feat: new auth

keephq · Nov 25, 2024 · 177af4f · 177af4f
1 parent 219c400
commit 177af4f
Showing 1 changed file with 17 additions and 12 deletions.
diff --git a/proxy/squid.conf b/proxy/squid.conf
@@ -1,26 +1,31 @@
 # Port configurations
 http_port 3128
-dns_nameservers 8.8.8.8 8.8.4.4  # Google DNS servers, adjust as needed
 
 # DNS configurations
+dns_nameservers 8.8.8.8 8.8.4.4
 dns_v4_first on
-dns_timeout 5 seconds
-positive_dns_ttl 24 hours
-negative_dns_ttl 1 minutes
 
-# Allow all clients in our Docker network
-acl localnet src 172.16.0.0/12
+# ACL definitions
+acl SSL_ports port 443
+acl Safe_ports port 80          # http
+acl Safe_ports port 443         # https
+acl Safe_ports port 1025-65535  # unprivileged ports
+acl CONNECT method CONNECT
+acl localnet src 172.16.0.0/12  # Docker network
+
+# Access rules - order is important
+http_access deny !Safe_ports
+http_access deny CONNECT !SSL_ports
+http_access allow localnet
 http_access allow all
 
-# Basic settings
+# Logging
+debug_options ALL,1 28,3
+
+# Cache settings
 cache_dir ufs /var/spool/squid 100 16 256
 coredump_dir /var/spool/squid
 
-# DNS cache settings
-ipcache_size 1024
-ipcache_low 90
-ipcache_high 95
-
 # Refresh patterns
 refresh_pattern ^ftp:           1440    20%     10080
 refresh_pattern ^gopher:        1440    0%      1440