Re: [squid-users] transparent Proxy from Tarak Ranjan on 2007-11-01 (squid-users)

From: Tarak Ranjan <tarak.ranjan@dont-contact.us>
Date: Thu, 01 Nov 2007 17:39:00 +0530

> [Tom replied with:]
>
> More information about your configuration is needed.
>
> Are you using a transparent proxy? If not, then your users could easily
> add their own proxy settings and bypass squid. If you are using squid in
> transparent mode, then your firewall rules redirecting port 80 traffic
> to squid are needed.
>
> I know the topic of blocking access to anonymous proxies has been
> discussed numerous times here, but nobody seems to have a solution.
>

here is my complete squid.conf file.....
[tarak@tarak Desktop]$ cat squid.conf | sed '/ *#/d; /^ *$/d'
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl blocksites dstdomain "/etc/squid/squid-block.acl"
acl blockfiles urlpath_regex “/etc/squid/multimedia.files.acl”
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
deny_info ERR_BLOCKED_FILES blockfiles
http_reply_access deny blockfiles
http_access deny blocksites
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl lk_network src 192.168.1.0/24
http_access allow lk_network
always_direct deny local-servers1
always_direct deny local-servers2
http_access allow localhost
http_access deny all
  http_reply_access allow all
icp_access allow all
http_port 192.168.1.3:8080 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
  cache_mem 8 MB
  cache_dir ufs /var/spool/squid 100 16 256
access_log /var/log/squid/access.log squid
  cache_log /var/log/squid/cache.log
  cache_store_log none
  logfile_rotate 7
  pid_filename /var/run/squid.pid
  log_fqdn off
  ftp_passive on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
  cache_mgr tarak.ranjan@liqwidkrystal.com
coredump_dir /var/spool/squid

----
Thanks & Regards,
______________
Tarak Ranjan Mukherjee
IS-Team
Liqwid Krystal India Pvt Ltd
T: 91 80  2509 1790 Ext. 107
E: tarak.ranjan@liqwidkrystal.com
IM: reachtarak@hotmail.com
Online Learning|Certification|Learning Solutions :
www.liqwidkrystal.com

Received on Thu Nov 01 2007 - 06:05:17 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Dec 01 2007 - 12:00:01 MST