Aller à : navigation, rechercher

SAMBA - Fichier squid.conf

Exemple de fichier /etc/squid/squid.conf. Les modifications par rapports à un fichier de base expurgé des ses commentaires ont été mises en gras

visible_hostname srvproxy.mondomaine.lan
http_port 3128
#Authentification automatique via Kerberos 
auth_param negotiate program /usr/lib/squid3/negotiate_kerberos_auth -d -s HTTP/srvproxy.mondomaine.lan@MONDOMAINE.LAN
auth_param negotiate children 20 startup=30
auth_param negotiate keep_alive off

# Authentification LDAP pour ceux qui ne sont pas en Kerberos 
auth_param basic program /usr/lib/squid3/basic_ldap_auth -d -b "dc=mondomaine,dc=lan" -D "cn=squid,CN=Users,dc=mondomaine,dc=lan" -W /etc/squid3/ldap_passwd.txt -v 3 -f "sAMAccountName=%s" -s sub -H ldap://srvads.mondomaine.lan
auth_param basic children 10
auth_param basic realm Proxy MON DOMAINE


acl localnet src 192.168.0.0/16

acl SSL_ports port 443 		# https and FTP
acl SSL_ports port 563		# snews
acl SSL_ports port 873		# rsync

acl Safe_ports port 80		# http
acl Safe_ports port 443		# https
acl Safe_ports port 563		# snews
acl Safe_ports port 873		# rsync
acl Safe_ports port 21		# ftp
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl Safe_ports port 631		# cups
acl Safe_ports port 873		# rsync
acl Safe_ports port 901		# SWAT

#acl purge method PURGE
acl http proto http
acl port_80 port 80
acl port_443 port 443
acl port_2390 port 2390
acl CONNECT method CONNECT
acl auth proxy_auth REQUIRED



# Puis on passe a l'authentification
http_access allow auth

http_access allow manager localhost
http_access deny manager
http_access deny CONNECT
http_access deny CONNECT !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost



http_access deny all
icp_access allow localnet
icp_access deny all
hosts_file /etc/hosts