configuration-templates

Subversion Repositories:

 /squid/3/anonymize_http_request.conf
@@ -0,0 +1,92 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - rules to anonymize HTTP request headers.                     ##
+###########################################################################
+### Content-Types that are acceptable for the response (replace this).
+request_header_access Accept deny all
+### Character sets that are acceptable (replace this).
+request_header_access Accept-Charset deny all
+### List of acceptable encodings (replace this).
+request_header_access Accept-Encoding deny all
+### List of acceptable human languages for response (replace this).
+request_header_access Accept-Language allow all
+### Acceptable version in time
+# request_header_access Accept-Datetime allow all
+request_header_access Authorization allow all
+# request_header_access Cache-Control allow all
+request_header_access Connection allow all
+### Needed for not breaking most websites.
+request_header_access Cookie allow all
+request_header_access Content-Length allow all
+request_header_access Content-MD5 allow all
+request_header_access Content-Type allow all
+### The date and time that the message was sent.
+# request_header_access Date allow all
+request_header_access Expect allow all
+### The email address of the user making the request.
+# request_header_access From allow all
+request_header_access Host allow all
+request_header_access If-Match allow all
+request_header_access If-Modified-Since allow all
+request_header_access If-None-Match allow all
+request_header_access If-Range allow all
+request_header_access If-Unmodified-Since allow all
+### Limit the number of times the message can be forwarded through proxies
+### or gateways.
+# request_header_access Max-Forwards allow all
+### Initiates a request for cross-origin resource sharing.
+# request_header_access Origin allow all
+# request_header_access Pragma allow all
+request_header_access Proxy-Authorization allow all
+request_header_access Range allow all
+### Needed in order to not break some sites using referrer checks.
+request_header_access Referer allow all
+request_header_access TE allow all
+### Replace the User-Agent string except for the domains specified in the
+### "real_user_agent" ACL.
+acl real_user_agent dstdom_regex "/etc/squid3/real_user_agent.conf"
+request_header_access User-Agent allow real_user_agent
+request_header_access User-Agent deny !real_user_agent
+### Ask the server to upgrade to another protocol.
+# request_header_access Upgrade allow all
+### Informs the server of proxies through which the request was sent.
+request_header_access Via allow all
+request_header_access Warning allow all
+### Needed for AJAX requests.
+request_header_access X-Requested-With allow all
+### Requests a web application to disable their tracking of a user.
+## Yeah, lol, wear a "do-not-follow-me" T-Shirt. Smart. Very smart.
+# request_header_access DNT allow all
+### Identifying the originating IP address of a client connecting through
+### a proxy server indicating what client was forwarded.
+# request_header_access X-Forwarded-For allow all
+### Identifying the original host requested by the client.
+request_header_access X-Forwarded-Host allow all
+### Identifying the originating protocol of an HTTP request
+request_header_access X-Forwarded-Proto allow all
+request_header_access Front-End-Https allow all
+request_header_access X-Http-Method-Override allow all
+### Allows easier parsing of the MakeModel/Firmware that is usually found
+### in the User-Agent String of AT&T Devices.
+# request_header_access X-ATT-DeviceId allow all
+### Full description and details about the device currently connecting.
+# request_header_access X-Wap-Profile allow all
+request_header_access Proxy-Connection allow all
+### Server-side deep packet insertion of a unique ID identifying customers.
+### of Verizon Wireless.
+# request_header_access X-UIDH allow all
+request_header_access X-Csrf-Token allow all
+# request_header_access X-Request-ID allow all
+# request_header_access X-Correlation-ID allow all
+request_header_access X-Accel-Redirect allow all
+request_header_access X-Sendfile allow all
+request_header_access X-LIGHTTPD-send-file allow all
+request_header_access X-Accel-Limit-Rate allow all
+request_header_access X-Accel-Buffering allow all
+request_header_access X-Accel-Charset allow all
+request_header_access Other deny all
+request_header_access All deny all

 /squid/3/anonymize_http_response.conf
@@ -0,0 +1,73 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - rules to anonymize HTTP response headers.                    ##
+###########################################################################
+reply_header_access Access-Control-Allow-Origin allow all
+reply_header_access Accept-Patch allow all
+reply_header_access Accept-Ranges allow all
+reply_header_access Age allow all
+reply_header_access Allow allow all
+reply_header_access Alt-Svc allow all
+# reply_header_access Cache-Control allow all
+reply_header_access Connection allow all
+reply_header_access Content-Disposition allow all
+reply_header_access Content-Encoding allow all
+reply_header_access Content-Language allow all
+reply_header_access Content-Length allow all
+reply_header_access Content-Location allow all
+reply_header_access Content-MD5 allow all
+reply_header_access Content-Range allow all
+reply_header_access Content-Type allow all
+### The date and time that the message was sent.
+# reply_header_access Date allow all
+reply_header_access ETag allow all
+reply_header_access Expires allow all
+reply_header_access Last-Modified allow all
+reply_header_access Link allow all
+reply_header_access Location allow all
+reply_header_access P3P allow all
+# reply_header_access Pragma allow all
+reply_header_access Proxy-Authenticate allow all
+reply_header_access Public-Key-Pins allow all
+reply_header_access Refresh allow all
+reply_header_access Retry-After allow all
+reply_header_access Server allow all
+reply_header_access Set-Cookie allow all
+reply_header_access Status allow all
+### HSTS (no, thank you) and cache.
+# reply_header_access Strict-Transport-Security allow all
+reply_header_access Trailer allow all
+reply_header_access Transfer-Encoding allow all
+### Tracking Status Value (TSV), value suggested to be sent in response to
+### a do-not-track (DNT). No, thank you.
+# reply_header_access TSV allow all
+### Ask the client to upgrade to another protocol.
+# reply_header_access Upgrade allow all
+reply_header_access Vary allow all
+reply_header_access Via allow all
+reply_header_access Warning allow all
+reply_header_access WWW-Authenticate allow all
+reply_header_access X-Frame-Options allow all
+reply_header_access X-XSS-Protection allow all
+reply_header_access Content-Security-Policy allow all
+reply_header_access X-Content-Security-Policy allow all
+reply_header_access X-WebKit-CSP allow all
+reply_header_access X-Content-Type-Options allow all
+reply_header_access X-Powered-By allow all
+reply_header_access X-UA-Compatible allow all
+reply_header_access X-Content-Duration allow all
+# reply_header_access Upgrade-Insecure-Requests allow all
+# reply_header_access X-Request-ID allow all
+# reply_header_access X-Correlation-ID allow all
+reply_header_access X-Accel-Redirect allow all
+reply_header_access X-Sendfile allow all
+reply_header_access X-LIGHTTPD-send-file allow all
+reply_header_access X-Accel-Limit-Rate allow all
+reply_header_access X-Accel-Buffering allow all
+reply_header_access X-Accel-Charset allow all
+reply_header_access Other deny all
+reply_header_access All deny all

 /squid/3/blocked_domains.conf
@@ -0,0 +1,14 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - blocked domains.                                             ##
+###########################################################################
+### Matches:
+###   - start of domain name, or .domain
+###   - dot followed by any thing till the end of the domain.
+## You may need to remove this line - or duplicate and add your own domain.
+# No, thank you.
+(^|\.)google\..+?$

 /squid/3/cache_exceptions.conf
@@ -0,0 +1,14 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - domains that should never be cached.                         ##
+###########################################################################
+### Matches:
+###   - start of domain name, or .domain
+###   - dot followed by any thing till the end of the domain.
+## You may need to remove this line - or duplicate and add your own domain.
+# Domains for which you always want the most updated version.
+(^|\.)grimore\..+?$

 /squid/3/direct_domains.conf
@@ -0,0 +1,18 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - domains fetched directly without asking parent caches.       ##
+###########################################################################
+### Matches:
+###   - start of domain name, or .domain
+###   - dot followed by any thing till the end of the domain.
+## You may need to remove this line - or duplicate and add your own domain.
+# Batshit crazy domains that go apeshit when queried through either just
+# proxies or anonymizing services - consider blocking them instead. . .
+(^|\.)paypal\..+?$
+(^|\.)apple\..+?$
+(^|\.)ebay\..+?$
+(^|\.)scholar\.google\..+?$

 /squid/3/out_A.conf
@@ -0,0 +1,14 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - domains that should be fetched through uplink "A".           ##
+###########################################################################
+### Matches:
+###   - start of domain name, or .domain
+###   - dot followed by any thing till the end of the domain.
+## You may need to remove this line - or duplicate and add your own domain.
+# Assume uplink "A" leads to a more net-neutral place to watch SouthPark.
+(^|\.)southpark\.cc\..+?$

 /squid/3/out_B.conf
@@ -0,0 +1,14 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - domains that should be fetched through uplink "B".           ##
+###########################################################################
+### Matches:
+###   - start of domain name, or .domain
+###   - dot followed by any thing till the end of the domain.
+## You may need to remove this line - or duplicate and add your own domain.
+# Assume uplink "B" leads through your workplace. . .
+(^|\.)products\.office\..+?$

 /squid/3/privacy.conf
@@ -0,0 +1,41 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - general privacy settings.                                    ##
+###########################################################################
+### Ignore responses from different nameservers.
+ignore_unknown_nameservers on
+### Turn off sending squid version information.
+httpd_suppress_version_string on
+### Remove via and x-forwarded-for
+## Do not disable via if it will be cleaned by upstream proxies under our
+## control.
+# via off
+forwarded_for delete
+follow_x_forwarded_for deny all
+### Replace accept encoding.
+request_header_replace Accept */*
+request_header_replace Accept-Encoding *
+request_header_replace Accept-Charset utf-8
+request_header_replace Accept-Encoding gzip, deflate
+### Very important: net neutrality and global equity tweak. . .
+request_header_replace Accept-Language en-US
+### Replace User-Agent.
+### Take your pick!
+## Firefox
+# request_header_replace User-Agent Mozilla/6.0 (Windows NT 6.2; WOW64; rv:16.0.1) Gecko/20121011 Firefox/16.0.1
+## iPad
+# request_header_replace User-Agent Mozilla/5.0 (iPad; CPU OS 5_1 like Mac OS X; en-us) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B176 Safari/7534.48.3
+## Windows XP2, IE7
+# request_header_replace User-Agent Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
+## Blackberry
+# request_header_replace User-Agent Mozilla/5.0 (BlackBerry; U; BlackBerry AAAA; en-US) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.0.0.1 Mobile Safari/534.11+
+## Chromium
+request_header_replace User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.52 Safari/537.36

 /squid/3/real_user_agent.conf
@@ -0,0 +1,14 @@
+###########################################################################
+##  Copyright (C) Wizardry and Steamworks 2013 - License: GNU GPLv3      ##
+##  Please see: http://www.gnu.org/licenses/gpl.html for legal details,  ##
+##  rights of fair usage, the disclaimer and warranty conditions.        ##
+###########################################################################
+## Squid3 - domains that should see your real user agent.                ##
+###########################################################################
+### Matches:
+###   - start of domain name, or .domain
+###   - dot followed by any thing till the end of the domain.
+## You may need to remove this line - or duplicate and add your own domain.
+# Broken domains with redirects for user agents to pages that do not work.
+(^|\.)ebay\..+?$

Compare Path:	Rev
With Path:	Rev