Squid (squid.conf)

Squid fácil e intuitivo

Categoria: Miscelânea

Software: Squid

[ Hits: 14.516 ]

Por: Lucas Garcia Moreira


Apresento meu Squid, fácil e intuitivo, que faz parte do artigo "Squid + Sarg + IPtables - Configuração rápida": http://www.vivaolinux.com.br/artigo/Squid-Sarg-IPtables-Configuraeccedileatildeo-reaacutepida


################################################
#####          Porta, Nome e Cache         #####
################################################
#
http_port 3128 transparent
visible_hostname APA-Proxy
#
## Criar cache na memoria de 4 GB ##
cache_mem 4096 MB
maximum_object_size_in_memory 2 MB
maximum_object_size 4 MB
minimum_object_size 10 KB
cache_swap_low 80
cache_swap_high 95
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#
################################################
#####                 Log                  #####
################################################
#
cache_access_log /var/log/squid3/access.log
cache_store_log /var/log/squid3/store.log
cache_log /var/log/squid3/cache.log
## Criar um cache em disco de 5 GB ##
cache_dir aufs /var/spool/squid3 5120 16 256
#
################################################
#####                 ACLs                 #####
################################################
#
#acl all src 0.0.0.0/0.0.0.0
#acl manager proto cache_object
#acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
acl CONNECT method CONNECT
#Bloquear as portas não sitadas
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
################################################
#####          Direitos de Acessos         #####
################################################

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
#
################################################
##            CONTROLE DE BANDA               ##
################################################
#
#acl livre src 192.168.0.0/255.255.255.0
#acl extensoes url_regex -i .exe$ .mp3$ .vqf$ .tar.gz$ .gz$ .rpm$ .zip$ .rar$ .avi$ .mpeg$ .mpe$ .mpg$ .ram$ .rm$ .iso$ .raw$ .wav$ .mov$

#delay_pools 2
#
# Classe 1 - Acesso a Internet a 512k
#
#   delay_class 1 2
#   delay_parameters 1 -1/-1 69000/69000
#
# Classe 2 - Download a 180k
#
#   delay_class 2 2
#   delay_parameters 2 -1/-1 22500/22500
#delay_access 1 allow livre
#delay_access 2 allow extensoes
#
################################################
####         Liberando IP'S                         ####
################################################
#
acl liberados src "/etc/squid/liberados.conf"
#
http_access allow liberados
#
################################################
####           BLOQUEAR PALAVRAS            ####
################################################
#
acl bloquear_palavras url_regex -i "/etc/squid3/bloqueios.conf"
#
http_access deny bloquear_palavras
#
################################################
#####              Rede Local               ####
################################################
acl redelocal src 10.0.0.0/255.0.0.0
#
################################################
####           Liberando as Redes           ####
################################################
http_access allow localhost
http_access allow redelocal
#
################################################
####        Bloqueando todo o Resto         ####
################################################
http_access deny all
http_access deny bloquear_palavras

error_directory /usr/share/squid3/errors/portuguese
  


Comentários
[1] Comentário enviado por thtrassi em 22/02/2021 - 10:09h

Lucas Garcia Moreira tudo em paz? Gostei do seu conf e usarei ele de base para meus estudos e testes. Se não for abusar, poderia contribuir com iptables? No meu caso eu tenho apenas a porta de rede on-board (eth0) e não sei fazer o redirecionamento da porta 80 e 443 para o proxy, pois eu vou usar ele no gateway do cliente (ficar ip do servidor no gateway) e filtrar a rede. Eu já tentei e não consegui, meu servidor tem IP 10.14.89.10. Obrigado.


Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts