質問編集履歴
1
squid.confはこちらです
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -39,3 +39,223 @@
|
|
|
39
39
|
①の時点で407エラーとなります。
|
|
40
40
|
|
|
41
41
|
この場合、どこをどう直せばよいのかよくわからない状況となっています。
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
|
|
45
|
+
↓↓今回しようしたsquid.confはこちらです↓↓
|
|
46
|
+
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
#
|
|
50
|
+
|
|
51
|
+
# Recommended minimum configuration:
|
|
52
|
+
|
|
53
|
+
#
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
|
|
57
|
+
auth_param basic program C:/Squid/lib/squid/basic_ncsa_auth.exe C:/Squid/usr/passwd
|
|
58
|
+
|
|
59
|
+
auth_param basic children 5
|
|
60
|
+
|
|
61
|
+
auth_param basic realm Squid proxy-caching web server
|
|
62
|
+
|
|
63
|
+
auth_param basic credentialsttl 2 hours
|
|
64
|
+
|
|
65
|
+
auth_param basic casesensitive off
|
|
66
|
+
|
|
67
|
+
|
|
68
|
+
|
|
69
|
+
# Example rule allowing access from your local networks.
|
|
70
|
+
|
|
71
|
+
# Adapt to list your (internal) IP networks from where browsing
|
|
72
|
+
|
|
73
|
+
# should be allowed
|
|
74
|
+
|
|
75
|
+
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
|
|
76
|
+
|
|
77
|
+
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
|
|
78
|
+
|
|
79
|
+
#acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
|
|
80
|
+
|
|
81
|
+
#acl localnet src fc00::/7 # RFC 4193 local private network range
|
|
82
|
+
|
|
83
|
+
#acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
|
|
84
|
+
|
|
85
|
+
#acl net src 172.26.53.0/24
|
|
86
|
+
|
|
87
|
+
acl localnet src 172.26.53.0/24
|
|
88
|
+
|
|
89
|
+
|
|
90
|
+
|
|
91
|
+
acl password proxy_auth REQUIRED
|
|
92
|
+
|
|
93
|
+
|
|
94
|
+
|
|
95
|
+
acl SSL_ports port 443
|
|
96
|
+
|
|
97
|
+
acl Safe_ports port 80 # http
|
|
98
|
+
|
|
99
|
+
acl Safe_ports port 21 # ftp
|
|
100
|
+
|
|
101
|
+
acl Safe_ports port 443 # https
|
|
102
|
+
|
|
103
|
+
acl Safe_ports port 70 # gopher
|
|
104
|
+
|
|
105
|
+
acl Safe_ports port 210 # wais
|
|
106
|
+
|
|
107
|
+
acl Safe_ports port 1025-65535 # unregistered ports
|
|
108
|
+
|
|
109
|
+
acl Safe_ports port 280 # http-mgmt
|
|
110
|
+
|
|
111
|
+
acl Safe_ports port 488 # gss-http
|
|
112
|
+
|
|
113
|
+
acl Safe_ports port 591 # filemaker
|
|
114
|
+
|
|
115
|
+
acl Safe_ports port 777 # multiling http
|
|
116
|
+
|
|
117
|
+
acl CONNECT method CONNECT
|
|
118
|
+
|
|
119
|
+
|
|
120
|
+
|
|
121
|
+
|
|
122
|
+
|
|
123
|
+
#
|
|
124
|
+
|
|
125
|
+
# Recommended minimum Access Permission configuration:
|
|
126
|
+
|
|
127
|
+
#
|
|
128
|
+
|
|
129
|
+
# Deny requests to certain unsafe ports
|
|
130
|
+
|
|
131
|
+
http_access deny !Safe_ports
|
|
132
|
+
|
|
133
|
+
|
|
134
|
+
|
|
135
|
+
# Deny CONNECT to other than secure SSL ports
|
|
136
|
+
|
|
137
|
+
http_access deny CONNECT !SSL_ports
|
|
138
|
+
|
|
139
|
+
|
|
140
|
+
|
|
141
|
+
# Only allow cachemgr access from localhost
|
|
142
|
+
|
|
143
|
+
#http_access allow localhost manager
|
|
144
|
+
|
|
145
|
+
#http_access allow net
|
|
146
|
+
|
|
147
|
+
#http_access deny manager
|
|
148
|
+
|
|
149
|
+
|
|
150
|
+
|
|
151
|
+
# We strongly recommend the following be uncommented to protect innocent
|
|
152
|
+
|
|
153
|
+
# web applications running on the proxy server who think the only
|
|
154
|
+
|
|
155
|
+
# one who can access services on "localhost" is a local user
|
|
156
|
+
|
|
157
|
+
#http_access deny to_localhost
|
|
158
|
+
|
|
159
|
+
|
|
160
|
+
|
|
161
|
+
#
|
|
162
|
+
|
|
163
|
+
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
|
|
164
|
+
|
|
165
|
+
#
|
|
166
|
+
|
|
167
|
+
|
|
168
|
+
|
|
169
|
+
# Example rule allowing access from your local networks.
|
|
170
|
+
|
|
171
|
+
# Adapt localnet in the ACL section to list your (internal) IP networks
|
|
172
|
+
|
|
173
|
+
# from where browsing should be allowed
|
|
174
|
+
|
|
175
|
+
#http_access allow localnet
|
|
176
|
+
|
|
177
|
+
#http_access allow localhost
|
|
178
|
+
|
|
179
|
+
|
|
180
|
+
|
|
181
|
+
http_access allow password
|
|
182
|
+
|
|
183
|
+
|
|
184
|
+
|
|
185
|
+
# And finally deny all other access to this proxy
|
|
186
|
+
|
|
187
|
+
# http_access deny all
|
|
188
|
+
|
|
189
|
+
|
|
190
|
+
|
|
191
|
+
# Squid normally listens to port 3128
|
|
192
|
+
|
|
193
|
+
#http_port 3128
|
|
194
|
+
|
|
195
|
+
#http_port 8080 intercept ssl-bump cert=C:\Squid\etc\ssl\cert.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB
|
|
196
|
+
|
|
197
|
+
http_port 8085
|
|
198
|
+
|
|
199
|
+
|
|
200
|
+
|
|
201
|
+
# Uncomment and adjust the following to add a disk cache directory.
|
|
202
|
+
|
|
203
|
+
#cache_dir ufs /var/cache/squid 100 16 256
|
|
204
|
+
|
|
205
|
+
|
|
206
|
+
|
|
207
|
+
# Leave coredumps in the first cache dir
|
|
208
|
+
|
|
209
|
+
coredump_dir /var/cache/squid
|
|
210
|
+
|
|
211
|
+
|
|
212
|
+
|
|
213
|
+
#
|
|
214
|
+
|
|
215
|
+
# Add any of your own refresh_pattern entries above these.
|
|
216
|
+
|
|
217
|
+
#
|
|
218
|
+
|
|
219
|
+
refresh_pattern ^ftp: 1440 20% 10080
|
|
220
|
+
|
|
221
|
+
refresh_pattern ^gopher: 1440 0% 1440
|
|
222
|
+
|
|
223
|
+
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
|
|
224
|
+
|
|
225
|
+
refresh_pattern . 0 20% 4320
|
|
226
|
+
|
|
227
|
+
|
|
228
|
+
|
|
229
|
+
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %[un %Sh/%<a %mt %tl %err_code/%err_detail
|
|
230
|
+
|
|
231
|
+
|
|
232
|
+
|
|
233
|
+
dns_nameservers 172.26.53.254 8.8.8.8 208.67.222.222
|
|
234
|
+
|
|
235
|
+
|
|
236
|
+
|
|
237
|
+
max_filedescriptors 3200
|
|
238
|
+
|
|
239
|
+
|
|
240
|
+
|
|
241
|
+
cache_peer 10.100.107.101 parent 8080 0 no-query
|
|
242
|
+
|
|
243
|
+
|
|
244
|
+
|
|
245
|
+
|
|
246
|
+
|
|
247
|
+
|
|
248
|
+
|
|
249
|
+
never_direct allow SSL_ports
|
|
250
|
+
|
|
251
|
+
|
|
252
|
+
|
|
253
|
+
header_replace User-Agent Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36
|
|
254
|
+
|
|
255
|
+
|
|
256
|
+
|
|
257
|
+
sslproxy_cert_error allow all
|
|
258
|
+
|
|
259
|
+
sslproxy_flags DONT_VERIFY_PEER
|
|
260
|
+
|
|
261
|
+
```
|