#====================================#
# por Guilherme Moraes  ##
#====================================#

http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
acl NOCACHE dstdomain "/etc/squid/regras/sites_nocache.txt"
no_cache deny QUERY NOCACHE
cache_mem 5 MB
maximum_object_size 9216 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 8192 KB
cache_dir ufs /var/spool/squid 500 16 256
hosts_file /etc/hosts
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

acl rede_interna src 192.168.0.0/24
acl ips_acesso_total src "/etc/squid/regras/ips_acesso_total.txt"
acl ips_cpd src "/etc/squid/regras/ips_cpd.txt"
acl ips_adm src "/etc/squid/regras/ips_adm.txt"
acl ips_vip src "/etc/squid/regras/ips_vip.txt"
acl sites_bloqueados url_regex "/etc/squid/regras/sites_bloqueados.txt"
acl sites_liberados url_regex "/etc/squid/regras/sites_liberados.txt"
acl arquivos_bloqueados url_regex "/etc/squid/regras/arquivos_bloqueados.txt"
acl arquivos_liberados url_regex "/etc/squid/regras/arquivos_liberados.txt"
acl horarios_liberados time MTWHF "/etc/squid/regras/horarios_liberados.txt"
acl horarios_liberados_sites url_regex "/etc/squid/regras/horarios_liberados_sites.txt"
acl sites_liberados_vip url_regex "/etc/squid/regras/sites_liberados_vip.txt"
acl arquivos_liberados_vip url_regex "/etc/squid/regras/arquivos_liberados_vip.txt"
acl sites_liberados_adm url_regex "/etc/squid/regras/sites_liberados_adm.txt"
acl arquivos_liberados_adm url_regex "/etc/squid/regras/arquivos_liberados_adm.txt"
acl sites_liberados_cpd url_regex "/etc/squid/regras/sites_liberados_cpd.txt"
acl arquivos_liberados_cpd url_regex "/etc/squid/regras/arquivos_liberados_cpd.txt"
#acl hostslist url_regex "/etc/squid/regras/hostslist.txt"
acl blacklistspy url_regex "/etc/squid/regras/blacklistspy.txt"

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563      # https, snews
acl SSL_ports port 873          # rsync
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl Safe_ports port 631         # cups
acl Safe_ports port 873         # rsync
acl Safe_ports port 901         # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports


http_access allow ips_acesso_total
http_access allow horarios_liberados_sites horarios_liberados
#http_access deny hostslist !sites_liberados
http_access deny blacklistspy !sites_liberados
http_access deny sites_bloqueados !sites_liberados_cpd sites_bloqueados !sites_liberados_vip sites_bloqueados !sites_liberados_adm sites_bloqueados !sites_liberados
http_access deny arquivos_bloqueados !arquivos_liberados_cpd arquivos_bloqueados !arquivos_liberados_vip arquivos_bloqueados !arquivos_liberados_vip arquivos_bloqueados !arquivos_liberados_adm arquivos_bloqueados !arquivos_liberados
http_access allow ips_cpd
http_access deny sites_bloqueados !sites_liberados_vip sites_bloqueados !sites_liberados_adm sites_bloqueados !sites_liberados
http_access deny arquivos_bloqueados !arquivos_liberados_vip arquivos_bloqueados !arquivos_liberados_adm arquivos_bloqueados !arquivos_liberados
http_access allow ips_adm
http_access deny sites_bloqueados !sites_liberados_vip sites_bloqueados !sites_liberados
http_access deny arquivos_bloqueados !arquivos_liberados_vip arquivos_bloqueados !arquivos_liberados
http_access allow ips_vip
http_access deny sites_bloqueados !sites_liberados sites_bloqueados !horarios_liberados_sites
http_access deny arquivos_bloqueados !arquivos_liberados
#http_access allow horarios_liberados
http_access deny sites_bloqueados !sites_liberados sites_bloqueados
http_access deny arquivos_bloqueados !arquivos_liberados
http_access allow rede_interna
http_access allow localhost
http_access deny all

http_reply_access allow all
icp_access allow all
visible_hostname fw.victoria

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

error_directory /usr/share/squid/errors/Portuguese
coredump_dir /var/spool/squid

##### DELAY POOLS ##### (Limitacao de banda)

acl magic_words1 url_regex -i 192.168.0
acl magic_words2 url_regex ftp "/etc/squid/regras/limite_banda_arquivos.txt"
acl limite_banda_ips_ili src "/etc/squid/regras/limite_banda_ips_ili.txt"
#acl limite_banda src "/etc/squid/regras/limite_banda.txt"
# bloquear nestes horarios segunda-sexta
acl day time MTWHF "/etc/squid/regras/limite_banda_horarios.txt"
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow magic_words1
delay_class 2 2

#The numbers here are values in bytes;
#we must remember that Squid doesn't consider start/stop bits
#5000/150000 are values for the whole network
#5000/120000 are values for the single IP
#after downloaded files exceed about 150000 bytes,
#(or even twice or three times as much)
#they will continue to download at about 5000 bytes/s

delay_parameters 2 10000/150000 10000/150000
#delay_parameters 2 limite_banda
delay_access 2 allow day
delay_access 2 deny !day
delay_access 2 allow magic_words2
#delay_access 1 allow limite_banda_ips_ili (o problema esta com essa linha)