# bind port for users
http_port 8080

#  bind port for Antivirus proxy
http_port 8888

# Disabling icp and htcp
icp_port 0
htcp_port 0

# configuring parent proxy (antivirus)
cache_peer 127.0.0.1 parent 8000 3130 no-query

# classical configuration 
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
cache_dir aufs /var/spool/squid 1024 16 256
ftp_list_width 64

# redirector configuration for URL filtering
redirect_program /usr/bin/squidGuard
redirect_children 10
redirect_rewrites_host_header off

# Authentification using LDAP
auth_param basic program /usr/lib/squid/squid_ldap_auth -b o=TEST -f (uid=%s) -D cn=admin,o=TEST -w admin localhost
auth_param basic children 5
auth_param basic realm Squid proxy-caching web serveruth_param basic program
auth_param basic credentialsttl 2 hours

# configuration suite...
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

# acl definition for port that will be used by antivirus software
acl from_av myport 8888

# acl for authentification
acl identification proxy_auth REQUIRED

# standards acls
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost

# acces for requests without any authentification that come from AV IP address
# and with destination the port dedicated to antivirus use.
http_access allow from_av localhost

# deny any other request to this port
http_access deny from_av

# suppress redirector filter for requests that come from antivirus
redirector_access deny from_av

# enable autentification for requests that come to the port dedicated to users
http_access allow identification

# reject unauthenticated users
http_access deny all

# other standard acls 
http_reply_access allow all
icp_access allow all

# cache is disabled for authenticated users. It means no cache between
# users and antivirus proxy
no_cache deny identification

# requests that come from antivirus MUST NOT be sent to the antivirus
# (in the other case, it will be a real loop ;))
always_direct allow from_av

# other requests MUST be sent to the antivirus parent
never_direct allow all