Squid (squid.conf)
Bloqueando sites para rede interna
Categoria: Segurança
Software: Squid
[ Hits: 7.757 ]
Por: Charles Silva
Essa é uma configuração de Squid básica, bloqueando computadores de uma rede interna ao abrir um site. É só instalar o Squid e renomear o squid.conf para squid.conf.velho, colocar esse no lugar e, então, criar um arquivo de texto com o nome blacklist em /usr/local/squid/etc/blacklist.txt , adicionar o site que deseja bloquear e pronto. 0bs: após ter instalado o Squid, coloque pra iniciar no rc.inet2, e tem uma acl liberando o único IP (acl unico), mude e coloque o seu IP, para que só você tenha acesso a todos os sites, e também altere o visible_hostname e dns_testnames.
################################################################# # squid.conf - atualizado em 20/06/2006 - Charles Silva # ############################ # Configuracoes basicas: ############################ hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_swap_low 90 cache_swap_high 95 maximum_object_size 192880 KB maximum_object_size_in_memory 512 KB auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 visible_hostname proxy.digiteoseunomeaki.com.br dns_testnames digita a testemunha aki ############################# # Configuracoes da cache: ############################# cache_dir aufs /usr/local/squid/cache 600 64 64 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_store_log /usr/local/squid/logs/store.log coredump_dir /usr/local/squid/var/cache ########################### # Definicoes das ACLs: ########################### acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl proibidos url_regex "/usr/local/squid/etc/blacklist.txt" acl unico src 192.168.0.88 acl rede192 src 192.168.0.0/255.255.255.0 acl hotmail_domains dstdomain .hotmail.msn.com acl ie6 browser MSIE[[:space:]]6 ######################### # Definicoes de acesso ######################### http_access allow unico http_access deny proibidos http_access deny all !rede192 icp_access deny all !rede192 header_access Accept-Encoding deny all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_reply_access allow all ############################### # Definindo o usuario do squid ############################### cache_effective_user squid cache_effective_group squid ####################### # Configuracao HTTP ####################### httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on ie_refresh on #################### # Rotacionando Log #################### logfile_rotate 10
Nenhum coment�rio foi encontrado.
Conciliando o uso da ZRAM e SWAP em disco na sua máquina
Servidor de Backup com Ubuntu Server 24.04 LTS, RAID e Duplicati (Dell PowerEdge T420)
Visualizar câmeras IP ONVIF no Linux sem necessidade de instalar aplicativos
Realizar overclock no Miyoo Mini (plus ou normal)
Otimização de memória para máquinas modestas
linux mint reconhece microfone de lapela como fone de ouvido sem micro... (0)
Dúvidas sobre a originalidade de conteúdos online (10)
Erro de interface de Rede no Virt Manager dentro Debian 13 KDE (12)
Monitoramento pfsense com zabbix (3)
Google Crhome não abre desde que eu atualizei pelo "program... (13)