Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Arsen Abaev2015-12-13 04:21:18
Debian
Arsen Abaev, 2015-12-13 04:21:18

Help with SQUID rules on a remote server?

Good day, the customer wanted to be able to control access to certain sites for certain employees. Installed squid 3.3.8 on hetzner server.
Squid is configured with password access so that no one else can use the proxy.
Access by passwords is provided, but how to tighten the rules so that access to certain sites is cut, and for certain users the rights are not limited?
config

http_port 3128
icp_port  0

cache_mem 256 MB
memory_replacement_policy lru
maximum_object_size_in_memory 512 KB

cache_dir ufs /var/spool/squid3 2048 16 256
cache_replacement_policy lru
minimum_object_size 3 KB
maximum_object_size 10 MB

cache_swap_low 90
cache_swap_high 95

access_log /var/log/squid3/access.log squid
logfile_rotate 12

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .                 0     20%     4320

dns_nameservers 192.168.1.1 8.8.4.4
positive_dns_ttl 6 hours
negative_dns_ttl 1 minutes

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/password
auth_param basic children 5
auth_param basic realm ProxyServer
auth_param basic credentialsttl 12 hour

acl password proxy_auth REQUIRED
acl localnet src 192.168.1.0/24 # RFC 1918 possible internal network
acl SSL_ports port 443 # https
acl SSL_ports port 22 # ssh
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 22 # ssh
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT
acl url_no_filtred ident test
acl blacklist url_regex -i "/etc/squid3/blacklist"

http_access allow  password
http_access deny blacklist !url_no_filtred
http_access allow localnet
http_access allow Safe_ports
http_access allow CONNECT SSL_ports
http_access deny all

request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all

debug_options ALL,1 33,2

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
C
c00ldev2019-12-12 11:55:34
How can I achieve this behavior on a button? 1Reply
K
Kamil2019-04-27 20:05:48
How to record what goes to DROP along the Iptables chain? 1Reply
F
fdroid2016-12-04 00:25:35
Are there analogues of Hyper Backup for Debian\Ubuntu? 0Reply
H
Hosting Yaroslavl2019-05-01 12:08:11
Debian/VPS: how to put a CMS (like Joomla/Wordpress) into RAM? 3Reply
S
Stanislav2016-12-05 07:57:24
Which console/web GUI tool should I choose to manage users and groups in Debian 7? 4Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question