Squid (squid.conf)
Bloqueio de usuários, URLs, domínios, autenticação, etc
Categoria: Networking
Software: Squid
[ Hits: 34.847 ]
Por: Diego Henrique Pereira
Um squid.conf completo, com bloqueios de usuários, URLs, domínios, autenticação, download e tempo.
hierarchy_stoplist cgi-bin ? http_port 3128 dns_nameservers 172.16.0.1 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl to_all dst 0.0.0.0/0.0.0.0 #redirect_program /usr/bin/squirm #redirect_children 80 ############################################################################ #Pedir RA e senha auth_param basic program /bin/ncsa_auth /usr/local/squid/etc/autenticar/senhas auth_param basic children 160 auth_param basic realm Digite seu Login e sua SENHA # auth_param basic credentialsttl 1800 seconds ############################################################################ # Diferenciar Rede Administrativa da acadêmica external_acl_type admr children=20 %LOGIN %SRC /usr/local/squid/etc/liberar/admr acl checar external admr ########################################################################### # Limite de conexões por usuario authenticate_ip_ttl 300 seconds acl 6horas max_user_ip -s 12 ############################################################################ # Horarios de funcionamento da biblioteca acl manha time M T W H F A 8:00-12:00 acl tarde time M T W H F A 13:00-17:05 acl noite time M T W H F 18:30-22:50 ############################################################################ #acl SitesNaoCache url_regex "/etc/SitesNaoCache.txt" #acl Rede174 src 200.162.174.0/255.255.255.0 #acl Rede175 src 200.162.175.0/255.255.255.0 error_directory /usr/local/squid/share/errors/Portuguese acl SSL_ports port 433 563 10000 acl Safe_ports port 80 # http acl Safe_ports port 20 # ftp-data acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 25 # pop acl Safe_ports port 110 # smtp acl CONNECT method CONNECT ############################################################################### # Servidor de ARQUIVOS acl servidor src "/usr/local/squid/etc/liberar/servarquivos" ############################################################################### # Administração acl atd src "/usr/local/squid/etc/liberar/atd" acl diretor src "/usr/local/squid/etc/liberar/diretor" acl diretserv src "/usr/local/squid/etc/liberar/diretserv" acl professores src "/usr/local/squid/etc/liberar/professores" acl coordped src "/usr/local/squid/etc/liberar/coordped" acl recepcao src "/usr/local/squid/etc/liberar/recepcao" acl oficial src "/usr/local/squid/etc/liberar/oficial" ############################################################################### # Biblioteca acl biblioteca src "/usr/local/squid/etc/liberar/biblioteca" ############################################################################### # Laboratorios acl laboratorios src "/usr/local/squid/etc/bloquear/laboratorios" acl lab1 src "/usr/local/squid/etc/liberar/lab1" acl lab2 src "/usr/local/squid/etc/liberar/lab2" acl lab3 src "/usr/local/squid/etc/liberar/lab3" ############################################################################### # Bate-Papo acl batepapo req_mime_type -i "/usr/local/squid/etc/bloquear/batepapo" ############################################################################### # URL's acl proibido-url url_regex -i "/usr/local/squid/etc/bloquear/proibido-url" acl proibido-urlporno url_regex -i "/usr/local/squid/etc/bloquear/proibido-urlporno" acl proibido-urlporno2 url_regex -i "/usr/local/squid/etc/bloquear/proibido-urlporno2" acl proibido-urlav url_regex -i "/usr/local/squid/etc/bloquear/proibido-urlav" acl proibido-urldrogas url_regex -i "/usr/local/squid/etc/bloquear/proibido-urldrogas" acl proibido-urlhacking url_regex -i "/usr/local/squid/etc/bloquear/proibido-urlhacking" acl proibido-dominioshacking dstdomain "/usr/local/squid/etc/bloquear/proibido-dominioshacking" acl proibido-dominiosav dstdomain "/usr/local/squid/etc/bloquear/proibido-dominiosav" acl proibido-dominiosdrogas dstdomain "/usr/local/squid/etc/bloquear/proibido-dominiosdrogas" acl liberar-download urlpath_regex "/usr/local/squid/etc/liberar/download" acl liberar-url url_regex -i "/usr/local/squid/etc/liberar/liberado-url" acl download urlpath_regex .exe$ .tar.gz$ .tgz$ .rpm$ .avi$ .wmv$ .mp3$ .mov$ .rm$ .wma$ .arj$ .zip$ .ppt$ .pps$ .scr$ .pif$ .bat$ .win$ .rar$ .dll$ acl blockip src "/usr/local/squid/etc/bloquear/blockip" ############################################################################### # O parametro no_cache define que determinados objetos não deverão # ser armazenados em cache. Eh preciso primeiro definir uma acl # indicando quais os objetos. Em seguida aplica-se o no_cache a # esta acl. acl QUERY urlpath_regex cgi-bin \? acl IMAGENS urlpath_regex jpg gif png swf JPG GIF PNG SWF acl PAGESTAT urlpath_regex html htm acl PAGINAS urlpath_regex cgi-bin cgi \? php asp xml pl exe no_cache deny QUERY #no_cache deny SitesNaoCache #no_cache deny Rede174 #no_cache deny Rede175 no_cache allow IMAGENS no_cache allow PAGESTAT no_cache deny PAGINAS ############################################################################# # Bloqueios http_access deny proibido-url !checar http_access deny proibido-urlporno !checar http_access deny proibido-urlporno2 !checar http_access deny proibido-urlav !checar http_access deny proibido-urldrogas !checar http_access deny proibido-urlhacking !checar http_access deny download !checar http_access deny batepapo !checar http_access deny blockip http_access deny laboratorios header_access Accept-Encoding deny proibido-dominioshacking !checar header_access Accept-Encoding deny proibido-dominiosav !checar header_access Accept-Encoding deny proibido-dominiosdrogas !checar ############################################################################# # Permissões http_access allow liberar-download http_access allow liberar-url ############################################################################# # Servidor de Arquivos http_access allow servidor checar ############################################################################## # Administração http_access allow atd checar http_access allow diretserv checar http_access allow diretor checar http_access allow recepcao checar http_access allow oficial checar ############################################################################# # Professores http_access allow professores checar http_access allow coordped checar ############################################################################## # Biblioteca http_access allow biblioteca checar ############################################################################## # Laboratorios #http_access allow lab1 #http_access allow lab2 #http_access allow lab3 ############################################################################### #Manter as linhas abaixo descomentadas para liberar a conexão com o servidor para as estaçoes http_access allow manager localhost http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #http_reply_access allow all ############################################################################# #Descomentar as linhas abaixo para voltar as configuraçoes iniciais do SQUID #icp_access allow all #http_access allow Clientes #http_access allow to_all #http_access allow all ############################################################################## # O parametro cache_mem nao especifica o tamanho maximo do processo # do Squid, que ira ultrapassar este valor. O cache_mem se destina a # especificar o espaco em memoria destinado aos objetos em transito e # outros importantes. A prioridade eh dos objetos em transito, e # apenas o espaco restante sera ocupado pelos outros (Hot Objects e # Negative-Cached Objects). Se o espaco necessario para os objetos # em transito for maior que cache_mem sera alocada mais memoria, # ou seja, cache_mem nao especifica um limite de memoria. O padrao # eh 8 MB. cache_mem 64 MB cache_swap_low 95 cache_swap_high 98 # Tamanho maximo dos objetos armazenados no cache no disco. # O padrao eh 4096 KB. maximum_object_size 32768 KB # Tamanho minimo dos objetos armazenados no cache no disco. # O padrao eh 0, sem limite. minimum_object_size 0 KB # Tamanho maximo dos objetos mantidos em memoria. # O padrao eh 8 KB. maximum_object_size_in_memory 32 KB cache_dir ufs /usr/local/squid/cache 25000 16 256 #cache_dir diskd /cache 25000 16 256 Q1=72 Q2=64 # O parametro cache_replacement_policy determina qual a politica # de substituicao dos objetos quando se esgota o espaco destinado # ao cache em disco. # lru: mantem os objetos referenciados recentemente. # heap GDSF: otimiza o "hit rate" por manter objetos pequenos e # e populares no cache, guardando assim um numero maior de objetos. # heap LFUDA: otimiza o "byte hit rate" por manter objetos populares # no cache sem levar em conta o tamanho. Se for utilizado este, o # maximum_object_size devera ser aumentado para otimizar o LFUDA. cache_replacement_policy heap LFUDA # O memory_replacement_policy define a politica de substituicao dos # objetos em memoria, da mesma forma como o cache_replacement_policy. # Os valores possiveis são os mesmos. O padrao eh lru. memory_replacement_policy lru # Tempo de espera para resolver conexoes pendentes antes de # efetuar o shutdown do Squid. O padrao eh 30 seconds. shutdown_lifetime 10 seconds # Usuario sob o qual ira rodar o Squid. cache_effective_user nobody # Grupo sob o qual ira rodar o Squid. cache_effective_group nobody # O parametro always_direct permite definir que as requisicoes # preenchendo as exigencias de determinada ACL serao sempre # encaminhadas direto ao servidor requisitado. Exemplo: #acl servidores-locais dstdomain dominiolocal.org #always_direct allow servidores-locais # Evita que sejam feitos coredumps. coredump_dir none visible_hostname administrador.fatecgarca.com.br cache_mgr diego@fatecgarca.edu.br #http_access allow all #http_access deny all icp_port 0 #htcp_port 0 icp_access deny all half_closed_clients on #miss_access deny all #cache_peer_access deny all forwarded_for on #snmp_access allow all ie_refresh on refresh_pattern . 0 20% 4320 request_header_max_size 10 KB negative_ttl 5 minutes positive_dns_ttl 6 hours negative_dns_ttl 1 minute forward_timeout 4 minutes connect_timeout 1 minute peer_connect_timeout 30 seconds read_timeout 15 minutes request_timeout 5 minutes persistent_request_timeout 1 minute client_lifetime 60 minutes pconn_timeout 120 seconds quick_abort_min 16 KB quick_abort_max 16 KB quick_abort_pct 95 # Numero de arquivos de log rotacionados a guardar. #logfile_rotate 4 # Log de requisicoes. cache_access_log /usr/local/squid/log/access.log #cache_access_log none # Log do cache. cache_log /usr/local/squid/log/cache.log #cache_log /dev/null # Log de objetos guardados. Pode ser desativado. cache_store_log none
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Como renomear arquivos de letras maiúsculas para minúsculas
Imprimindo no formato livreto no Linux
Vim - incrementando números em substituição
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Vou voltar moderar conteúdos de Dicas e Artigos (2)
Melhorando a precisão de valores flutuantes em python[AJUDA] (8)
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta