configpolicy/host_vars/gw1.pyrocufflink.blue/squid.yml

squid_acl:
  localnet:
    - 'src 10.0.0.0/8		# RFC 1918 local private network (LAN)'
    - 'src 172.16.0.0/12		# RFC 1918 local private network (LAN)'
    - 'src 192.168.0.0/16		# RFC 1918 local private network (LAN)'
    - 'src fc00::/7       	# RFC 4193 local private network range'
    - 'src fe80::/10      	# RFC 4291 link-local (directly plugged) machines'
  SSL_ports:
  - port 443
  Safe_ports:
  - 'port 80		# http'
  - 'port 443		# https'
  CONNECT:
  - method CONNECT
  fedora_repo:
  - dstdomain mirrors.fedoraproject.org
  - dstdomain dl.fedoraproject.org
  google_fonts:
  - dstdomain fonts.googleapis.com
  - dstdomain fonts.gstatic.com

squid_http_access:
- 'deny !Safe_ports'
- 'deny CONNECT !SSL_ports'
- allow localhost manager
- deny manager
- deny to_localhost
- allow localnet fedora_repo
- allow google_fonts
- deny all

squid_cache_dir: []