Reverse Proxy Configuration

Squid + CentOS 5

Below config will make the proxy server point to one local web server.

#on 80 port load default site content
http_port 80 vhost defaultsite=192.168.10.23

#on 443 SSL port load default site content and using the given cert and key
https_port 443 defaultsite=192.168.10.23 cert=/etc/squid/server.crt key=/etc/squid/server.key

#cache the given IP content on port 80 and pass the HTTP auth info
cache_peer 192.168.10.23 parent 80 0 no-query originserver login=PASS

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255

#create the local LAN address for allow access
acl locallan src 192.168.10.0/255.255.255.0

acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443        # https
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost

#apply local LAN to allow access list
http_access allow locallan

http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.