# Listening http_port 3128 https_port 3129 tls-cert=/etc/squid/ssl/SLPXYP01.tips-of-mine.crt tls-key=/etc/squid/ssl/SLPXYP01.tips-of-mine.key # Logging access_log daemon:/var/log/squid/access.log common access_log syslog:local7.info common # Log to syslog sent to QRadar for Login Sécurité # Local networks acl localnet dst 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN) acl localnet dst 10.0.0.0/23 # RFC 1918 local private network (LAN) acl localnet dst 100.64.0.0/10 # RFC 6598 shared address space (CGN) acl localnet dst 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines acl localnet dst 172.16.0.0/12 # RFC 1918 local private network (LAN) acl localnet dst 192.168.0.0/16 # RFC 1918 local private network (LAN) acl localnet dst fc00::/7 # RFC 4193 local private network range acl localnet dst fe80::/10 # RFC 4291 link-local (directly plugged) machines acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl https_port port 443 acl http_port port 80 acl ftp_port port 21 acl sftp_port port 22 acl ftp_port port 990 acl 993_port port 993 acl 8080_port port 8080 acl ftp proto FTP always_direct allow FTP # Deny requests to certain unsafe ports #http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports #http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # Deny localhost http_access allow localhost # No using proxy to access local network http_access deny localnet cache deny all include /etc/squid/conf.d/* include /etc/squid/conf.d/01-dev/* include /etc/squid/conf.d/02-rec/* include /etc/squid/conf.d/03-preprod/* include /etc/squid/conf.d/04-prod/* # And finally deny all other access to this proxy http_access deny all