update

squid/conf.d/01-dev/SWBKPD01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWBKPD01
+#
+
+acl SWBKPD01_dev src SWBKPD01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWBKPD01_dev git.tips-of-mine ftp_port
+http_access allow SWBKPD01_dev git.tips-of-mine http_port
+http_access allow SWBKPD01_dev git.tips-of-mine https_port
+http_access allow SWBKPD01_dev glpi.tips-of-mine http_port
+http_access allow SWBKPD01_dev glpi.tips-of-mine https_port

squid/conf.d/01-dev/SWDCD01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWDCD01
+#
+
+acl SWDCD01_dev src SWDCD01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWDCD01_dev git.tips-of-mine ftp_port
+http_access allow SWDCD01_dev git.tips-of-mine http_port
+http_access allow SWDCD01_dev git.tips-of-mine https_port
+http_access allow SWDCD01_dev glpi.tips-of-mine http_port
+http_access allow SWDCD01_dev glpi.tips-of-mine https_port

squid/conf.d/01-dev/SWFILD01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWFILD01
+#
+
+acl SWFILD01_dev src SWFILD01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWFILD01_dev git.tips-of-mine ftp_port
+http_access allow SWFILD01_dev git.tips-of-mine http_port
+http_access allow SWFILD01_dev git.tips-of-mine https_port
+http_access allow SWFILD01_dev glpi.tips-of-mine http_port
+http_access allow SWFILD01_dev glpi.tips-of-mine https_port

squid/conf.d/01-dev/SWRDSD01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWRDSD01
+#
+
+acl SWRDSD01_dev src SWRDSD01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWRDSD01_dev git.tips-of-mine ftp_port
+http_access allow SWRDSD01_dev git.tips-of-mine http_port
+http_access allow SWRDSD01_dev git.tips-of-mine https_port
+http_access allow SWRDSD01_dev glpi.tips-of-mine http_port
+http_access allow SWRDSD01_dev glpi.tips-of-mine https_port

squid/conf.d/02-rec/SWBKPR01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWBKPR01
+#
+
+acl SWBKPR01_rec src SWBKPR01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWBKPR01_rec git.tips-of-mine ftp_port
+http_access allow SWBKPR01_rec git.tips-of-mine http_port
+http_access allow SWBKPR01_rec git.tips-of-mine https_port
+http_access allow SWBKPR01_rec glpi.tips-of-mine http_port
+http_access allow SWBKPR01_rec glpi.tips-of-mine https_port

squid/conf.d/02-rec/SWDCR01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWDCR01
+#
+
+acl SWDCR01_rec src SWDCR01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWDCR01_rec git.tips-of-mine ftp_port
+http_access allow SWDCR01_rec git.tips-of-mine http_port
+http_access allow SWDCR01_rec git.tips-of-mine https_port
+http_access allow SWDCR01_rec glpi.tips-of-mine http_port
+http_access allow SWDCR01_rec glpi.tips-of-mine https_port

squid/conf.d/02-rec/SWFILR01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWFILR01
+#
+
+acl SWFILR01_rec src SWFILR01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWFILR01_rec git.tips-of-mine ftp_port
+http_access allow SWFILR01_rec git.tips-of-mine http_port
+http_access allow SWFILR01_rec git.tips-of-mine https_port
+http_access allow SWFILR01_rec glpi.tips-of-mine http_port
+http_access allow SWFILR01_rec glpi.tips-of-mine https_port

squid/conf.d/02-rec/SWRDSR01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWRDSR01
+#
+
+acl SWRDSR01_rec src SWRDSR01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWRDSR01_rec git.tips-of-mine ftp_port
+http_access allow SWRDSR01_rec git.tips-of-mine http_port
+http_access allow SWRDSR01_rec git.tips-of-mine https_port
+http_access allow SWRDSR01_rec glpi.tips-of-mine http_port
+http_access allow SWRDSR01_rec glpi.tips-of-mine https_port

squid/conf.d/03-preprod/SWBKPO01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWBKPO01
+#
+
+acl SWBKPO01_preprod src SWBKPO01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWBKPO01_preprod git.tips-of-mine ftp_port
+http_access allow SWBKPO01_preprod git.tips-of-mine http_port
+http_access allow SWBKPO01_preprod git.tips-of-mine https_port
+http_access allow SWBKPO01_preprod glpi.tips-of-mine http_port
+http_access allow SWBKPO01_preprod glpi.tips-of-mine https_port

squid/conf.d/03-preprod/SWDCO01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWDCO01
+#
+
+acl SWDCO01_preprod src SWDCO01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWDCO01_preprod git.tips-of-mine ftp_port
+http_access allow SWDCO01_preprod git.tips-of-mine http_port
+http_access allow SWDCO01_preprod git.tips-of-mine https_port
+http_access allow SWDCO01_preprod glpi.tips-of-mine http_port
+http_access allow SWDCO01_preprod glpi.tips-of-mine https_port

squid/conf.d/03-preprod/SWFILO01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWFILO01
+#
+
+acl SWFILO01_preprod src SWFILO01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWFILO01_preprod git.tips-of-mine ftp_port
+http_access allow SWFILO01_preprod git.tips-of-mine http_port
+http_access allow SWFILO01_preprod git.tips-of-mine https_port
+http_access allow SWFILO01_preprod glpi.tips-of-mine http_port
+http_access allow SWFILO01_preprod glpi.tips-of-mine https_port

squid/conf.d/03-preprod/SWRDSO01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWRDSO01
+#
+
+acl SWRDSO01_preprod src SWRDSO01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWRDSO01_preprod git.tips-of-mine ftp_port
+http_access allow SWRDSO01_preprod git.tips-of-mine http_port
+http_access allow SWRDSO01_preprod git.tips-of-mine https_port
+http_access allow SWRDSO01_preprod glpi.tips-of-mine http_port
+http_access allow SWRDSO01_preprod glpi.tips-of-mine https_port

squid/conf.d/04-prod/SWBKPP01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWBKPP01
+#
+
+acl SWBKPP01_prod src SWBKPP01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWBKPP01_prod git.tips-of-mine ftp_port
+http_access allow SWBKPP01_prod git.tips-of-mine http_port
+http_access allow SWBKPP01_prod git.tips-of-mine https_port
+http_access allow SWBKPP01_prod glpi.tips-of-mine http_port
+http_access allow SWBKPP01_prod glpi.tips-of-mine https_port

squid/conf.d/04-prod/SWDCP01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWDCP01
+#
+
+acl SWDCP01_prod src SWDCP01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWDCP01_prod git.tips-of-mine ftp_port
+http_access allow SWDCP01_prod git.tips-of-mine http_port
+http_access allow SWDCP01_prod git.tips-of-mine https_port
+http_access allow SWDCP01_prod glpi.tips-of-mine http_port
+http_access allow SWDCP01_prod glpi.tips-of-mine https_port

squid/conf.d/04-prod/SWFILP01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWFILP01
+#
+
+acl SWFILP01_prod src SWFILP01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWFILP01_prod git.tips-of-mine ftp_port
+http_access allow SWFILP01_prod git.tips-of-mine http_port
+http_access allow SWFILP01_prod git.tips-of-mine https_port
+http_access allow SWFILP01_prod glpi.tips-of-mine http_port
+http_access allow SWFILP01_prod glpi.tips-of-mine https_port

squid/conf.d/04-prod/SWRDSP01.conf

@@ -0,0 +1,14 @@
+#
+# Squid configuration settings for only SWRDSP01
+#
+
+acl SWRDSP01_prod src SWRDSP01.tips-of-mine.local
+
+acl git.tips-of-mine dstdomain git.tips-of-mine.fr
+acl glpi.tips-of-mine dstdomain glpi.tips-of-mine.fr
+
+http_access allow SWRDSP01_prod git.tips-of-mine ftp_port
+http_access allow SWRDSP01_prod git.tips-of-mine http_port
+http_access allow SWRDSP01_prod git.tips-of-mine https_port
+http_access allow SWRDSP01_prod glpi.tips-of-mine http_port
+http_access allow SWRDSP01_prod glpi.tips-of-mine https_port

squid/conf.d/linux.conf

@@ -0,0 +1,38 @@
+#
+# Squid configuration settings for all linux
+#
+
+# Logs are managed by logrotate on Debian
+logfile_rotate 0
+
+# For extra security Debian packages only allow
+# localhost to use the proxy on new installs
+#
+#http_access allow localnet
+acl gitlab dstdomain gitlab.com
+acl github dstdomain github.com
+acl api_github dstdomain api.github.com
+acl security_debian dstdomain security.debian.org
+acl deb_debian dstdomain deb.debian.org
+acl ftp_debian dstdomain ftp.debian.org
+acl packages_sury dstdomain packages.sury.org
+acl pear_php dstdomain pear.php.net
+acl packages_adoptium dstdomain packages.adoptium.net
+acl raw_githubusercontent dstdomain raw.githubusercontent.com
+acl odeload_github dstdomain codeload.github.com
+acl packagist dstdomain packagist.org
+acl repo_packagist dstdomain repo.packagist.org
+
+http_access allow gitlab
+http_access allow github 
+http_access allow api_github
+http_access allow security_debian
+http_access allow deb_debian
+http_access allow ftp_debian
+http_access allow packages_sury
+http_access allow pear_php
+http_access allow packages_adoptium
+http_access allow raw_githubusercontent  https_port
+http_access allow odeload_github https_port
+http_access allow packagist https_port
+http_access allow repo_packagist

squid/conf.d/windows.conf

@@ -0,0 +1,38 @@
+#
+# Squid configuration settings for all windows
+#
+
+# Logs are managed by logrotate on Debian
+logfile_rotate 0
+
+# For extra security Debian packages only allow
+# localhost to use the proxy on new installs
+#
+#http_access allow localnet
+acl gitlab dstdomain gitlab.com
+acl github dstdomain github.com
+acl api_github dstdomain api.github.com
+acl security_debian dstdomain security.debian.org
+acl deb_debian dstdomain deb.debian.org
+acl ftp_debian dstdomain ftp.debian.org
+acl packages_sury dstdomain packages.sury.org
+acl pear_php dstdomain pear.php.net
+acl packages_adoptium dstdomain packages.adoptium.net
+acl raw_githubusercontent dstdomain raw.githubusercontent.com
+acl odeload_github dstdomain codeload.github.com
+acl packagist dstdomain packagist.org
+acl repo_packagist dstdomain repo.packagist.org
+
+http_access allow gitlab
+http_access allow github 
+http_access allow api_github
+http_access allow security_debian
+http_access allow deb_debian
+http_access allow ftp_debian
+http_access allow packages_sury
+http_access allow pear_php
+http_access allow packages_adoptium
+http_access allow raw_githubusercontent  https_port
+http_access allow odeload_github https_port
+http_access allow packagist https_port
+http_access allow repo_packagist

squid/squid.conf

@@ -0,0 +1,70 @@
+# Listening
+
+http_port 3128
+https_port 3129 tls-cert=/etc/squid/ssl/SLPXYP01.tips-of-mine.crt tls-key=/etc/squid/ssl/SLPXYP01.tips-of-mine.key
+
+# Logging
+
+access_log daemon:/var/log/squid/access.log common
+access_log syslog:local7.info common # Log to syslog sent to QRadar for Login Sécurité
+
+# Local networks
+acl localnet dst 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
+acl localnet dst 10.0.0.0/23	        # RFC 1918 local private network (LAN)
+acl localnet dst 100.64.0.0/10		    # RFC 6598 shared address space (CGN)
+acl localnet dst 169.254.0.0/16 	    # RFC 3927 link-local (directly plugged) machines
+acl localnet dst 172.16.0.0/12		    # RFC 1918 local private network (LAN)
+acl localnet dst 192.168.0.0/16		    # RFC 1918 local private network (LAN)
+acl localnet dst fc00::/7       	    # RFC 4193 local private network range
+acl localnet dst fe80::/10      	    # RFC 4291 link-local (directly plugged) machines
+
+acl SSL_ports port 443
+acl Safe_ports port 80		# http
+acl Safe_ports port 21		# ftp
+acl Safe_ports port 443		# https
+acl Safe_ports port 70		# gopher
+acl Safe_ports port 210		# wais
+acl Safe_ports port 1025-65535	# unregistered ports
+acl Safe_ports port 280		# http-mgmt
+acl Safe_ports port 488		# gss-http
+acl Safe_ports port 591		# filemaker
+acl Safe_ports port 777		# multiling http
+acl CONNECT method CONNECT
+
+acl https_port port 443
+acl http_port port 80
+acl ftp_port port 21
+acl sftp_port port 22
+acl ftp_port port 990
+acl 993_port port 993
+acl 8080_port port 8080
+
+acl ftp proto FTP
+always_direct allow FTP
+
+# Deny requests to certain unsafe ports
+#http_access deny !Safe_ports
+
+# Deny CONNECT to other than secure SSL ports
+#http_access deny CONNECT !SSL_ports
+
+# Only allow cachemgr access from localhost
+http_access allow localhost manager
+http_access deny manager
+
+# Deny localhost
+http_access allow localhost
+
+# No using proxy to access local network
+http_access deny localnet
+
+cache deny all
+
+include /etc/squid/conf.d/*
+include /etc/squid/conf.d/01-dev/*
+include /etc/squid/conf.d/02-rec/*
+include /etc/squid/conf.d/03-preprod/*
+include /etc/squid/conf.d/04-prod/*
+
+# And finally deny all other access to this proxy
+http_access deny all