1.  squid.conf
    2. #
    3. # Recommended minimum configuration:
    4. #
    6. # Example rule allowing access from your local networks.
    7. # Adapt to list your (internal) IP networks from where browsing
    8. # should be allowed
    9. acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
    10. acl localnet src 0.0.0.0/0.0.0.0        # RFC1918 possible internal network
    11. #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
    12. #acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
    13. #acl localnet src fc00::/7       # RFC 4193 local private network range
    14. #acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
    16. acl SSL_ports port 443
    17. acl Safe_ports port 80          # http
    18. acl Safe_ports port 21          # ftp
    19. acl Safe_ports port 443         # https
    20. acl Safe_ports port 70          # gopher
    21. acl Safe_ports port 210         # wais
    22. acl Safe_ports port 1025-65535  # unregistered ports
    23. acl Safe_ports port 280         # http-mgmt
    24. acl Safe_ports port 488         # gss-http
    25. acl Safe_ports port 591         # filemaker
    26. acl Safe_ports port 777         # multiling http
    27. acl CONNECT method CONNECT
    29. auth_param basic program /usr/lib64/squid/basic_ncsa_auth /etc/squid/passwd_squid
    30. auth_param basic children 20
    31. auth_param basic realm Light co Squid 
    32. auth_param basic credentialsttl 5 hours                                                 #认证的持续时间
    33. #acl ops-light proxy_auth REQUIRED 
    34. acl auth_users proxy_auth ops-light
    35. auth_param basic casesensitive off
    36. visible_hostname Light-co.Squid.org
    38. #
    39. # Recommended minimum Access Permission configuration:
    40. #
    41. # Deny requests to certain unsafe ports
    42. http_access deny !Safe_ports
    44. # Deny CONNECT to other than secure SSL ports
    45. http_access deny CONNECT !SSL_ports
    47. # Only allow cachemgr access from localhost
    48. http_access allow localhost manager
    49. http_access deny manager
    51. # We strongly recommend the following be uncommented to protect innocent
    52. # web applications running on the proxy server who think the only
    53. # one who can access services on "localhost" is a local user
    54. #http_access deny to_localhost
    56. #
    57. # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    58. #
    60. # Example rule allowing access from your local networks.
    61. # Adapt localnet in the ACL section to list your (internal) IP networks
    62. # from where browsing should be allowed
    63. http_access allow localnet
    64. #http_access allow ops-light
    65. http_access allow auth_users
    66. http_access allow localhost
    68. # And finally deny all other access to this proxy
    69. http_access deny all
    71. # Squid normally listens to port 3128
    72. #http_port 3128
    73. http_port 9128
    75. # Uncomment and adjust the following to add a disk cache directory.
    76. #cache_dir ufs /var/spool/squid 100 16 256
    78. # Leave coredumps in the first cache dir
    79. coredump_dir /var/spool/squid
    81. #
    82. # Add any of your own refresh_pattern entries above these.
    83. #
    84. refresh_pattern ^ftp:           1440    20%     10080
    85. refresh_pattern ^gopher:        1440    0%      1440
    86. refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
    87. refresh_pattern .               0       20%     4320
    90.  passwd_squid 
    91. ops-light:$apr1$pYiupR/9$8RN8oJW17hANmqWf5CO6.1