{% for port in squid_http_ports %} http_port {% if port.ip is defined %}{{ port.ip }}:{% endif %}{{ port.port }}{% if port.mode is defined %} {{ port.mode }}{% endif %}{% if port.options is defined %} {{ port.options | join(' ') }}{% endif %} {% endfor %} {% for port in squid_https_ports %} https_port {% if port.ip is defined %}{{ port.ip }}:{% endif %}{{ port.port }}{% if port.mode is defined %} {{ port.mode }}{% endif %}{% if port.options is defined %} {{ port.options | join(' ') }}{% endif %} {% endfor %} logformat human %tl %6tr %>a %Ss/%03>Hs % 0 %} {% for item in squid_no_cache %} acl no_cache url_regex {{ item }} {% endfor %} # Disable cache for specific URL cache deny no_cache {% endif %} {% for acl in squid_acl %} {% if acl['items'] | length < 1 %} # Create an empty ACL acl {{ acl.name }} {{ acl.type }} {% else %} {% for item in acl['items'] %} acl {{ acl.name }} {{ acl.type }} {{ item }} {% endfor %} {% endif %} {% endfor %} {% for access in squid_http_access | sort(attribute='priority') %} http_access {{ access.policy }} {{ access.match is string | ternary(access.match,access.match | join(' ')) }} {% endfor %} # Default deny all access http_access deny all {% for rule in squid_ssl_bump | sort(attribute='priority') %} ssl_bump {{ rule.policy }} {{ rule.match is string | ternary(rule.match,rule.match | join(' ')) }} {% endfor %} cache_mgr {{ squid_admin_email | default(system_admin_email) | default('admin@' + ansible_domain) }} client_lifetime 60 minutes {% if squid_disk_cache %} cache_dir aufs /var/spool/squid {{ squid_disk_cache_size }} 16 256 {% endif %} cache_mem {{ squid_mem_cache_size }} MB range_offset_limit 200 MB sys_domains sys_urls maximum_object_size {{ squid_max_object_size }} MB quick_abort_min -1 max_filedesc 8192 icap_enable on icap_send_client_ip on icap_send_client_username on icap_client_username_encode off icap_client_username_header X-Authenticated-User icap_preview_enable on icap_preview_size 1024 {% if squid_scan_av %} icap_service service_avi_req reqmod_precache icap://127.0.0.1:1344/squidclamav bypass=off adaptation_access service_avi_req allow !admins_src !local_whitelist_domains !local_whitelist_urls !no_av_scan_req av_src icap_service service_avi_resp respmod_precache icap://127.0.0.1:1344/squidclamav bypass=on adaptation_access service_avi_resp allow !admins_src !local_whitelist_domains !local_whitelist_urls !no_av_scan_rep av_src {% endif %} {% if squid_filter_url %} url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\"" url_rewrite_program /usr/sbin/ufdbgclient -m 4 -l /var/log/squid/ url_rewrite_children 16 startup=8 idle=2 concurrency=4 {% endif %} # Refresh patterns # For package repo refresh_pattern (Release|Packages(.gz)?)$ 0 20% 1440 refresh_pattern ((sqlite.bz2)*)$ 0 20% 1440 refresh_pattern (\.deb|\.udeb)$ 10080 100% 20160 refresh_pattern (\.rpm|\.srpm)$ 10080 100% 20160 refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims # Default refresh pattern refresh_pattern . 0 20% 4320