#
# minimum required settings
#
	http_port 3128
	access_log /var/log/squid/access.log squid

#
# proxy authentication configuration (uses pam authentication)
#
	auth_param basic program /usr/lib/squid/pam_auth -o
	auth_param basic children 5
	auth_param basic realm Squid proxy-caching web server
	auth_param basic credentialsttl 2 hours
	auth_param basic casesensitive off

#
# acl definitions
#

	# definition of full_access_users
	acl full_access_users src 192.168.0.2
	acl full_access_users src 10.0.0.2
	acl full_access_users src 10.0.0.15

	# definition of authenticated
	acl authenticated proxy_auth REQUIRED

	# definition of approved_sites
	acl approved_sites dstdomain .acme.com
	acl approved_sites dstdomain .acme-products.com
	acl approved_sites dstdomain .acme-insurance.com
	acl approved_sites dstdomain .acme-books.com
	acl approved_sites dstdomain .acme-movies.com

	# definition of banned_sites
	acl banned_sites dstdomain .games.com
	acl banned_sites dstdomain .fun.com
	acl banned_sites dstdomain .entertainment.com
	acl banned_sites dstdomain .sports.com

	# definition of work_hours
	acl work_hours time D 09:00-17:00

	# definition of all
	acl all src 0.0.0.0/0.0.0.0

#
# acl rules
#

	# full_access_users has no restrictions
	http_access allow full_access_users

	# allow access to approved sites even without authenticating
	http_access allow approved_sites

	# allow access to authenticated users only
	http_access deny !authenticated all

	# block banned_sites during work_hours
	http_access deny work_hours banned_sites

	# allow all the rest
	http_access allow all