.. meta::
  :navigation.name: Squid configuration

Squid example configuration
===========================

/etc/squid.conf::
  
  # Hint: if you get the error "unable to forward request",
  # restart the WebCleaner proxy and reload the squid configuration
  
  # This is an example Squid 2.x configuration for WebCleaner.
  # Copy it into /etc/squid.conf and you have the following
  # constellation:
  # HTTP request --> Squid Proxy --> WebCleaner Proxy --> Internet
  # FTP request  --> Squid Proxy --> Internet
  # This way, you are caching only filtered, "clean" HTML files :)
  
  # You must configure your browser to use the Squid Proxy (running
  # at localhost, port 3128) for HTTP and FTP queries.
  # Remember, only localhost can connect to this squid proxy
  
  # Squid port is 3128; change it if you like
  # http_port 3128
  
  # disable icp
  icp_port 0
  
  # the WebCleaner parent proxy
  # Remember to configure WebCleaner to run on port 8080 or change the
  # port number below
  cache_peer 127.0.0.1 parent 8080 0 no-query no-digest
  # if you enabled a WebCleaner user and password use this instead:
  # cache_peer 127.0.0.1 parent 8080 0 no-query no-digest login=myuser:mypassword
  
  
  # some acls
  acl QUERY urlpath_regex cgi-bin \?
  no_cache deny QUERY
  
  # hihihi
  ftp_user postmaster@aol.com
  
  # proxy authentication examples; if you use one of these, also enable the
  # "myauth" acl below
  # note: used paths are for a Debian Linux system, adjust as needed
  
  # basic authentication
  # basic.passwd was generated with the htpasswd(1)
  #auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/basic.passwd
  #auth_param basic realm This is my basic auth
  #auth_param basic children 5
  #auth_param basic credentialsttl 2 hours
  
  # digest authentication
  # digest.passwd has the password:user in cleartext, eg calvin:calvin
  #auth_param digest program /usr/lib/squid/digest_pw_auth /etc/squid/digest.passwd
  #auth_param digest realm This is my digest auth
  #auth_param digest children 5
  
  # ntlm authentication (note the double backslash)
  #auth_param ntlm program /usr/lib/squid/ntlm_auth -d LOCALHOST\\bob
  #auth_param ntlm children 5
  #auth_param ntlm max_challenge_reuses 0
  #auth_param ntlm max_challenge_lifetime 2 minutes
  
  
  # Recommended minimum configuration:
  acl all src 0.0.0.0/0.0.0.0
  acl manager proto cache_object
  acl localhost src 127.0.0.1/255.255.255.255
  acl SSL_ports port 443 563
  acl Safe_ports port 80		# http
  acl Safe_ports port 21		# ftp
  acl Safe_ports port 443 563		# https, snews
  acl Safe_ports port 70		# gopher
  acl Safe_ports port 210		# wais
  acl Safe_ports port 1025-65535	# unregistered ports
  acl Safe_ports port 280		# http-mgmt
  acl Safe_ports port 488		# gss-http
  acl Safe_ports port 591		# filemaker
  acl Safe_ports port 631		# cups
  acl Safe_ports port 777		# multiling http
  acl Safe_ports port 901		# SWAT
  acl purge method PURGE
  acl CONNECT method CONNECT
  acl FTP proto FTP
  
  # authentication configuration:
  #acl myauth proxy_auth REQUIRED
  
  
  # Only allow cachemgr access from localhost
  http_access allow manager localhost
  http_access deny manager
  # Only allow purge requests from localhost
  http_access allow purge localhost
  http_access deny purge
  # Deny requests to unknown ports
  http_access deny !Safe_ports
  # Deny CONNECT to other than SSL ports
  http_access deny CONNECT !SSL_ports
  
  # my own rules
  http_access allow localhost
  # And finally deny all other access to this proxy
  http_access deny all
  
  # no X-Forwarded-For header
  forwarded_for off
  
  # allow direct ftp, all other redirect to parent
  always_direct allow FTP
  always_direct deny all
  
  # allow redirect to parent
  never_direct allow all
