# Port with SSL Bump
http_port 3128 ssl-bump cert=/etc/squid/ssl/squid-ca-cert.pem key=/etc/squid/ssl/squid-ca-key.pem generate-host-certificates=on dynamic_cert_mem_cache_size=4MB

# SSL Bump rules
acl step1 at_step SslBump1
ssl_bump peek step1
ssl_bump bump all

# SSL cert generator
sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/cache/squid/ssl_db -M 4MB
sslcrtd_children 5

# Basic ACLs
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10

acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 1025-65535
acl CONNECT method CONNECT

# Logging format with full URL
logformat full_url_log %ts.%03tu %>a %>Hs %<st %rm %ru "%{User-Agent}>h"

# Main logs only - we'll filter afterwards
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log full_url_log

# Access control rules
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all

# Prevent stripping of query terms from logs
strip_query_terms off

# Cache settings
cache_dir ufs /var/cache/squid 100 16 256
coredump_dir /var/cache/squid
cache deny all