Pastein: # === Порт 3144 (вариант 12) с SSL-Bump === http_port 3144 ssl-bump \ generate-host-certificates=on \ dynamic_cert_mem_cache_size=20MB \ cert=/etc/squid/ssl/bump.pem # === ACL

Загрузка данных

# === Порт 3144 (вариант 12) с SSL-Bump ===
http_port 3144 ssl-bump \
  generate-host-certificates=on \
  dynamic_cert_mem_cache_size=20MB \
  cert=/etc/squid/ssl/bump.pem

# === ACL для локальной сети (вариант 12) ===
acl localnet src 192.168.12.0/24

# === ACL для SSL-Bump ===
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all
ssl_bump server-first all

# === ACL для промежуточных запросов ===
acl intermediate_fething transaction_initiator certificate-fetching

# === Безопасные порты ===
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 443

# === Файл для блокировки (создадим позже) ===
acl blocked_extensions url_regex -i "/etc/squid/blocked.acl"

# === Правила доступа ===
http_access allow intermediate_fething
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access deny blocked_extensions
http_access allow localnet
http_access deny all

# === Кэширование ===
cache_dir ufs /var/spool/squid 4096 32 256
cache_effective_user proxy
cache_effective_group proxy

# === Логи ===
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

# === SSL настройки ===
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/lib/squid/ssl_db -M 20MB
sslproxy_cert_error allow all
sslproxy_flags DONT_VERIFY_PEER

# === Refresh patterns ===
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Больше возможностей при регистрации: