This is my config file. It takes about 30 seconds to reload when using the command (sudo squid3 -k reconfigure)
http_port 3128 visible_hostname squid.######.local error_directory /etc/squid3/errors/en # Recommended minimum configuration: # #acl manager proto cache_object #acl localhost src 127.0.0.1/32 ::1 #acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/22 # RFC1918 possible internal network acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS #Kerberos and NTLM authentication auth_param negotiate program /usr/local/bin/negotiate_wrapper --ntlm /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=####### --kerberos /usr/lib/squid3/negotiate_kerberos_auth -d -s GSS_C_NO_NAME auth_param negotiate children 30 auth_param negotiate keep_alive off # LDAP authentication auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b "DC=#####,DC=local" -D "CN=SQUID,OU=##### Service Accounts,DC=#####,DC=local" -w "#########" -f sAMAccountName=%s -h ################### auth_param basic children 150 auth_param basic realm Please enter your Domain credentials to continue auth_param basic credentialsttl 1 hour # AD group membership commands external_acl_type ldap_group ttl=60 children-startup=10 children-max=50 children-idle=2 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -K -S -b "DC=######,DC=local" -D "CN=SQUID,OU=Service Accounts,DC=#####,DC=local" -w "#########" -f "(&(objectclass=person) (sAMAccountname=%v)(memberof=CN=%a,OU=PROXY,ou=ALL Groups,DC=#####,DC=local))" -h ###################### ######################################################################### acl auth proxy_auth REQUIRED ##### Individual Allow Groups LDAP ##### acl ALLOW-ABORTION external ldap_group INTERNET-ALLOW-ABORTION acl ALLOW-ANTISPYWARE external ldap_group INTERNET-ALLOW-ANTISPYWARE acl ALLOW-AUDIO-VIDEO external ldap_group INTERNET-ALLOW-AUDIO-VIDEO acl ALLOW-BLOG external ldap_group INTERNET-ALLOW-BLOG acl ALLOW-CELLPHONES external ldap_group INTERNET-ALLOW-CELLPHONES acl ALLOW-CHAT external ldap_group INTERNET-ALLOW-CHAT acl ALLOW-CHILDCARE external ldap_group INTERNET-ALLOW-CHILDCARE acl ALLOW-CLEANING external ldap_group INTERNET-ALLOW-CLEANING acl ALLOW-CLOTHING external ldap_group INTERNET-ALLOW-CLOTHING acl ALLOW-CONTRACEPTION external ldap_group INTERNET-ALLOW-CONTRACEPTION acl ALLOW-CULINARY external ldap_group INTERNET-ALLOW-CULINARY acl ALLOW-DATING external ldap_group INTERNET-ALLOW-DATING acl ALLOW-DRUGS external ldap_group INTERNET-ALLOW-DRUGS acl ALLOW-ECOMMERCE external ldap_group INTERNET-ALLOW-ECOMMERCE acl ALLOW-ENTERTAINMENT external ldap_group INTERNET-ALLOW-ENTERTAINMENT acl ALLOW-FILEHOSTING external ldap_group INTERNET-ALLOW-FILEHOSTING acl ALLOW-FRENCHEDUCATION external ldap_group INTERNET-ALLOW-FRENCHEDUCATION acl ALLOW-GAMES external ldap_group INTERNET-ALLOW-GAMES acl ALLOW-GARDENING external ldap_group INTERNET-ALLOW-GARDENING acl ALLOW-GUNS external ldap_group INTERNET-ALLOW-GUNS acl ALLOW-HACKING external ldap_group INTERNET-ALLOW-HACKING acl ALLOW-HOMEREPAIR external ldap_group INTERNET-ALLOW-HOMEREPAIR acl ALLOW-HYGIENE external ldap_group INTERNET-ALLOW-HYGIENE acl ALLOW-INSTANTMESSAGING external ldap_group INTERNET-ALLOW-INSTANTMESSAGING acl ALLOW-JEWELRY external ldap_group INTERNET-ALLOW-JEWELRY acl ALLOW-JOBSEARCH external ldap_group INTERNET-ALLOW-JOBSEARCH acl ALLOW-MARKETINGWARE external ldap_group INTERNET-ALLOW-MARKETINGWARE acl ALLOW-MEDICAL external ldap_group INTERNET-ALLOW-MEDICAL acl ALLOW-MOBILE-PHONE external ldap_group INTERNET-ALLOW-MOBILE-PHONE acl ALLOW-NEWS external ldap_group INTERNET-ALLOW-NEWS acl ALLOW-ONLINEAUCTIONS external ldap_group INTERNET-ALLOW-ONLINEAUCTIONS acl ALLOW-ONLINEGAMES external ldap_group INTERNET-ALLOW-ONLINEGAMES acl ALLOW-ONLINEPAYMENT external ldap_group INTERNET-ALLOW-ONLINEPAYMENT acl ALLOW-PERSONALFINANCE external ldap_group INTERNET-ALLOW-PERSONALFINANCE acl ALLOW-PETS external ldap_group INTERNET-ALLOW-PETS acl ALLOW-RADIO external ldap_group INTERNET-ALLOW-RADIO acl ALLOW-RELIGION external ldap_group INTERNET-ALLOW-RELIGION acl ALLOW-SECT external ldap_group INTERNET-ALLOW-SECT acl ALLOW-SEXUALITYEDUCATION external ldap_group INTERNET-ALLOW-SEXUALITYEDUCATION acl ALLOW-SHOPPING external ldap_group INTERNET-ALLOW-SHOPPING acl ALLOW-SOCIALNETWORKING external ldap_group INTERNET-ALLOW-SOCIALNETWORKING acl ALLOW-SPORTNEWS external ldap_group INTERNET-ALLOW-SPORTNEWS acl ALLOW-SPORTS external ldap_group INTERNET-ALLOW-SPORTS acl ALLOW-VACATION external ldap_group INTERNET-ALLOW-VACATION acl ALLOW-VIOLENCE external ldap_group INTERNET-ALLOW-VIOLENCE ##### Block Groups LDAP ##### acl HIGHLY-RESTRICTIVE external ldap_group PROXY-HIGHLY-RESTRICTIVE acl MEDIUM-RESTRICTIVE external ldap_group PROXY-MEDIUM-RESTRICTIVE acl MINIMAL-RESTRICTIVE external ldap_group PROXY-MINIMAL-RESTRICTIVE acl UNRESTRICTED external ldap_group PROXY-UNRESTRICTED acl DEV external ldap_group PROXY-DEV acl SALES external ldap_group PROXY-SALES acl REQGROUPS external ldap_group PROXY-HIGHLY-RESTRICTIVE PROXY-MEDIUM-RESTRICTIVE PROXY-MINIMAL-RESTRICTIVE PROXY-UNRESTRICTED PROXY-DEV PROXY-SALES ##### Blacklist Paths ##### acl ABORTION dstdomain "/etc/squid3/blacklists/abortion/domains acl ADS dstdomain "/etc/squid3/blacklists/ads/domains" acl ADULT dstdomain "/etc/squid3/blacklists/adult/domains" acl AGGRESSIVE dstdomain "/etc/squid3/blacklists/aggressive/domains acl ALCOHOL dstdomain "/etc/squid3/blacklists/alcohol/domains acl ANTISPYWARE dstdomain "/etc/squid3/blacklists/antispyware/domains acl ARTNUDES dstdomain "/etc/squid3/blacklists/artnudes/domains acl ASTROLOGY dstdomain "/etc/squid3/blacklists/astrology/domains acl AUDIO-VIDEO dstdomain "/etc/squid3/blacklists/audio-video/domains" acl BANKING dstdomain "/etc/squid3/blacklists/banking/domains acl BEERLIQUORINFO dstdomain "/etc/squid3/blacklists/beerliquorinfo/domains acl BEERLIQUORSALE dstdomain "/etc/squid3/blacklists/beerliquorsale/domains acl BITCOIN dstdomain "/etc/squid3/blacklists/bitcoin/domains acl BLOG dstdomain "/etc/squid3/blacklists/blog/domains acl BOOKS dstdomain "/etc/squid3/blacklists/books/domains acl CELEBRITY dstdomain "/etc/squid3/blacklists/celebrity/domains acl CELLPHONES dstdomain "/etc/squid3/blacklists/cellphones/domains acl CHAT dstdomain "/etc/squid3/blacklists/chat/domains acl CHILDCARE dstdomain "/etc/squid3/blacklists/childcare/domains acl CLEANING dstdomain "/etc/squid3/blacklists/cleaning/domains acl CLOTHING dstdomain "/etc/squid3/blacklists/clothing/domains acl CONTRACEPTION dstdomain "/etc/squid3/blacklists/contraception/domains acl CULINARY dstdomain "/etc/squid3/blacklists/culinary/domains acl DATING dstdomain "/etc/squid3/blacklists/dating/domains acl DESKTOPSILLIES dstdomain "/etc/squid3/blacklists/desktopsillies/domains acl DIALERS dstdomain "/etc/squid3/blacklists/dialers/domains acl DRUGS dstdomain "/etc/squid3/blacklists/drugs/domains acl ECOMMERCE dstdomain "/etc/squid3/blacklists/ecommerce/domains acl ENTERTAINMENT dstdomain "/etc/squid3/blacklists/entertainment/domains acl FILEHOSTING dstdomain "/etc/squid3/blacklists/filehosting/domains acl FILESHARING dstdomain "/etc/squid3/blacklists/filesharing/domains acl FRENCHEDUCATION dstdomain "/etc/squid3/blacklists/frencheducation/domains acl GAMBLING dstdomain "/etc/squid3/blacklists/gambling/domains" acl GAMES dstdomain "/etc/squid3/blacklists/games/domains" acl GARDENING dstdomain "/etc/squid3/blacklists/gardening/domains" acl GOVERNMENT dstdomain "/etc/squid3/blacklists/government/domains" acl GUNS dstdomain "/etc/squid3/blacklists/guns/domains" acl HACKING dstdomain "/etc/squid3/blacklists/hacking/domains" acl HOMEREPAIR dstdomain "/etc/squid3/blacklists/homerepair/domains" acl HUMOR dstdomain "/etc/squid3/blacklists/humor/domains acl HUNTING dstdomain "/etc/squid3/blacklists/hunting/domains acl HYGIENE dstdomain "/etc/squid3/blacklists/hygiene/domains" acl INSTANTMESSAGING dstdomain "/etc/squid3/blacklists/instantmessaging/domains" acl JEWELRY dstdomain "/etc/squid3/blacklists/jewelry/domains" acl JOBSEARCH dstdomain "/etc/squid3/blacklists/jobsearch/domains" acl KIDSTIMEWASTING dstdomain "/etc/squid3/blacklists/kidstimewasting/domains" acl LINGERIE dstdomain "/etc/squid3/blacklists/lingerie/domains acl MAGAZINES dstdomain "/etc/squid3/blacklists/magazines/domains acl MALWARE dstdomain "/etc/squid3/blacklists/malware/domains acl MAIL dstdomain "/etc/squid3/blacklists/mail/domains" acl MARKETINGWARE dstdomain "/etc/squid3/blacklists/marketingware/domains" acl MEDICAL dstdomain "/etc/squid3/blacklists/medical/domains" acl MIXED_ADULT dstdomain "/etc/squid3/blacklists/mixed_adult/domains" acl MOBILE-PHONE dstdomain "/etc/squid3/blacklists/mobile-phone/domains" acl NATURISM dstdomain "/etc/squid3/blacklists/naturism/domains" acl NEWS dstdomain "/etc/squid3/blacklists/news/domains" acl ONLINEAUCTIONS dstdomain "/etc/squid3/blacklists/onlineauctions/domains" acl ONLINEGAMES dstdomain "/etc/squid3/blacklists/onlinegames/domains" acl ONLINEPAYMENT dstdomain "/etc/squid3/blacklists/onlinepayment/domains" acl PERSONALFINANCE dstdomain "/etc/squid3/blacklists/personalfinance/domains" acl PETS dstdomain "/etc/squid3/blacklists/pets/domains" acl PHISHING dstdomain "/etc/squid3/blacklists/phishing/domains" acl PORN dstdomain "/etc/squid3/blacklists/porn/domains" acl PRESS dstdomain "/etc/squid3/blacklists/press/domains acl PROXY dstdomain "/etc/squid3/blacklists/proxy/domains" acl RADIO dstdomain "/etc/squid3/blacklists/radio/domains" acl RELIGION dstdomain "/etc/squid3/blacklists/religion/domains" acl REMOTE-CONTROL dstdomain "/etc/squid3/blacklists/remote-control/domains acl RINGTONES dstdomain "/etc/squid3/blacklists/ringtones/domains" acl SEARCHENGINES dstdomain "/etc/squid3/blacklists/searchengines/domains" acl SECT dstdomain "/etc/squid3/blacklists/sect/domains" acl SEXUALITY dstdomain "/etc/squid3/blacklists/sexuality/domains" acl SEXUALITYEDUCATION dstdomain "/etc/squid3/blacklists/sexualityeducation/domains" acl SHOPPING dstdomain "/etc/squid3/blacklists/shopping/domains" acl SOCIAL_NETWORKS dstdomain "/etc/squid3/blacklists/social_networks/domains acl SOCIALNETWORKING dstdomain "/etc/squid3/blacklists/socialnetworking/domains" acl SPORTNEWS dstdomain "/etc/squid3/blacklists/sportnews/domains" acl SPORTS dstdomain "/etc/squid3/blacklists/sports/domains" acl SPYWARE dstdomain "/etc/squid3/blacklists/spyware/domains" acl TOBACCO dstdomain "/etc/squid3/blacklists/tobacco/domains acl UPDATESITES dstdomain "/etc/squid3/blacklists/updatesites/domains" acl VACATION dstdomain "/etc/squid3/blacklists/vacation/domains" acl VIOLENCE dstdomain "/etc/squid3/blacklists/violence/domains" acl VIRUSINFECTED dstdomain "/etc/squid3/blacklists/virusinfected/domains" acl WAREZ dstdomain "/etc/squid3/blacklists/warez/domains" acl WEATHER dstdomain "/etc/squid3/blacklists/weather/domains" acl WEAPONS dstdomain "/etc/squid3/blacklists/weapons/domains" acl WEBMAIL dstdomain "/etc/squid3/blacklists/webmail/domains" ##### Whitelist Paths ##### acl GLOBAL-WHITELIST dstdomain "/etc/squid3/whitelists/GLOBAL-WHITELIST" acl UNRESTRICTED-WHITELIST dstdomain "/etc/squid3/whitelists/UNRESTRICTED-WHITELIST" acl DEV-WHITELIST dstdomain "/etc/squid3/whitelists/DEV-WHITELIST" acl SALES-WHITELIST dstdomain "/etc/squid3/whitelists/SALES-WHITELIST" ############################################################################################ ##### HTTP_ACCESS Rules ##### # Block everyone who is not a member of one of (PROXY-HIGHLY-RESTRICTIVE PROXY-MEDIUM-RESTRICTIVE PROXY-MINIMAL-RESTRICTIVE PROXY-UNRESTRICTED PROXY-DEV PROXY-SALES) http_access deny !auth all http_access deny !REQGROUPS all # Allow all traffic to everyone to anything in (GLOBAL-WHITELIST) http_access allow GLOBAL-WHITELIST all # Allow categories LDAP http_access allow ALLOW-ABORTION ABORTION http_access allow ALLOW-ANTISPYWARE ANTISPYWARE http_access allow ALLOW-AUDIO-VIDEO AUDIO-VIDEO http_access allow ALLOW-BLOG BLOG http_access allow ALLOW-CELLPHONES CELLPHONES http_access allow ALLOW-CHAT CHAT http_access allow ALLOW-CHILDCARE CHILDCARE http_access allow ALLOW-CLEANING CLEANING http_access allow ALLOW-CLOTHING CLOTHING http_access allow ALLOW-CONTRACEPTION CONTRACEPTION http_access allow ALLOW-CULINARY CULINARY http_access allow ALLOW-DATING DATING http_access allow ALLOW-DRUGS DRUGS http_access allow ALLOW-ECOMMERCE ECOMMERCE http_access allow ALLOW-ENTERTAINMENT ENTERTAINMENT http_access allow ALLOW-FILEHOSTING FILEHOSTING http_access allow ALLOW-FRENCHEDUCATION FRENCHEDUCATION http_access allow ALLOW-GAMES GAMES http_access allow ALLOW-GARDENING GARDENING http_access allow ALLOW-GUNS GUNS http_access allow ALLOW-HACKING HACKING http_access allow ALLOW-HOMEREPAIR HOMEREPAIR http_access allow ALLOW-HYGIENE HYGIENE http_access allow ALLOW-INSTANTMESSAGING INSTANTMESSAGING http_access allow ALLOW-JEWELRY JEWELRY http_access allow ALLOW-JOBSEARCH JOBSEARCH http_access allow ALLOW-MARKETINGWARE MARKETINGWARE http_access allow ALLOW-MEDICAL MEDICAL http_access allow ALLOW-MOBILE-PHONE MOBILE-PHONE http_access allow ALLOW-NEWS NEWS http_access allow ALLOW-ONLINEAUCTIONS ONLINEAUCTIONS http_access allow ALLOW-ONLINEGAMES ONLINEGAMES http_access allow ALLOW-ONLINEPAYMENT ONLINEPAYMENT http_access allow ALLOW-PERSONALFINANCE PERSONALFINANCE http_access allow ALLOW-PETS PETS http_access allow ALLOW-RADIO RADIO http_access allow ALLOW-RELIGION RELIGION http_access allow ALLOW-SECT SECT http_access allow ALLOW-SEXUALITYEDUCATION SEXUALITYEDUCATION http_access allow ALLOW-SHOPPING SHOPPING http_access allow ALLOW-SOCIALNETWORKING SOCIALNETWORKING http_access allow ALLOW-SPORTNEWS SPORTNEWS http_access allow ALLOW-SPORTS SPORTS http_access allow ALLOW-VACATION VACATION http_access allow ALLOW-VIOLENCE VIOLENCE #### DEV #### http_access allow DEV DEV-WHITELIST http_access deny DEV ADULT http_access deny DEV AGGRESSIVE http_access deny DEV ALCOHOL http_access deny DEV ARTNUDES http_access deny DEV ASTROLOGY http_access deny DEV BEERLIQUORINFO http_access deny DEV BEERLIQUORSALE http_access deny DEV DESKTOPSILLIES http_access deny DEV DIALERS http_access deny DEV GAMBLING http_access deny DEV KIDSTIMEWASTING http_access deny DEV LINGERIE http_access deny DEV MALWARE http_access deny DEV MIXED_ADULT http_access deny DEV NATURISM http_access deny DEV PHISHING http_access deny DEV PORN http_access deny DEV PROXY http_access deny DEV RINGTONES http_access deny DEV SEXUALITY http_access deny DEV SOCIAL_NETWORKS http_access deny DEV SOCIALNETWORKING http_access deny DEV SPYWARE http_access deny DEV TOBACCO http_access deny DEV VIRUSINFECTED http_access deny DEV WAREZ http_access deny DEV WEAPONS #### SALES #### http_access allow SALES SALES-WHITELIST http_access deny SALES ADULT http_access deny SALES AGGRESSIVE http_access deny SALES ALCOHOL http_access deny SALES ARTNUDES http_access deny SALES ASTROLOGY http_access deny SALES BEERLIQUORINFO http_access deny SALES BEERLIQUORSALE http_access deny SALES DESKTOPSILLIES http_access deny SALES DIALERS http_access deny SALES GAMBLING http_access deny SALES KIDSTIMEWASTING http_access deny SALES LINGERIE http_access deny SALES MALWARE http_access deny SALES MIXED_ADULT http_access deny SALES NATURISM http_access deny SALES PHISHING http_access deny SALES PORN http_access deny SALES PROXY http_access deny SALES RINGTONES http_access deny SALES SEXUALITY http_access deny SALES SPYWARE http_access deny SALES TOBACCO http_access deny SALES VIRUSINFECTED http_access deny SALES WAREZ http_access deny SALES WEAPONS #### UNRESTRICTED #### http_access allow UNRESTRICTED UNRESTRICTED-WHITELIST http_access deny UNRESTRICTED ADULT http_access deny UNRESTRICTED AGGRESSIVE http_access deny UNRESTRICTED ALCOHOL http_access deny UNRESTRICTED ARTNUDES http_access deny UNRESTRICTED ASTROLOGY http_access deny UNRESTRICTED BEERLIQUORINFO http_access deny UNRESTRICTED BEERLIQUORSALE http_access deny UNRESTRICTED DESKTOPSILLIES http_access deny UNRESTRICTED DIALERS http_access deny UNRESTRICTED GAMBLING http_access deny UNRESTRICTED KIDSTIMEWASTING http_access deny UNRESTRICTED LINGERIE http_access deny UNRESTRICTED MALWARE http_access deny UNRESTRICTED MIXED_ADULT http_access deny UNRESTRICTED NATURISM http_access deny UNRESTRICTED PHISHING http_access deny UNRESTRICTED PORN http_access deny UNRESTRICTED PROXY http_access deny UNRESTRICTED RINGTONES http_access deny UNRESTRICTED SEXUALITY http_access deny UNRESTRICTED SPYWARE http_access deny UNRESTRICTED TOBACCO http_access deny UNRESTRICTED VIRUSINFECTED http_access deny UNRESTRICTED WAREZ http_access deny UNRESTRICTED WEAPONS #### MINIMAL-RESTRICTIVE #### http_access deny MINIMAL-RESTRICTIVE ADS http_access deny MINIMAL-RESTRICTIVE ADULT http_access deny MINIMAL-RESTRICTIVE AGGRESSIVE http_access deny MINIMAL-RESTRICTIVE ALCOHOL http_access deny MINIMAL-RESTRICTIVE ARTNUDES http_access deny MINIMAL-RESTRICTIVE ASTROLOGY http_access deny MINIMAL-RESTRICTIVE BEERLIQUORINFO http_access deny MINIMAL-RESTRICTIVE BEERLIQUORSALE http_access deny MINIMAL-RESTRICTIVE CELEBRITY http_access deny MINIMAL-RESTRICTIVE DESKTOPSILLIES http_access deny MINIMAL-RESTRICTIVE DIALERS http_access deny MINIMAL-RESTRICTIVE DRUGS http_access deny MINIMAL-RESTRICTIVE ENTERTAINMENT http_access deny MINIMAL-RESTRICTIVE FILESHARING http_access deny MINIMAL-RESTRICTIVE GAMBLING http_access deny MINIMAL-RESTRICTIVE GAMES http_access deny MINIMAL-RESTRICTIVE GUNS http_access deny MINIMAL-RESTRICTIVE HUMOR http_access deny MINIMAL-RESTRICTIVE HUNTING http_access deny MINIMAL-RESTRICTIVE INSTANTMESSAGING http_access deny MINIMAL-RESTRICTIVE KIDSTIMEWASTING http_access deny MINIMAL-RESTRICTIVE LINGERIE http_access deny MINIMAL-RESTRICTIVE MAGAZINES http_access deny MINIMAL-RESTRICTIVE MALWARE http_access deny MINIMAL-RESTRICTIVE MIXED_ADULT http_access deny MINIMAL-RESTRICTIVE NATURISM http_access deny MINIMAL-RESTRICTIVE ONLINEAUCTIONS http_access deny MINIMAL-RESTRICTIVE ONLINEGAMES http_access deny MINIMAL-RESTRICTIVE PHISHING http_access deny MINIMAL-RESTRICTIVE PORN http_access deny MINIMAL-RESTRICTIVE PROXY http_access deny MINIMAL-RESTRICTIVE RINGTONES http_access deny MINIMAL-RESTRICTIVE SEXUALITY http_access deny MINIMAL-RESTRICTIVE SEXUALITYEDUCATION http_access deny MINIMAL-RESTRICTIVE SPYWARE http_access deny MINIMAL-RESTRICTIVE TOBACCO http_access deny MINIMAL-RESTRICTIVE VIOLENCE http_access deny MINIMAL-RESTRICTIVE VIRUSINFECTED http_access deny MINIMAL-RESTRICTIVE WAREZ http_access deny MINIMAL-RESTRICTIVE WEAPONS #### MEDIUM-RESTRICTIVE #### http_access deny MEDIUM-RESTRICTIVE ABORTION http_access deny MEDIUM-RESTRICTIVE ADS http_access deny MEDIUM-RESTRICTIVE ADULT http_access deny MEDIUM-RESTRICTIVE AGGRESSIVE http_access deny MEDIUM-RESTRICTIVE ALCOHOL http_access deny MEDIUM-RESTRICTIVE ARTNUDES http_access deny MEDIUM-RESTRICTIVE ASTROLOGY http_access deny MEDIUM-RESTRICTIVE AUDIO-VIDEO http_access deny MEDIUM-RESTRICTIVE BEERLIQUORINFO http_access deny MEDIUM-RESTRICTIVE BEERLIQUORSALE http_access deny MEDIUM-RESTRICTIVE BITCOIN http_access deny MEDIUM-RESTRICTIVE CELEBRITY http_access deny MEDIUM-RESTRICTIVE CHAT http_access deny MEDIUM-RESTRICTIVE CONTRACEPTION http_access deny MEDIUM-RESTRICTIVE DATING http_access deny MEDIUM-RESTRICTIVE DESKTOPSILLIES http_access deny MEDIUM-RESTRICTIVE DIALERS http_access deny MEDIUM-RESTRICTIVE DRUGS http_access deny MEDIUM-RESTRICTIVE ECOMMERCE http_access deny MEDIUM-RESTRICTIVE ENTERTAINMENT http_access deny MEDIUM-RESTRICTIVE FILEHOSTING http_access deny MEDIUM-RESTRICTIVE FILESHARING http_access deny MEDIUM-RESTRICTIVE FRENCHEDUCATION http_access deny MEDIUM-RESTRICTIVE GAMBLING http_access deny MEDIUM-RESTRICTIVE GAMES http_access deny MEDIUM-RESTRICTIVE GARDENING http_access deny MEDIUM-RESTRICTIVE GUNS http_access deny MEDIUM-RESTRICTIVE HACKING http_access deny MEDIUM-RESTRICTIVE HOMEREPAIR http_access deny MEDIUM-RESTRICTIVE HUMOR http_access deny MEDIUM-RESTRICTIVE HUNTING http_access deny MEDIUM-RESTRICTIVE HYGIENE http_access deny MEDIUM-RESTRICTIVE INSTANTMESSAGING http_access deny MEDIUM-RESTRICTIVE JEWELRY http_access deny MEDIUM-RESTRICTIVE JOBSEARCH http_access deny MEDIUM-RESTRICTIVE KIDSTIMEWASTING http_access deny MEDIUM-RESTRICTIVE LINGERIE http_access deny MEDIUM-RESTRICTIVE MAGAZINES http_access deny MEDIUM-RESTRICTIVE MALWARE http_access deny MEDIUM-RESTRICTIVE MARKETINGWARE http_access deny MEDIUM-RESTRICTIVE MEDICAL http_access deny MEDIUM-RESTRICTIVE MIXED_ADULT http_access deny MEDIUM-RESTRICTIVE MOBILE-PHONE http_access deny MEDIUM-RESTRICTIVE NATURISM http_access deny MEDIUM-RESTRICTIVE NEWS http_access deny MEDIUM-RESTRICTIVE ONLINEAUCTIONS http_access deny MEDIUM-RESTRICTIVE ONLINEGAMES http_access deny MEDIUM-RESTRICTIVE PHISHING http_access deny MEDIUM-RESTRICTIVE PORN http_access deny MEDIUM-RESTRICTIVE PRESS http_access deny MEDIUM-RESTRICTIVE PROXY http_access deny MEDIUM-RESTRICTIVE RINGTONES http_access deny MEDIUM-RESTRICTIVE SECT http_access deny MEDIUM-RESTRICTIVE SEXUALITY http_access deny MEDIUM-RESTRICTIVE SEXUALITYEDUCATION http_access deny MEDIUM-RESTRICTIVE SHOPPING http_access deny MEDIUM-RESTRICTIVE SOCIAL_NETWORKS http_access deny MEDIUM-RESTRICTIVE SOCIALNETWORKING http_access deny MEDIUM-RESTRICTIVE SPORTNEWS http_access deny MEDIUM-RESTRICTIVE SPORTS http_access deny MEDIUM-RESTRICTIVE SPYWARE http_access deny MEDIUM-RESTRICTIVE TOBACCO http_access deny MEDIUM-RESTRICTIVE VACATION http_access deny MEDIUM-RESTRICTIVE VIOLENCE http_access deny MEDIUM-RESTRICTIVE VIRUSINFECTED http_access deny MEDIUM-RESTRICTIVE WAREZ http_access deny MEDIUM-RESTRICTIVE WEAPONS #### HIGHLY-RESTRICTIVE #### http_access deny HIGHLY-RESTRICTIVE ABORTION http_access deny HIGHLY-RESTRICTIVE ADS http_access deny HIGHLY-RESTRICTIVE ADULT http_access deny HIGHLY-RESTRICTIVE AGGRESSIVE http_access deny HIGHLY-RESTRICTIVE ALCOHOL http_access deny HIGHLY-RESTRICTIVE ANTISPYWARE http_access deny HIGHLY-RESTRICTIVE ARTNUDES http_access deny HIGHLY-RESTRICTIVE ASTROLOGY http_access deny HIGHLY-RESTRICTIVE AUDIO-VIDEO http_access deny HIGHLY-RESTRICTIVE BEERLIQUORINFO http_access deny HIGHLY-RESTRICTIVE BEERLIQUORSALE http_access deny HIGHLY-RESTRICTIVE BITCOIN http_access deny HIGHLY-RESTRICTIVE BLOG http_access deny HIGHLY-RESTRICTIVE BOOKS http_access deny HIGHLY-RESTRICTIVE CELEBRITY http_access deny HIGHLY-RESTRICTIVE CELLPHONES http_access deny HIGHLY-RESTRICTIVE CHAT http_access deny HIGHLY-RESTRICTIVE CHILDCARE http_access deny HIGHLY-RESTRICTIVE CLEANING http_access deny HIGHLY-RESTRICTIVE CLOTHING http_access deny HIGHLY-RESTRICTIVE CONTRACEPTION http_access deny HIGHLY-RESTRICTIVE CULINARY http_access deny HIGHLY-RESTRICTIVE DATING http_access deny HIGHLY-RESTRICTIVE DESKTOPSILLIES http_access deny HIGHLY-RESTRICTIVE DIALERS http_access deny HIGHLY-RESTRICTIVE DRUGS http_access deny HIGHLY-RESTRICTIVE ECOMMERCE http_access deny HIGHLY-RESTRICTIVE ENTERTAINMENT http_access deny HIGHLY-RESTRICTIVE FILEHOSTING http_access deny HIGHLY-RESTRICTIVE FILESHARING http_access deny HIGHLY-RESTRICTIVE FRENCHEDUCATION http_access deny HIGHLY-RESTRICTIVE GAMBLING http_access deny HIGHLY-RESTRICTIVE GAMES http_access deny HIGHLY-RESTRICTIVE GARDENING http_access deny HIGHLY-RESTRICTIVE GUNS http_access deny HIGHLY-RESTRICTIVE HACKING http_access deny HIGHLY-RESTRICTIVE HOMEREPAIR http_access deny HIGHLY-RESTRICTIVE HUMOR http_access deny HIGHLY-RESTRICTIVE HUNTING http_access deny HIGHLY-RESTRICTIVE HYGIENE http_access deny HIGHLY-RESTRICTIVE INSTANTMESSAGING http_access deny HIGHLY-RESTRICTIVE JEWELRY http_access deny HIGHLY-RESTRICTIVE JOBSEARCH http_access deny HIGHLY-RESTRICTIVE KIDSTIMEWASTING http_access deny HIGHLY-RESTRICTIVE LINGERIE http_access deny HIGHLY-RESTRICTIVE MAGAZINES http_access deny HIGHLY-RESTRICTIVE MALWARE http_access deny HIGHLY-RESTRICTIVE MARKETINGWARE http_access deny HIGHLY-RESTRICTIVE MEDICAL http_access deny HIGHLY-RESTRICTIVE MIXED_ADULT http_access deny HIGHLY-RESTRICTIVE MOBILE-PHONE http_access deny HIGHLY-RESTRICTIVE NATURISM http_access deny HIGHLY-RESTRICTIVE NEWS http_access deny HIGHLY-RESTRICTIVE ONLINEAUCTIONS http_access deny HIGHLY-RESTRICTIVE ONLINEGAMES http_access deny HIGHLY-RESTRICTIVE ONLINEPAYMENT http_access deny HIGHLY-RESTRICTIVE PERSONALFINANCE http_access deny HIGHLY-RESTRICTIVE PETS http_access deny HIGHLY-RESTRICTIVE PHISHING http_access deny HIGHLY-RESTRICTIVE PORN http_access deny HIGHLY-RESTRICTIVE PRESS http_access deny HIGHLY-RESTRICTIVE PROXY http_access deny HIGHLY-RESTRICTIVE RADIO http_access deny HIGHLY-RESTRICTIVE RELIGION http_access deny HIGHLY-RESTRICTIVE RINGTONES http_access deny HIGHLY-RESTRICTIVE SECT http_access deny HIGHLY-RESTRICTIVE SEXUALITY http_access deny HIGHLY-RESTRICTIVE SEXUALITYEDUCATION http_access deny HIGHLY-RESTRICTIVE SHOPPING http_access deny HIGHLY-RESTRICTIVE SOCIAL_NETWORKS http_access deny HIGHLY-RESTRICTIVE SOCIALNETWORKING http_access deny HIGHLY-RESTRICTIVE SPORTNEWS http_access deny HIGHLY-RESTRICTIVE SPORTS http_access deny HIGHLY-RESTRICTIVE SPYWARE http_access deny HIGHLY-RESTRICTIVE TOBACCO http_access deny HIGHLY-RESTRICTIVE VACATION http_access deny HIGHLY-RESTRICTIVE VIOLENCE http_access deny HIGHLY-RESTRICTIVE VIRUSINFECTED http_access deny HIGHLY-RESTRICTIVE WAREZ http_access deny HIGHLY-RESTRICTIVE WEAPONS # Allow All http_access allow all ######################################################################### #### DENY PAGES #### deny_info ERR_ACCESS_DENIED_ABORTION ABORTION deny_info ERR_ACCESS_DENIED_ADS ADS deny_info ERR_ACCESS_DENIED_ADULT ADULT deny_info ERR_ACCESS_DENIED_AGGRESSIVE AGGRESSIVE deny_info ERR_ACCESS_DENIED_ALCOHOL ALCOHOL deny_info ERR_ACCESS_DENIED_ANTISPYWARE ANTISPYWARE deny_info ERR_ACCESS_DENIED_ARTNUDES ARTNUDES deny_info ERR_ACCESS_DENIED_ASTROLOGY ASTROLOGY deny_info ERR_ACCESS_DENIED_AUDIO-VIDEO AUDIO-VIDEO deny_info ERR_ACCESS_DENIED_BANKING BANKING deny_info ERR_ACCESS_DENIED_BEERLIQUORINFO BEERLIQUORINFO deny_info ERR_ACCESS_DENIED_BEERLIQUORSALE BEERLIQUORSALE deny_info ERR_ACCESS_DENIED_BITCOIN BITCOIN deny_info ERR_ACCESS_DENIED_BLOG BLOG deny_info ERR_ACCESS_DENIED_BOOKS BOOKS deny_info ERR_ACCESS_DENIED_CELEBRITY CELEBRITY deny_info ERR_ACCESS_DENIED_CELLPHONES CELLPHONES deny_info ERR_ACCESS_DENIED_CHAT CHAT deny_info ERR_ACCESS_DENIED_CHILDCARE CHILDCARE deny_info ERR_ACCESS_DENIED_CLEANING CLEANING deny_info ERR_ACCESS_DENIED_CLOTHING CLOTHING deny_info ERR_ACCESS_DENIED_CONTRACEPTION CONTRACEPTION deny_info ERR_ACCESS_DENIED_CULINARY CULINARY deny_info ERR_ACCESS_DENIED_DATING DATING deny_info ERR_ACCESS_DENIED_DESKTOPSILLIES DESKTOPSILLIES deny_info ERR_ACCESS_DENIED_DIALERS DIALERS deny_info ERR_ACCESS_DENIED_DRUGS DRUGS deny_info ERR_ACCESS_DENIED_ECOMMERCE ECOMMERCE deny_info ERR_ACCESS_DENIED_ENTERTAINMENT ENTERTAINMENT deny_info ERR_ACCESS_DENIED_FILEHOSTING FILEHOSTING deny_info ERR_ACCESS_DENIED_FILESHARING FILESHARING deny_info ERR_ACCESS_DENIED_FRENCHEDUCATION FRENCHEDUCATION deny_info ERR_ACCESS_DENIED_GAMBLING GAMBLING deny_info ERR_ACCESS_DENIED_GAMES GAMES deny_info ERR_ACCESS_DENIED_GARDENING GARDENING deny_info ERR_ACCESS_DENIED_GOVERNMENT GOVERNMENT deny_info ERR_ACCESS_DENIED_GUNS GUNS deny_info ERR_ACCESS_DENIED_HACKING HACKING deny_info ERR_ACCESS_DENIED_HOMEREPAIR HOMEREPAIR deny_info ERR_ACCESS_DENIED_HUMOR HUMOR deny_info ERR_ACCESS_DENIED_HUNTING HUNTING deny_info ERR_ACCESS_DENIED_HYGIENE HYGIENE deny_info ERR_ACCESS_DENIED_INSTANTMESSAGING INSTANTMESSAGING deny_info ERR_ACCESS_DENIED_JEWELRY JEWELRY deny_info ERR_ACCESS_DENIED_JOBSEARCH JOBSEARCH deny_info ERR_ACCESS_DENIED_KIDSTIMEWASTING KIDSTIMEWASTING deny_info ERR_ACCESS_DENIED_LINGERIE LINGERIE deny_info ERR_ACCESS_DENIED_MAGAZINES MAGAZINES deny_info ERR_ACCESS_DENIED_MALWARE MALWARE deny_info ERR_ACCESS_DENIED_MAIL MAIL deny_info ERR_ACCESS_DENIED_MARKETINGWARE MARKETINGWARE deny_info ERR_ACCESS_DENIED_MEDICAL MEDICAL deny_info ERR_ACCESS_DENIED_MIXED_ADULT MIXED_ADULT deny_info ERR_ACCESS_DENIED_MOBILE-PHONE MOBILE-PHONE deny_info ERR_ACCESS_DENIED_NATURISM NATURISM deny_info ERR_ACCESS_DENIED_NEWS NEWS deny_info ERR_ACCESS_DENIED_ONLINEAUCTIONS ONLINEAUCTIONS deny_info ERR_ACCESS_DENIED_ONLINEGAMES ONLINEGAMES deny_info ERR_ACCESS_DENIED_ONLINEPAYMENT ONLINEPAYMENT deny_info ERR_ACCESS_DENIED_PERSONALFINANCE PERSONALFINANCE deny_info ERR_ACCESS_DENIED_PETS PETS deny_info ERR_ACCESS_DENIED_PHISHING PHISHING deny_info ERR_ACCESS_DENIED_PORN PORN deny_info ERR_ACCESS_DENIED_PRESS PRESS deny_info ERR_ACCESS_DENIED_PROXY PROXY deny_info ERR_ACCESS_DENIED_RADIO RADIO deny_info ERR_ACCESS_DENIED_RELIGION RELIGION deny_info ERR_ACCESS_DENIED_RINGTONES RINGTONES deny_info ERR_ACCESS_DENIED_SEARCHENGINE SEARCHENGINE deny_info ERR_ACCESS_DENIED_SECT SECT deny_info ERR_ACCESS_DENIED_SEXUALITY SEXUALITY deny_info ERR_ACCESS_DENIED_SEXUALITYEDUCATION SEXUALITYEDUCATION deny_info ERR_ACCESS_DENIED_SHOPPING SHOPPING deny_info ERR_ACCESS_DENIED_SOCIAL_NETWORKS SOCIAL_NETWORKS deny_info ERR_ACCESS_DENIED_SOCIALNETWORKING SOCIALNETWORKING deny_info ERR_ACCESS_DENIED_SPORTNEWS SPORTNEWS deny_info ERR_ACCESS_DENIED_SPORTS SPORTS deny_info ERR_ACCESS_DENIED_SPYWARE SPYWARE deny_info ERR_ACCESS_DENIED_TOBACCO TOBACCO deny_info ERR_ACCESS_DENIED_UPDATESITES UPDATESITES deny_info ERR_ACCESS_DENIED_VACATION VACATION deny_info ERR_ACCESS_DENIED_VIOLENCE VIOLENCE deny_info ERR_ACCESS_DENIED_VIRUSINFECTED VIRUSINFECTED deny_info ERR_ACCESS_DENIED_WAREZ WAREZ deny_info ERR_ACCESS_DENIED_WEATHER WEATHER deny_info ERR_ACCESS_DENIED_WEAPONS WEAPONS deny_info ERR_ACCESS_DENIED_WEBMAIL WEBMAIL ######################################################################### # We recommend you to use at least the following line. hierarchy_stoplist cgi-bin ? # Uncomment and adjust the following to add a disk cache directory. #cache_dir ufs /var/spool/squid 100 16 256 cache deny all # Leave coredumps in the first cache dir coredump_dir /var/spool/squid # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 On Tue, Mar 17, 2015 at 1:32 PM, Brendan Kearney <bpk...@gmail.com> wrote: > On Tue, 2015-03-17 at 16:13 -0300, Marcus Kool wrote: > > it has a configuration option to respond with > > 'allow all' during a reconfiguration. > > a Fail-Open policy can be a security gap, and should be considered > carefully before implementing. the intention of the whitelisted URLs is > to prevent access to content that is otherwise forbidden. failing open, > even briefly, undermines that control. what is the default setting > there? > > -- Samuel Anderson | Information Technology Administrator | International Document Services IDS | 11629 South 700 East, Suite 200 | Draper, UT 84020-4607 -- CONFIDENTIALITY NOTICE: This e-mail and any attachments are confidential. If you are not an intended recipient, please contact the sender to report the error and delete all copies of this message from your system. Any unauthorized review, use, disclosure or distribution is prohibited.
_______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users