RE: [squid-users] Allow connect specify https website

From: Niti Lohwithee <nitil@dont-contact.us>
Date: Mon, 5 Jul 2004 08:23:51 +0700

Hi ALL

Any advice ?

Regards
Niti : )

-----Original Message-----
From: Niti Lohwithee
Sent: Thursday, July 01, 2004 2:24 PM
To: Muthukumar; squid-users@squid-cache.org
Cc: Chettha Nitipongvanich; Krittiya Japakasetr
Subject: RE: [squid-users] Allow connect specify https website

hai,

    Give the full acl rule settings with it's file contents and
http_access rules.
    specify the authentication settings params and timeouts.

Regards,
Muthukumar.

---
===============  It is a "Virus Free Mail" =============== Checked by
AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.712 / Virus Database: 468 - Release Date: 6/27/2004
	I use the squid2.5 stable1 with kernal 2.4.xx. I use the default
parameter for all timeouts
Squid configuration
#################################
authenication section
#################################
auth_param basic program /squid/bin/ncsa_auth /squid/etc/passwd
auth_param basic children 64 auth_param basic realm Squid proxy-caching
web server auth_param basic credentialsttl 2 hours
#######################
#Access List for policy
########################
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl scb_port port 9000 443 563         # scb port 9000
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl NationWeb_ports port 700         # nation web site use to send
online data
acl http7779_port port 7779             # for access www.dbd.go.th
acl CONNECT method CONNECT
acl bothost dstdomain "/usr/local/squid/etc/filter_bot_domain.txt"
acl filter_local_domain dstdomain
"/usr/local/squid/etc/filter_local_domain.txt"
acl filter_dmz_domain dstdomain
"/usr/local/squid/etc/filter_dmz_domain.txt"
acl filter_special_domain dstdomain
"/usr/local/squid/etc/filter_special_domain.txt"
acl filter_intranet_host dst
"/usr/local/squid/etc/filter_intranet_host.txt"
acl filter_pager_domain dstdomain
"/usr/local/squid/etc/filter_pager_domain.txt"
acl filter_pager_host dst "/usr/local/squid/etc/filter_pager_host.txt"
acl dataone  dst "/usr/local/squid/etc/dataone.txt"
acl filter_pager_url url_regex
"/usr/local/squid/etc/filter_pager_url.txt"
acl ais900 url_regex ^http://www.ais900.com/vas
acl ais900path urlpath_regex \.gif$
acl filter_x_domain dstdomain "/usr/local/squid/etc/filter_x_domain.txt"
acl filter_x_domain2 dstdomain
"/usr/local/squid/etc/filter_x_domain2.txt"
acl host_allowed src "/usr/local/squid/etc/host_allowed.txt"
acl host_secureid src "/usr/local/squid/etc/host_secureid.txt"
acl host_cho src "/usr/local/squid/etc/host_cho.txt"
acl host_special src "/usr/local/squid/etc/host_special.txt"
acl filter_spedia_user src "/usr/local/squid/etc/filter_spedia_user.txt"
acl filter_badip src "/usr/local/squid/etc/filter_badip.txt"
###########  Add acl at here ########################
acl special_domain dstdomain "/usr/local/squid/etc/allow_ssl.txt
#################################################
acl passwd proxy_auth REQUIRED
acl userbot proxy_auth sctbot
acl user_scb proxy_auth "/usr/local/squid/etc/filter_scb_user.txt"
acl worktime time 07:30-16:30
acl sunday time S
acl saturday time A
acl service_ftp proto FTP
Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access allow scb_port user_scb
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow NationWeb_ports
http_access allow filter_local_domain
http_access allow filter_special_domain
http_access allow filter_intranet_host
http_access allow filter_pager_domain
http_access allow filter_pager_host
http_access allow dataone
http_access allow filter_pager_url
http_access allow ais900 ais900path
http_access deny filter_x_domain
http_access deny filter_x_domain2
http_access deny filter_spedia_user
http_access deny filter_badip
http_access allow host_secureid
http_access allow host_special
############ Add http access at here#####
http_access deny SSL_Ports !special_domain
#####################################
http_access deny !bothost userbot
http_access allow host_allowed passwd
http_access deny all
File [special_domain.txt]
    .tac.co.th
File [host_allow.txt ]
   all Intranet ip address
Any Advice "
Regards and Thank you in advance
Niti
Received on Sun Jul 04 2004 - 19:21:50 MDT

This archive was generated by hypermail pre-2.1.9 : Sun Aug 01 2004 - 12:00:01 MDT