Created
December 26, 2024 10:27
-
-
Save aKamrani/ca5c94030e21819c9e17096bbb40c8a0 to your computer and use it in GitHub Desktop.
Squid HTTPS proxy server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https_port 443 cert=/etc/letsencrypt/live/proxy-server.DOMAN.COM/fullchain.pem key=/etc/letsencrypt/live/proxy-server.DOMAN.COM/privkey.pem | |
| acl allowed_network src 0.0.0.0/0 | |
| acl allowed_domain dstdomain .pep.shaparak.ir .op1.pgsb.ir .ident.me | |
| #acl allowed_domain dstdomain .ident.me | |
| # Authentication settings | |
| auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/passwd | |
| auth_param basic children 5 | |
| auth_param basic realm Squid Proxy Server | |
| auth_param basic credentialsttl 2 hours | |
| auth_param basic casesensitive off | |
| # Define an ACL for authenticated users | |
| acl authenticated_users proxy_auth REQUIRED | |
| # Access Control Rules | |
| http_access allow authenticated_users allowed_network | |
| http_access allow authenticated_users allowed_domain | |
| # Allow access to HTTPS (port 443) traffic for authenticated users for all domains | |
| acl SSL_ports port 443 | |
| http_access allow authenticated_users SSL_ports | |
| # Deny all other access requests | |
| http_access allow all | |
| http_access deny all | |
| # SSL Bumping Configuration for handling HTTPS connections | |
| acl step1 at_step SslBump1 | |
| acl step2 at_step SslBump2 | |
| acl step3 at_step SslBump3 | |
| ssl_bump peek step1 | |
| ssl_bump stare step2 | |
| ssl_bump bump step3 | |
| # Disable caching for specific sites | |
| acl no_cache_sites dstdomain .shaparak.ir | |
| cache deny no_cache_sites | |
| # Hide client information for anonymity | |
| forwarded_for delete | |
| request_header_access X-Forwarded-For deny all | |
| request_header_access Via deny all | |
| request_header_access From deny all | |
| request_header_access Referer deny all | |
| request_header_access Server deny all | |
| request_header_access WWW-Authenticate deny all | |
| request_header_access Link deny all | |
| request_header_access User-Agent allow all | |
| request_header_access Authorization allow all | |
| request_header_access Allow allow all | |
| request_header_access Cache-Control allow all | |
| visible_hostname unknown | |
| cache deny all | |
| logfile_rotate 10 | |
| access_log /dev/null | |
| cache_log /dev/null | |
| coredump_dir /var/spool/squid | |
| read_timeout 5 minutes | |
| half_closed_clients off | |
| shutdown_lifetime 1 seconds | |
| dns_nameservers 8.8.8.8 8.8.4.4 |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Read from document:
https://devsnit.com/en/install-ssl-proxy-server-linux-authentication/
test: