squid (squid.conf)

squid.conf básico

Categoria: Segurança

Software: squid

[ Hits: 23.032 ]

Por: Ricardo Franzen


Este é meu primeiro squid.conf , aceito sugestoes. Ele bloqueia banners, chat, sites, putaria e tem uma lista de sites liberados. Se quiserem  mando as listas separadas, hehehe.


#..:: Squid.conf by midnight ::..#
# - Sugestoes, criticas: xmidnight@bol.com.br - #

#=======================================
# NETWORK OPTIONS
#=======================================



#  TAG: http_port
http_port 3128

#  TAG: https_port
# none

#  TAG: ssl_unclean_shutdown
# ssl_unclean_shutdown off

#  TAG: icp_port
# icp_port 3130

#  TAG: htcp_port
# htcp_port 4827

#  TAG: mcast_groups
# none

#  TAG: udp_incoming_address
# udp_incoming_address 0.0.0.0

#  TAG: udp_outgoing_address
# udp_outgoing_address 255.255.255.255




#==============================================
# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
#==============================================



#  TAG: cache_peer
# none

#  TAG: cache_peer_domain
# none

#  TAG: neighbor_type_domain
# none

#  TAG: icp_query_timeout   (msec)
# icp_query_timeout 0

#  TAG: maximum_icp_query_timeout   (msec)
# maximum_icp_query_timeout 2000

#  TAG: mcast_icp_query_timeout   (msec)
# mcast_icp_query_timeout 2000

#  TAG: dead_peer_timeout   (seconds)
# dead_peer_timeout 10 seconds

#  TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?

#  TAG: no_cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY




#==============================
# OPTIONS WHICH AFFECT THE CACHE SIZE
#==============================



#  TAG: cache_mem   (bytes)
cache_mem 8 MB

#  TAG: cache_swap_low   (percent, 0-100)
cache_swap_low 90

#  TAG: cache_swap_high   (percent, 0-100)
cache_swap_high 95

#  TAG: maximum_object_size   (bytes)
maximum_object_size 4096 KB

#  TAG: minimum_object_size   (bytes)
minimum_object_size 0 KB

#  TAG: maximum_object_size_in_memory   (bytes)
maximum_object_size_in_memory 8 KB

#  TAG: ipcache_size   (number of entries)
ipcache_size 1024

#  TAG: ipcache_low   (percent)
ipcache_low 90

#  TAG: ipcache_high   (percent)
ipcache_high 95

#  TAG: fqdncache_size   (number of entries)
fqdncache_size 1024

#  TAG: cache_replacement_policy
cache_replacement_policy lru

#  TAG: memory_replacement_policy
memory_replacement_policy lru




#==================================
# LOGFILE PATHNAMES AND CACHE DIRECTORIES
#==================================



#  TAG: cache_dir
cache_dir ufs c:/squid/var/cache 2000 16 256

#  TAG: cache_access_log
cache_access_log c:/squid/var/logs/access.log

#  TAG: cache_log
cache_log c:/squid/var/logs/cache.log

#  TAG: cache_store_log
cache_store_log c:/squid/var/logs/store.log

#  TAG: cache_swap_log
# none

#  TAG: emulate_httpd_log   on|off
emulate_httpd_log off

#  TAG: log_ip_on_direct   on|off
log_ip_on_direct on

#  TAG: mime_table
mime_table c:/squid/etc/mime.conf

#  TAG: log_mime_hdrs   on|off
log_mime_hdrs off

#  TAG: useragent_log
# none

#  TAG: referer_log
# none

#  TAG: pid_filename
pid_filename c:/squid/var/logs/squid.pid

#  TAG: debug_options
debug_options ALL,1

#  TAG: log_fqdn   on|off
log_fqdn off

#  TAG: client_netmask
client_netmask 255.255.255.0




#==================================
# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#==================================



#  TAG: ftp_user
# ftp_user Squid@

#  TAG: ftp_list_width
# ftp_list_width 32

#  TAG: ftp_passive
# ftp_passive on

#  TAG: ftp_sanitycheck
# ftp_sanitycheck on

#  TAG: cache_dns_program
# cache_dns_program c:/squid/libexec/dnsserver.exe

#  TAG: dns_children
# dns_children 5

#  TAG: dns_retransmit_interval
# dns_retransmit_interval 5 seconds

#  TAG: dns_timeout
# dns_timeout 5 minutes

#  TAG: dns_defnames   on|off
# dns_defnames off

#  TAG: dns_nameservers
# none

#  TAG: hosts_file
# none

#  TAG: diskd_program
# diskd_program c:/squid/libexec/diskd.exe

#  TAG: unlinkd_program
# unlinkd_program c:/squid/libexec/unlinkd.exe

#  TAG: pinger_program
# pinger_program c:/squid/libexec/pinger.exe

#  TAG: redirect_program
# none

#  TAG: redirect_children
# redirect_children 5

#  TAG: redirect_rewrites_host_header
# redirect_rewrites_host_header on

#  TAG: redirector_access
# none

#  TAG: auth_param
#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

#  TAG: authenticate_cache_garbage_interval
# authenticate_cache_garbage_interval 1 hour

#  TAG: authenticate_ttl
# authenticate_ttl 1 hour

#  TAG: authenticate_ip_ttl
# authenticate_ip_ttl 0 seconds

#  TAG: external_acl_type
# none




#=========================
# OPTIONS FOR TUNING THE CACHE
#=========================



#  TAG: wais_relay_host
# wais_relay_port 0

#  TAG: request_header_max_size   (KB)
# request_header_max_size 10 KB

#  TAG: request_body_max_size   (KB)
# request_body_max_size 0 KB

#  TAG: refresh_pattern
refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320

#  TAG: quick_abort_min   (KB)
# quick_abort_min 16 KB
# quick_abort_max 16 KB
# quick_abort_pct 95

#  TAG: negative_ttl   time-units
# negative_ttl 5 minutes

#  TAG: positive_dns_ttl   time-units
# positive_dns_ttl 6 hours

#  TAG: negative_dns_ttl   time-units
# negative_dns_ttl 5 minutes

#  TAG: range_offset_limit   (bytes)
# range_offset_limit 0 KB



#=============================
# TIMEOUTS
#=============================



#  TAG: connect_timeout   time-units
# connect_timeout 2 minutes

#  TAG: peer_connect_timeout   time-units
# peer_connect_timeout 30 seconds

#  TAG: read_timeout   time-units
# read_timeout 15 minutes

#  TAG: request_timeout
# request_timeout 5 minutes

#  TAG: persistent_request_timeout
# persistent_request_timeout 1 minute

#  TAG: client_lifetime   time-units
# client_lifetime 1 day

#  TAG: half_closed_clients
# half_closed_clients on

#  TAG: pconn_timeout
# pconn_timeout 120 seconds

#  TAG: ident_timeout
# ident_timeout 10 seconds

#  TAG: shutdown_lifetime   time-units
# shutdown_lifetime 30 seconds




#============================
# ACCESS CONTROLS
#============================



# TAG: acl

#== urls das listas ==#
acl xxx_domains url_regex "c:/squid/etc/listas/xxx_domains"
acl xxx_expressoes url_regex "c:/squid/etc/listas/xxxx_expressoes"
acl ads_domains url_regex "c:/squid/etc/listas/ads_domains"
#acl chat url_regex "c:/squid/etc/listas/chat"
acl livre dstdomain "c:/squid/etc/listas/livre"

#== maquinas ==#
#acl saude?? src 192.168.142.??/32
#acl saude?? src 192.168.142.??/32
#acl saude?? src 192.168.142.??/32

#== bloqueia propaganda ==#
http_access deny ads_domains

#== bloqueia [*****] ==#
http_access deny xxx_domains
http_access deny xxx_expressoes

#== bloqueia chat ==#
#http_acess deny chat

#== sites liberados ==#
http_access allow livre

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443 563   # https, snews
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http
acl CONNECT method CONNECT

#  TAG: http_access
# http_access deny all

#  TAG: http_reply_access
# http_reply_access allow all

#  TAG: icp_access
# icp_access deny all

#  TAG: miss_access
# miss_access allow all

#  TAG: cache_peer_access
# none

#  TAG: ident_lookup_access
# ident_lookup_access deny all

#  TAG: tcp_outgoing_tos
# none

#  TAG: tcp_outgoing_address
# none

#  TAG: reply_body_max_size   bytes allow|deny acl acl...
# reply_body_max_size 0 allow all




#============================
# ADMINISTRATIVE PARAMETERS
#============================



#  TAG: cache_mgr
# cache_mgr webmaster

#  TAG: cache_effective_user
# cache_effective_user nobody

#  TAG: visible_hostname
visible_hostname localhost

#  TAG: unique_hostname
# none

#  TAG: hostname_aliases
# none




#====================================
# OPTIONS FOR THE CACHE REGISTRATION SERVICE
#====================================



#  TAG: announce_period
# announce_period 0

#  TAG: announce_host
# announce_host tracker.ircache.net

#  TAG: announce_file

#  TAG: announce_port
# announce_port 3131




#=======================
# HTTPD-ACCELERATOR OPTIONS
#=======================



#  TAG: httpd_accel_host
httpd_accel_port 80

#  TAG: httpd_accel_single_host   on|off
# httpd_accel_single_host off

#  TAG: httpd_accel_with_proxy   on|off
# httpd_accel_with_proxy off

#  TAG: httpd_accel_uses_host_header   on|off
# httpd_accel_uses_host_header off




#==================================
# MISCELLANEOUS
#==================================



#  TAG: dns_testnames
# dns_testnames netscape.com internic.net nlanr.net microsoft.com

#  TAG: logfile_rotate
# logfile_rotate 10

#  TAG: append_domain
# none

#  TAG: tcp_recv_bufsize   (bytes)
# tcp_recv_bufsize 0 bytes

#  TAG: err_html_text
# none

#  TAG: deny_info
# none

#  TAG: memory_pools   on|off
# memory_pools on

#  TAG: memory_pools_limit   (bytes)
# none

#  TAG: forwarded_for   on|off
# forwarded_for on

#  TAG: log_icp_queries   on|off
# log_icp_queries on

#  TAG: icp_hit_stale   on|off
# icp_hit_stale off

#  TAG: minimum_direct_hops
# minimum_direct_hops 4

#  TAG: minimum_direct_rtt
# minimum_direct_rtt 400

#  TAG: cachemgr_passwd
# none

#  TAG: store_avg_object_size   (kbytes)
# store_avg_object_size 13 KB

#  TAG: store_objects_per_bucket
# store_objects_per_bucket 20

#  TAG: client_db   on|off
# client_db on

#  TAG: netdb_low
# netdb_low 900

#  TAG: netdb_high
# netdb_high 1000

#  TAG: netdb_ping_period
# netdb_ping_period 5 minutes

#  TAG: query_icmp   on|off
# query_icmp off

#  TAG: test_reachability   on|off
# test_reachability off

#  TAG: buffered_logs   on|off
# buffered_logs off

#  TAG: reload_into_ims   on|off
# reload_into_ims off

#  TAG: always_direct
# none

#  TAG: never_direct
# none

#  TAG: header_access
# none

#  TAG: header_replace
# none

#  TAG: icon_directory
icon_directory c:/squid/share/icons

#  TAG: error_directory
error_directory c:/squid/share/errors/English

#  TAG: minimum_retry_timeout   (seconds)
# minimum_retry_timeout 5 seconds

#  TAG: maximum_single_addr_tries
# maximum_single_addr_tries 3

#  TAG: snmp_port
# snmp_port 3401

#  TAG: snmp_access
# snmp_access deny all

#  TAG: snmp_incoming_address
# snmp_incoming_address 0.0.0.0

#  TAG: snmp_outgoing_address
# snmp_outgoing_address 255.255.255.255

#  TAG: as_whois_server
# as_whois_server whois.ra.net
# as_whois_server whois.ra.net

#  TAG: wccp_router
# wccp_router 0.0.0.0

#  TAG: wccp_version
# wccp_version 4

#  TAG: wccp_incoming_address
# wccp_incoming_address 0.0.0.0
# wccp_outgoing_address 255.255.255.255




#====================================
# DELAY POOL PARAMETERS 
# (all require DELAY_POOLS compilation option)
#====================================



#  TAG: delay_pools
# delay_pools 0

#  TAG: delay_class
# none

#  TAG: delay_access
# none

#  TAG: delay_parameters
# none

#  TAG: delay_initial_bucket_level   (percent, 0-100)
# delay_initial_bucket_level 50

#  TAG: incoming_icp_average
# incoming_icp_average 6

#  TAG: incoming_http_average
# incoming_http_average 4

#  TAG: incoming_dns_average
# incoming_dns_average 4

#  TAG: min_icp_poll_cnt
# min_icp_poll_cnt 8

#  TAG: min_dns_poll_cnt
# min_dns_poll_cnt 8

#  TAG: min_http_poll_cnt
# min_http_poll_cnt 8

#  TAG: max_open_disk_fds
# max_open_disk_fds 0

#  TAG: offline_mode
# offline_mode off

#  TAG: uri_whitespace
# uri_whitespace strip

#  TAG: broken_posts
# none

#  TAG: mcast_miss_addr
# mcast_miss_addr 255.255.255.255

#  TAG: mcast_miss_ttl
# mcast_miss_ttl 16

#  TAG: mcast_miss_port
# mcast_miss_port 3135

#  TAG: mcast_miss_encode_key
# mcast_miss_encode_key XXXXXXXXXXXXXXXX

#  TAG: nonhierarchical_direct
# nonhierarchical_direct on

#  TAG: prefer_direct
# prefer_direct off

#  TAG: strip_query_terms
# strip_query_terms on

#  TAG: coredump_dir
coredump_dir c:/squid/var/cache

#  TAG: redirector_bypass
# redirector_bypass off

#  TAG: ignore_unknown_nameservers
# ignore_unknown_nameservers on

#  TAG: digest_generation
# digest_generation on

#  TAG: digest_bits_per_entry
# digest_bits_per_entry 5

#  TAG: digest_rebuild_period   (seconds)
# digest_rebuild_period 1 hour

#  TAG: digest_rewrite_period   (seconds)
# digest_rewrite_period 1 hour

#  TAG: digest_swapout_chunk_size   (bytes)
# digest_swapout_chunk_size 4096 bytes

#  TAG: digest_rebuild_chunk_percentage   (percent, 0-100)
# digest_rebuild_chunk_percentage 10

#  TAG: chroot
# none

#  TAG: client_persistent_connections
# client_persistent_connections on

#  TAG: server_persistent_connections
# server_persistent_connections on

#  TAG: pipeline_prefetch
# pipeline_prefetch off

#  TAG: extension_methods
# none

#  TAG: request_entities
# request_entities off

#  TAG: high_response_time_warning   (msec)
# high_response_time_warning 0

#  TAG: high_page_fault_warning
# high_page_fault_warning 0

#  TAG: high_memory_warning
# high_memory_warning 0

#  TAG: store_dir_select_algorithm
# store_dir_select_algorithm least-load

#  TAG: forward_log
# none

#  TAG: ie_refresh   on|off
# ie_refresh off

#  TAG: vary_ignore_expire   on|off
# vary_ignore_expire off

#  TAG: sleep_after_fork   (microseconds)
# sleep_after_fork 0

  


Comentários
[1] Comentário enviado por mbulcao em 21/01/2004 - 01:47h

Ricardo,

Obrigada por sua contribuicao vc poderia me mandar as listas.

desde já agradeço,

Marcia Bulcao
mbulcao@horizon.com.br

[2] Comentário enviado por slacklex em 17/04/2006 - 23:47h

Muito bom essa conf... Voce poderia mandar as listas pra mim??

Obrigado

Alex Sandro

slacklex@gmail.com

[3] Comentário enviado por leite.rafael em 16/06/2006 - 22:37h

Amigo,
Se possível, me envie tb
leite.rafael@gmail.com

[4] Comentário enviado por rfranzen em 17/06/2006 - 20:29h

As listas completas e atualizadas podem ser encontradas aqui: www.squidguard.org/blacklist


Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts