Initial import

2025-09-26 08:49:53 +02:00
commit a76650da35
35 changed files with 4660 additions and 0 deletions
--- a/styx.hcl
+++ b/styx.hcl
@@ -0,0 +1,154 @@
+
+proxy {
+    # TCP listen address
+    listen = ":3128"
+
+    # TCP bind address for outgoing connections
+    #bind = "10.42.42.215"
+    # Interface for outgoign connections
+    #interface = "en1"
+
+    # Upstream proxies
+    upstream = []   
+
+
+    policy {
+        on intercept {
+            domain = ["sensitive"]
+            permit = false
+        }
+
+        on request {
+            source = ["kids"]
+            domain = ["nsfw"]
+            permit = false
+        }
+
+        on request {
+            source = ["kids"]
+            domain = ["nsfw"]
+            permit = false
+        }
+
+        on days {
+            days = "mon-thu,sun"
+            on time {
+                time = ["22:00", "06:00"]
+                on request {
+                    source = ["kids"]
+                    domain = ["social"]
+                    permit = false
+                }
+            }
+        }
+    }
+}
+
+dns {
+    # Set the cache size
+    #size = 1024
+
+    # Set the time to live for positive responses (in seconds)
+    #ttl = 300
+
+    # Set the resolve timeout (in seconds)
+    #timeout = 10
+
+    # Set the DNS servers
+    #servers = ["1.1.1.1", "8.8.8.8"]
+
+    # Disable IPv6
+    noipv6 = true
+}
+
+mitm {
+    ca {
+        cert     = "testdata/ca.crt"
+        key      = "testdata/ca.key"
+        key_type = "ecc"
+        days     = 1825
+        organization = "maze.io"
+    }
+
+    key {
+        type = "rsa"
+        bits = 2048
+    }
+
+    cache {
+        #type = "memory" 
+        type = "disk"
+        path = "testdata/mitm"
+        expire = 10
+    }
+}
+
+cache {
+    type = "memory"
+    size = 10485760
+}
+
+match {
+    path = "testdata/match"
+
+    network "internal" {
+        type = "list"
+        list = [
+            "0.0.0.0/32",
+            "127.0.0.0/8",
+            "169.254.0.0/16",
+            "fe80::/10",
+        ]
+    }
+
+    network "kids" {
+        type = "list"
+        list = ["10.42.66.0/24"]
+    }
+
+    domain "sensitive" {
+        type = "list"
+        list = [
+            # Banking
+            "abnamro.nl",
+            "knab.nl",
+            "rabobank.nl",
+            
+            # Government
+            "belastingdienst.nl",
+            "digid.nl",
+
+            # Messaging
+            "signal.org",
+            "telegram.org",
+            "whatsapp.net",
+            "whatsapp.com",
+        ]
+    }
+
+    domain "social" {
+        type = "list"
+        list = [
+            "pinterest.com",
+            "reddit.com",
+            "x.com",
+            # YouTube
+            "googlevideo.com",
+            "youtube.com",
+            "youtu.be",
+            "ytimg.com",
+        ]
+    }
+
+    domain "nsfw" {
+        type = "domains"
+        from = "https://energized.pro/nsfw/domains.txt"
+        refresh = 43200 # 12h
+    }
+
+    domain "ads" {
+        type = "detect"
+        from = "https://small.oisd.nl/dnsmasq"
+        refresh = 12
+    }
+}