Re: [squid-users] deny downloads

From: Rajesh <rajesh@dont-contact.us>
Date: Mon, 28 Apr 2003 11:08:40 +1000 (EST)

Hi,

Here is my squid config. Please have a look and let me know if I made any
mistake.

http_port 0.0.0.0:3128
icp_port 3130
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
cache_peer proxy.ozemail.com.au Parent 8080 3130 no-query default
cache_peer proxymel.ozemail.com.au Parent 8080 3130
cache_peer px2.mel.aone.net.au Parent 80 3130
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
no_cache Deny QUERY
no_cache Deny NOCACHE
cache_mem 8388608 bytes
cache_swap_low 90
cache_swap_high 95
maximum_object_size 2097152 bytes
minimum_object_size 0 bytes
maximum_object_size_in_memory 8192 bytes
ipcache_size 2048
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy lru
memory_replacement_policy lru
cache_dir ufs /mnt/cache 500 16 256
cache_access_log /opt/local/pkgs/squid-2.5.STABLE1/var/logs/access.log
cache_log /opt/local/pkgs/squid-2.5.STABLE1/var/logs/cache.log
cache_store_log none
emulate_httpd_log on
log_ip_on_direct on
mime_table /opt/local/pkgs/squid-2.5.STABLE1/etc/mime.conf
log_mime_hdrs off
pid_filename /opt/local/pkgs/squid-2.5.STABLE1/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
dns_retransmit_interval 5 seconds
dns_timeout 300 seconds
hosts_file /etc/hosts
diskd_program /opt/local/pkgs/squid-2.5.STABLE1/libexec/
unlinkd_program /opt/local/pkgs/squid-2.5.STABLE1/libexec/unlinkd
redirect_program /opt/local/pkgs/squidGuard/bin/squidGuard
redirect_program -c
redirect_program /opt/local/pkgs/squidGuard/conf/filter.conf
redirect_children 20
redirect_rewrites_host_header on
auth_param basic
auth_param basic realm Squid proxy-caching web server
auth_param basic children 5
auth_param basic credentialsttl 7200 seconds
authenticate_cache_garbage_interval 3600 seconds
authenticate_ttl 3600 seconds
authenticate_ip_ttl 0 seconds
wais_relay_port 0
request_header_max_size 10240 bytes
request_body_max_size 0 bytes
refresh_pattern . 0 20% 4320

quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 300 seconds
positive_dns_ttl 21600 seconds
negative_dns_ttl 300 seconds
range_offset_limit 0 bytes
connect_timeout 120 seconds
peer_connect_timeout 30 seconds
read_timeout 900 seconds
request_timeout 300 seconds
persistent_request_timeout 60 seconds
client_lifetime 86400 seconds
half_closed_clients on
pconn_timeout 120 seconds
ident_timeout 10 seconds
shutdown_lifetime 30 seconds
acl QUERY urlpath_regex cgi-bin
acl QUERY urlpath_regex \?
acl NOCACHE url_regex ^http://global.umi.com/
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl ilanet src 172.16.0.4
acl stealth src 172.16.0.6
acl to_localhost dst 127.0.0.0/255.0.0.0
acl SSL_ports port 443
acl SSL_ports port 563
acl Safe_ports port 80
acl Safe_ports port 443
acl Safe_ports port 21
acl Safe_ports port 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl POST method POST
acl Downloads urlpath_regex \.gz$
acl Downloads urlpath_regex \.exe$
acl Downloads urlpath_regex \.zip$
acl Downloads urlpath_regex \.GZ$
acl Downloads urlpath_regex \.ZIP$
acl Downloads urlpath_regex \.arj$
acl Downloads urlpath_regex \.ARJ$
acl Downloads urlpath_regex \.lha$
acl Downloads urlpath_regex \.LHA$
acl Downloads urlpath_regex \.tgz$
acl Downloads urlpath_regex \.TGZ$
acl Downloads urlpath_regex \.gzip$
acl Downloads urlpath_regex \.GZIP$
acl Downloads urlpath_regex \.EXE$
acl our_networks src 172.16.0.0/255.255.0.0
acl our_networks src 192.168.1.0/255.255.255.0
acl our_networks src 192.168.2.0/255.255.255.0
acl our_networks src 192.168.3.0/255.255.255.0
acl infotrac-custom dstdomain .infotrac-custom.com
acl infotrac dstdomain infotrac.galegroup.com
acl austlist dstdomain .lib.adfa.edu.au
acl webspirs4 dstdomain webspirs4.informit.com.au
acl 8590 port 8590
acl bio dstdomain ad.doubleclick.net
acl reuters dstdomain .business.reuters.com
acl apt dstdomain .picturethesaurus.gov.au
acl umi dstdomain .umi.com
acl proquest dstdomain .proquest.com
acl local-hosts dstdomain www.sl.nsw.gov.au
acl local-hosts dstdomain library.sl.nsw.gov.au
acl dixon-host dstdomain dixon.sl.nsw.gov.au
acl liac dstdomain .liac.net.au
acl liac1 dstdomain liac.sl.nsw.gov.au
acl abs dstdomain www.abs.gov.au
acl aspect dstdomain www.aspectfinancial.com.au
acl hwwilson dstdomain vnweb.hwwilson.com
http_access Allow manager localhost
http_access Allow manager ilanet
http_access Allow manager stealth
http_access Deny manager
http_access Deny !Safe_ports
http_access Deny CONNECT !SSL_ports
http_access Deny Downloads !POST
http_access Allow our_networks
http_access Deny all
http_reply_access Allow all
icp_access Allow all
miss_access Allow all
ident_lookup_access Deny all
reply_body_max_size 0 Allow all
cache_mgr webmaster
cache_effective_user nobody
cache_effective_group nogroup
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy off
httpd_accel_uses_host_header off
dns_testnames netscape.com
dns_testnames internic.net
dns_testnames nlanr.net
dns_testnames microsoft.com
logfile_rotate 10
append_domain .sl.nsw.gov.au
tcp_recv_bufsize 0 bytes
err_html_text
memory_pools off
memory_pools_limit 0 bytes
forwarded_for on
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
cachemgr_passwd XXXXXXXXXX all
store_avg_object_size 6 KB
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 300 seconds
query_icmp off
test_reachability off
buffered_logs off
reload_into_ims off
always_direct Allow infotrac-custom
always_direct Allow infotrac
always_direct Allow austlist
always_direct Allow webspirs4 8590
always_direct Allow bio
always_direct Allow reuters
always_direct Allow apt
always_direct Allow umi
always_direct Allow proquest
always_direct Allow local-hosts
always_direct Allow local-hosts
always_direct Allow dixon-host
always_direct Allow liac
always_direct Allow liac1
always_direct Allow abs
always_direct Allow aspect
always_direct Allow hwwilson
icon_directory /opt/local/pkgs/squid-2.5.STABLE1/share/icons
error_directory /opt/local/pkgs/squid-2.5.STABLE1/share/errors/English
minimum_retry_timeout 5 seconds
maximum_single_addr_tries 3
as_whois_server whois.ra.net
wccp_router 0.0.0.0
wccp_version 4
wccp_incoming_address 0.0.0.0
wccp_outgoing_address 255.255.255.255
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace allow
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
coredump_dir /opt/local/pkgs/squid-2.5.STABLE1/var/cache
redirector_bypass off
ignore_unknown_nameservers on
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch off
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0 bytes
store_dir_select_algorithm least-load
ie_refresh off
vary_ignore_expire off
sleep_after_fork 0

Thanks,
Rajesh.
>Date: Thu, 24 Apr 2003 14:12:35 +1000
>From: Colin Campbell <sgcccdc@citec.qld.gov.au>
>To: Rajesh <rajesh@sl.nsw.gov.au>
>Cc: squid-users@squid-cache.org, Tony.Melia@downsmicro.com.au
>Subject: Re: [squid-users] deny downloads
>Mime-Version: 1.0
>Content-Transfer-Encoding: 7bit
>
>Hi,
>
>On Thu, 24 Apr 2003 13:47:09 +1000 (EST)
>Rajesh <rajesh@sl.nsw.gov.au> wrote:
>
>> Hi,
>>
>> I've tried it as
>>
>> http_access deny Download, it doesn't work.
>
>based on what's been written previously, it should be:
>
> http_access deny Downloads
>
>If that doesn't work, maybe your order of http_access lines is biting you. Give
>us the complete list if you still can't work it out.
>
>Colin
>--
>Colin Campbell
>Unix Support/Postmaster/Hostmaster
>CITEC
>+61 7 3227 6334

 
Unix System Administrator
State Library of NSW
Macquarie Street
Sydney - 2000

Email: rajesh@sl.nsw.gov.au
Ph: 02-92731711

====================================
This email and any attachments to it are privileged and confidential.
If you
are not the intended recipient, please notify the sender and delete
it. The
contents of this email are not given or endorsed by the State Library
of New
South Wales unless otherwise indicated by an authorised officer of
the
Library. Copyright law may also apply to this contents of this email.
====================================
Received on Sun Apr 27 2003 - 19:09:28 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:31 MST