_network
http_access deny icq2 our_network
http_access deny for_marketing our_network
http_access deny upload our_network
http_access deny filetypes our_network
http_access deny banners our_network
http_access deny mediapr our_network
http_reply_access deny media our_network
http_reply_access deny media2 our_network
http_access allow our_network
http_access allow full-access
http_access allow office
http_access allow marketing
http_access deny all
# DELAY SPEED POOLS
delay_pools 3
delay_class 1 1
delay_class 2 2
delay_class 3 2
delay_access 1 allow full-access
delay_access 1 deny all
delay_access 2 allow office
delay_access 2 allow marketing
delay_access 2 deny all
delay_access 3 allow our_network
delay_access 3 deny all
delay_parameters 1 -1/-1
delay_parameters 2 500000/500000 31250/31250
delay_parameters 3 125000/125000 12500/12500
# HTTP REPLY ACCESS
icp_access allow all
#
# NETWORK OPTIONS
#------------------------------------------------------------------------
# HTTP PORT
http_port 3128 transparent
visible_hostname centOS
hierarchy_stoplist cgi-bin ?
# CASHE OPTIONS
cache_mem 256 MB
cache_dir ufs /var/spool/squid 2048 16 256
cache_mgr admin@
cache_effective_user squid
cache_effective_group squid
always_direct allow allforwarded_for off
#
# LOGFILE OPTIONS
# -----------------------------------------------------------------------------
# ACCESS LOG
access_log /var/log/squid/access.log squid
Вариант для распечатки
