# ───────────────────────────────────────────────────────────────────────────── # Squid forward-proxy sidecar — allowlist-only egress for Claude Code # ───────────────────────────────────────────────────────────────────────────── http_port 3128 # PID must be writable by the non-root proxy user pid_filename /tmp/squid.pid # ─── Logging (container-friendly: stdout/stderr) ────────────────────────────── access_log stdio:/dev/stdout combined cache_log stdio:/dev/stderr cache_store_log none # ─── No disk cache ──────────────────────────────────────────────────────────── cache deny all coredump_dir /var/cache/squid # ─── ACL Definitions ────────────────────────────────────────────────────────── acl SSL_ports port 443 acl SSL_ports port 6443 # Kubernetes API server acl Safe_ports port 80 acl Safe_ports port 443 acl Safe_ports port 6443 # Kubernetes API server acl CONNECT method CONNECT # Kubernetes API server — allow CONNECT tunnels to any cluster endpoint on :6443 acl kubectl_api port 6443 # ─── Egress allowlist ───────────────────────────────────────────────────────── # Add domains here as needed. Leading dot matches all subdomains. acl allowed_sites dstdomain api.anthropic.com acl allowed_sites dstdomain statsig.anthropic.com acl allowed_sites dstdomain platform.claude.com acl allowed_sites dstdomain localhost acl allowed_sites dstdomain .local # MCP servers acl allowed_sites dstdomain api.github.com acl allowed_sites dstdomain .gitlab.com acl allowed_sites dstdomain .atlassian.net # ─── Access rules ───────────────────────────────────────────────────────────── # Block requests to non-standard ports http_access deny !Safe_ports # Block CONNECT to non-SSL ports http_access deny CONNECT !SSL_ports # Allow HTTPS tunnels only to allowlisted destinations http_access allow CONNECT allowed_sites # Allow kubectl to reach any Kubernetes API server on the standard port http_access allow CONNECT kubectl_api # Allow plain HTTP only to allowlisted destinations http_access allow allowed_sites # Deny everything else — default deny http_access deny all