Tips-Of-Mine/Docker
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

all

Browse Source
This commit is contained in:
Hubert Cornet
2024-04-21 14:42:52 +02:00
parent 4b69674ede
commit 8a25f53c99
10700 changed files with 55767 additions and 14201 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
Systeme/Squid/squid.conf Normal file
View File

@ -0,0 +1,70 @@
# Listening
http_port 3128
https_port 3129 tls-cert=/etc/squid/ssl/SLPXYP01.tips-of-mine.crt tls-key=/etc/squid/ssl/SLPXYP01.tips-of-mine.key
# Logging
access_log daemon:/var/log/squid/access.log common
access_log syslog:local7.info common # Log to syslog sent to QRadar for Login Sécurité
# Local networks
acl localnet dst 0.0.0.1-0.255.255.255 # RFC 1122 "this" network (LAN)
acl localnet dst 10.0.0.0/23 # RFC 1918 local private network (LAN)
acl localnet dst 100.64.0.0/10 # RFC 6598 shared address space (CGN)
acl localnet dst 169.254.0.0/16 # RFC 3927 link-local (directly plugged) machines
acl localnet dst 172.16.0.0/12 # RFC 1918 local private network (LAN)
acl localnet dst 192.168.0.0/16 # RFC 1918 local private network (LAN)
acl localnet dst fc00::/7 # RFC 4193 local private network range
acl localnet dst fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl https_port port 443
acl http_port port 80
acl ftp_port port 21
acl sftp_port port 22
acl ftp_port port 990
acl 993_port port 993
acl 8080_port port 8080
acl ftp proto FTP
always_direct allow FTP
# Deny requests to certain unsafe ports
#http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
#http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
# Deny localhost
http_access allow localhost
# No using proxy to access local network
http_access deny localnet
cache deny all
include /etc/squid/conf.d/*
include /etc/squid/conf.d/01-dev/*
include /etc/squid/conf.d/02-rec/*
include /etc/squid/conf.d/03-preprod/*
include /etc/squid/conf.d/04-prod/*
# And finally deny all other access to this proxy
http_access deny all