infrastructure-provisioning/src/edge/templates/squid.conf - incubator-datalab - Git at Google

 # *****************************************************************************
 #
 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 #
 # ******************************************************************************

 auth_param basic program LDAP_AUTH_PATH -b "LDAP_DN" -D "LDAP_SERVICE_USERNAME,LDAP_DN" -w LDAP_SERVICE_PASSWORD -f uid=%s LDAP_HOST

 acl DLab_user_src_subnet src PROXY_SUBNET
 VPC_CIDRS
 ALLOWED_CIDRS


 acl SSL_ports port 443
 acl Safe_ports port 80          # http
 acl Safe_ports port 21          # ftp
 acl Safe_ports port 22          # ssh
 acl Safe_ports port 443         # https
 acl Safe_ports port 70          # gopher
 acl Safe_ports port 210         # wais
 acl Safe_ports port 1025-65535  # unregistered ports
 acl Safe_ports port 280         # http-mgmt
 acl Safe_ports port 488         # gss-http
 acl Safe_ports port 591         # filemaker
 acl Safe_ports port 777         # multiling http
 acl CONNECT method CONNECT

 acl ldap-auth proxy_auth EDGE_USER_NAME

 http_access deny !Safe_ports
 http_access allow localhost manager
 http_access deny manager
 http_access allow DLab_user_src_subnet
 http_access allow AllowedCIDRS ldap-auth
 http_access allow localhost
 http_access deny all

 http_port 3128

 cache deny all
 cache_dir null /tmp
 coredump_dir /var/spool/squid

 refresh_pattern ^ftp:           1440    20%     10080
 refresh_pattern ^gopher:        1440    0%      1440
 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
 refresh_pattern .               0       20%     4320
	# *****************************************************************************
	#
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	#
	# ******************************************************************************

	auth_param basic program LDAP_AUTH_PATH -b "LDAP_DN" -D "LDAP_SERVICE_USERNAME,LDAP_DN" -w LDAP_SERVICE_PASSWORD -f uid=%s LDAP_HOST

	acl DLab_user_src_subnet src PROXY_SUBNET
	VPC_CIDRS
	ALLOWED_CIDRS


	acl SSL_ports port 443
	acl Safe_ports port 80 # http
	acl Safe_ports port 21 # ftp
	acl Safe_ports port 22 # ssh
	acl Safe_ports port 443 # https
	acl Safe_ports port 70 # gopher
	acl Safe_ports port 210 # wais
	acl Safe_ports port 1025-65535 # unregistered ports
	acl Safe_ports port 280 # http-mgmt
	acl Safe_ports port 488 # gss-http
	acl Safe_ports port 591 # filemaker
	acl Safe_ports port 777 # multiling http
	acl CONNECT method CONNECT

	acl ldap-auth proxy_auth EDGE_USER_NAME

	http_access deny !Safe_ports
	http_access allow localhost manager
	http_access deny manager
	http_access allow DLab_user_src_subnet
	http_access allow AllowedCIDRS ldap-auth
	http_access allow localhost
	http_access deny all

	http_port 3128

	cache deny all
	cache_dir null /tmp
	coredump_dir /var/spool/squid

	refresh_pattern ^ftp: 1440 20% 10080
	refresh_pattern ^gopher: 1440 0% 1440
	refresh_pattern -i (/cgi-bin/\|\?) 0 0% 0
	refresh_pattern . 0 20% 4320