evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity

squid: improve default whitelist

Browse source
This commit is contained in:
Jérémy Lecour 2021-07-03 08:52:50 +02:00 committed by Jérémy Lecour
parent 5905751a82
commit 3721c2ab38
2 changed files with 30 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGELOG.md
View file

@ -37,9 +37,9 @@ The **patch** part changes incrementally at each release.
* ntpd: Add leapfile configuration setting to ntpd on debian 10+ * ntpd: Add leapfile configuration setting to ntpd on debian 10+
* packweb-apache: install phpMyAdmin from buster-backports * packweb-apache: install phpMyAdmin from buster-backports
* spamassassin: change dependency on evomaintenance * spamassassin: change dependency on evomaintenance
* squid: improve default whitelist (more specific patterns)
* squid: must be started in foreground mode for systemd * squid: must be started in foreground mode for systemd
* squid: remove obsolete variable on Squid 4 * squid: remove obsolete variable on Squid 4
### Fixed ### Fixed
* certbot: sync_remote excludes itself * certbot: sync_remote excludes itself

58
squid/files/evolinux-whitelist-defaults.conf
View file

@ -1,20 +1,19 @@
### Evolix & System ### Evolix & System
^.*\.evolix\.(net|org|com|fr)$ (\.)?evolix\.(net|org|com|fr)$
^.*\.debian\.org$ (\.)?debian\.org$
^www\.backports\.org$ ^www\.backports\.org$
^backports\.debian\.org$
^www\.kernel\.org$ ^www\.kernel\.org$
^hwraid\.le-vert\.net$ ^hwraid\.le-vert\.net$
^.*\.clamav\.net$ .+\.clamav\.net$
^spamassassin\.apache\.org$ ^spamassassin\.apache\.org$
^.*sa-update.*$ .+\.sa-update\..+
^pear\.php\.net$ ^pear\.php\.net$
^repo\.mysql\.com$ ^repo\.mysql\.com$
^deb\.nodesource\.com$ ^deb\.nodesource\.com$
^dl\.yarnpkg\.com$ ^dl\.yarnpkg\.com$
# Let's Encrypt # Let's Encrypt
^.*\.letsencrypt.org$ .+\.letsencrypt.org$
# Other OCSP endpoint # Other OCSP endpoint
^ocsp\.usertrust\.com$ ^ocsp\.usertrust\.com$
@ -22,9 +21,9 @@
### CMS / Wordpress / Drupal / ... ### CMS / Wordpress / Drupal / ...
# Wordpress # Wordpress
^.*\.akismet\.com$ .+\.akismet\.com$
^.*\.wordpress\.(org|com)$ .+\.wordpress\.(org|com)$
^.*\.gravatar\.com$ .+\.gravatar\.com$
^www\.wordpress-fr\.net$ ^www\.wordpress-fr\.net$
^pixel\.wp\.com$ ^pixel\.wp\.com$
^wp-updates\.com$ ^wp-updates\.com$
@ -63,11 +62,11 @@
^www\.weblogalot\.com$ ^www\.weblogalot\.com$
# Wordpress plugins # Wordpress plugins
^.*\.wpml\.org$ .+\.wpml\.org$
^www\.wpcube\.co\.uk$ ^www\.wpcube\.co\.uk$
^.*\.wp-rocket\.me$ .+\.wp-rocket\.me$
^www\.yithemes\.com$ ^www\.yithemes\.com$
^.*\.yoast\.com$ .+\.yoast\.com$
^yarpp\.org$ ^yarpp\.org$
^repository\.kreaturamedia\.com$ ^repository\.kreaturamedia\.com$
^api\.wp-events-plugin\.com$ ^api\.wp-events-plugin\.com$
@ -87,7 +86,7 @@
^amasty\.com$ ^amasty\.com$
# Joomla # Joomla
^.*\.joomla\.org$ .+\.joomla\.org$
^getk2\.org$ ^getk2\.org$
^miwisoft\.com$ ^miwisoft\.com$
^mijosoft\.com$ ^mijosoft\.com$
@ -97,13 +96,13 @@
^download\.nonumber\.nl$ ^download\.nonumber\.nl$
# Prestashop # Prestashop
^.*\.prestashop\.com$ .+\.prestashop\.com$
^www\.presta-module\.com$ ^www\.presta-module\.com$
^www\.presteamshop\.com$ ^www\.presteamshop\.com$
# Others # Others
^.*.drupal\.org$ .+\.drupal\.org$
^.*\.dotclear\.(net|org)$ .+\.dotclear\.(net|org)$
^www\.phpbb\.com$ ^www\.phpbb\.com$
^www\.typolight\.org$ ^www\.typolight\.org$
^www\.spip\.net$ ^www\.spip\.net$
@ -113,8 +112,8 @@
# Google # Google
^.*\.googleapis\.com$ .+\.googleapis\.com$
^.*\.google-analytics\.com$ .+\.google-analytics\.com$
^blogsearch\.google\.(com|fr)$ ^blogsearch\.google\.(com|fr)$
^csi\.gstatic\.com$ ^csi\.gstatic\.com$
^maps\.google\..*$ ^maps\.google\..*$
@ -123,8 +122,8 @@
^fonts\.googleapis\.com$ ^fonts\.googleapis\.com$
# Facebook # Facebook
^.*\.facebook\.com$ .+\.facebook\.com$
^.*\.fbcdn\.net$ .+\.fbcdn\.net$
# Maxmind # Maxmind
^geolite\.maxmind\.com$ ^geolite\.maxmind\.com$
@ -138,15 +137,15 @@
^www\.liberation\.fr$ ^www\.liberation\.fr$
# Others # Others
#^.*\.amazon.com$ #.+\.amazon.com$
^.*\.twitter\.com$ .+\.twitter\.com$
^.*\.feedburner\.com$ .+\.feedburner\.com$
^.*\.openx\.(org|com|net)$ .+\.openx\.(org|com|net)$
^geoip-api\.meteor\.com$ ^geoip-api\.meteor\.com$
^www\.bing\.com$ ^www\.bing\.com$
^www\.telize\.com$ ^www\.telize\.com$
^.*\.ident\.me$ .+\.ident\.me$
^.*\.icanhazip\.com$ .+\.icanhazip\.com$
^www\.express-mailing\.com$ ^www\.express-mailing\.com$
^bot\.whatismyipaddress\.com$ ^bot\.whatismyipaddress\.com$
^ipecho\.net$ ^ipecho\.net$
@ -158,12 +157,13 @@
^ftp-.*\.osuosl\.org$ ^ftp-.*\.osuosl\.org$
^ftp\.icm\.edu\.pl$ ^ftp\.icm\.edu\.pl$
^apt\.newrelic\.com$ ^apt\.newrelic\.com$
^.*\.cloudfront\.net$ .+\.cloudfront\.net$
^api\.mailjet\.com$ ^api\.mailjet\.com$
^bfmbusiness\.bfmtv\.com$ ^bfmbusiness\.bfmtv\.com$
^api\.pinterest\.com$ ^api\.pinterest\.com$
^api\.openweathermap\.org$ ^api\.openweathermap\.org$
^www\.lefigaro\.fr$ ^www\.lefigaro\.fr$
^www\.dailymotion\.com$ ^www\.dailymotion\.com$
^.*\.123rf\.com$ .+\.123rf\.com$
^.*.gouv\.fr$ .+\.gouv\.fr$
^ifconfig\.me$