Header_access Content-Disposition allow all # header list ( DENY all - ALLOW listed ) Header_replace User-Agent OurBrowser/1.0 (Some Name) # redirect_program /etc/squid/squid_Īcl Safe_method method CONNECT GET HEAD POST # acl ads dstdom_regex "/etc/squid/ad_block.txt" Logformat combined %>A %>h" %Ss:%ShĪccess_log /var/log/squid/access.log combined # no-trust for on-the-fly Content-Encoding Http_access deny maxuserconn limitusercon Both formats are available to make it easier for you to review the code. To protect our internal browsers squid will deny all headers except those specifically listed and obfuscate the Accept and User-Agent headers anonymizing our browsers.īelow you will find the link to the nf example file and below that is the same nf file in a text box. This config only allows access by the internal LAN (10.10.10/28), applies short timeouts for connections and enables the "anti-ad server" modification. Since our example network has unlimited bandwidth and it is fast, we are _not_ going to use caching. This machine is accessing a low latency, high speed and un-metered Internet connection. This squid proxy configuration is setup to be a non-caching secure proxy for HTTP and HTTPS only. The best part is Squid is Open Source and completely free. As an added bonus Squid will keep logs of every URL, search query and server your network accesses for future review. Squid gives you the ability to enforce the rules you set down for your home network. Pages can be blocked by URL or ip address and you can even setup times your children can access the web. You can setup search parameters that stop pages from loading if certain words are found on the remote page. It can run on a separate machine inaccessible to children thus securing it from tampering. If you are a parent and need to filter web access at home then Squid is the perfect tool. If you want to block clients from logging into, but still allow them to look at, any external sites like Gmail then filtering the "authorization" header will do it.
Squid also allows one to limit the headers a client can send and receive. If you need to block MySpace or YouTube or if you only allow the latest version of Firefox outside your network, you have that ability. If you have a policy stating no one can access CNN unless it is lunch time between 12noon and 2pm then you have that control. Squid allows you to enforce policies with your users. It can be used to protect internal lans from questionable servers and provide accounting of where clients go and what servers clients are allowed to go to. Squid is a caching proxy for the Web supporting HTTP, HTTPS and FTP.
0 kommentar(er)
