首頁 探索 說明
註冊 登入
siwei
/
dify
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: a36117e12d
分支列表 標籤列表
dify
/
docker
/
ssrf_proxy
/
squid.conf.template

squid.conf.template 2.2 KB
文件歷史 原始文件

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 
  1. acl localnet src 0.0.0.1-0.255.255.255	# RFC 1122 "this" network (LAN)
    2. 

  2. acl localnet src 10.0.0.0/8		# RFC 1918 local private network (LAN)
    3. 

  3. acl localnet src 100.64.0.0/10		# RFC 6598 shared address space (CGN)
    4. 

  4. acl localnet src 169.254.0.0/16 	# RFC 3927 link-local (directly plugged) machines
    5. 

  5. acl localnet src 172.16.0.0/12		# RFC 1918 local private network (LAN)
    6. 

  6. acl localnet src 192.168.0.0/16		# RFC 1918 local private network (LAN)
    7. 

  7. acl localnet src fc00::/7       	# RFC 4193 local private network range
    8. 

  8. acl localnet src fe80::/10      	# RFC 4291 link-local (directly plugged) machines
    9. 

  9. acl SSL_ports port 443
    10. 

  10. acl Safe_ports port 80		# http
    11. 

  11. acl Safe_ports port 21		# ftp
    12. 

  12. acl Safe_ports port 443		# https
    13. 

  13. acl Safe_ports port 70		# gopher
    14. 

  14. acl Safe_ports port 210		# wais
    15. 

  15. acl Safe_ports port 1025-65535	# unregistered ports
    16. 

  16. acl Safe_ports port 280		# http-mgmt
    17. 

  17. acl Safe_ports port 488		# gss-http
    18. 

  18. acl Safe_ports port 591		# filemaker
    19. 

  19. acl Safe_ports port 777		# multiling http
    20. 

  20. acl CONNECT method CONNECT
    21. 

  21. http_access deny !Safe_ports
    22. 

  22. http_access deny CONNECT !SSL_ports
    23. 

  23. http_access allow localhost manager
    24. 

  24. http_access deny manager
    25. 

  25. http_access allow localhost
    26. 

  26. include /etc/squid/conf.d/*.conf
    27. 

  27. http_access deny all
    28. 

  28. 

  29. ################################## Proxy Server ################################
    30. 

  30. http_port ${HTTP_PORT}
    31. 

  31. coredump_dir ${COREDUMP_DIR}
    32. 

  32. refresh_pattern ^ftp:		1440	20%	10080
    33. 

  33. refresh_pattern ^gopher:	1440	0%	1440
    34. 

  34. refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
    35. 

  35. refresh_pattern \/(Packages|Sources)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
    36. 

  36. refresh_pattern \/Release(|\.gpg)$ 0 0% 0 refresh-ims
    37. 

  37. refresh_pattern \/InRelease$ 0 0% 0 refresh-ims
    38. 

  38. refresh_pattern \/(Translation-.*)(|\.bz2|\.gz|\.xz)$ 0 0% 0 refresh-ims
    39. 

  39. refresh_pattern .		0	20%	4320
    40. 

  40. 

  41. 

  42. # cache_dir ufs /var/spool/squid 100 16 256
    43. 

  43. # upstream proxy, set to your own upstream proxy IP to avoid SSRF attacks
    44. 

  44. # cache_peer 172.1.1.1 parent 3128 0 no-query no-digest no-netdb-exchange default 
    45. 

  45. 

  46. ################################## Reverse Proxy To Sandbox ################################
    47. 

  47. http_port ${REVERSE_PROXY_PORT} accel vhost
    48. 

  48. cache_peer ${SANDBOX_HOST} parent ${SANDBOX_PORT} 0 no-query originserver
    49. 

  49. acl src_all src all
    50. 

  50. http_access allow src_all
    51.