Although not required for WebCleaner, it is sometimes desired to have a caching proxy. This configuration shows how to run the Squid caching proxy together with WebCleaner.
/etc/squid.conf:
# Hint: if you get the error "unable to forward request", # restart the WebCleaner proxy and reload the squid configuration # This is an example Squid 2.x configuration for WebCleaner. # Copy it into /etc/squid.conf and you have the following # constellation: # HTTP request --> Squid Proxy --> WebCleaner Proxy --> Internet # FTP request --> Squid Proxy --> Internet # This way, you are caching only filtered, "clean" HTML files :) # You must configure your browser to use the Squid Proxy (running # at localhost, port 3128) for HTTP and FTP queries. # Remember, only localhost can connect to this squid proxy # Squid port is 3128; change it if you like # http_port 3128 # disable icp icp_port 0 # the WebCleaner parent proxy # Remember to configure WebCleaner to run on port 8080 or change the # port number below cache_peer 127.0.0.1 parent 8080 0 no-query no-digest # if you enabled a WebCleaner user and password use this instead: # cache_peer 127.0.0.1 parent 8080 0 no-query no-digest login=myuser:mypassword # some acls acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # hihihi ftp_user postmaster@aol.com # proxy authentication examples; if you use one of these, also enable the # "myauth" acl below # note: used paths are for a Debian Linux system, adjust as needed # basic authentication # basic.passwd was generated with the htpasswd(1) #auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/basic.passwd #auth_param basic realm This is my basic auth #auth_param basic children 5 #auth_param basic credentialsttl 2 hours # digest authentication # digest.passwd has the password:user in cleartext, eg calvin:calvin #auth_param digest program /usr/lib/squid/digest_pw_auth /etc/squid/digest.passwd #auth_param digest realm This is my digest auth #auth_param digest children 5 # ntlm authentication (note the double backslash) #auth_param ntlm program /usr/lib/squid/ntlm_auth -d LOCALHOST\\bob #auth_param ntlm children 5 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes # Recommended minimum configuration: acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 631 # cups acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT acl FTP proto FTP # authentication configuration: #acl myauth proxy_auth REQUIRED # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Only allow purge requests from localhost http_access allow purge localhost http_access deny purge # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # my own rules http_access allow localhost # And finally deny all other access to this proxy http_access deny all # no X-Forwarded-For header forwarded_for off # allow direct ftp, all other redirect to parent always_direct allow FTP always_direct deny all # allow redirect to parent never_direct allow all