Squid (squid.conf)
Squid fácil e intuitivo
Categoria: Miscelânea
Software: Squid
[ Hits: 14.516 ]
Por: Lucas Garcia Moreira
Apresento meu Squid, fácil e intuitivo, que faz parte do artigo "Squid + Sarg + IPtables - Configuração rápida": http://www.vivaolinux.com.br/artigo/Squid-Sarg-IPtables-Configuraeccedileatildeo-reaacutepida
################################################ ##### Porta, Nome e Cache ##### ################################################ # http_port 3128 transparent visible_hostname APA-Proxy # ## Criar cache na memoria de 4 GB ## cache_mem 4096 MB maximum_object_size_in_memory 2 MB maximum_object_size 4 MB minimum_object_size 10 KB cache_swap_low 80 cache_swap_high 95 refresh_pattern ^ftp: 15 20% 2280 refresh_pattern ^gopher: 15 0% 2280 refresh_pattern . 15 20% 2280 # ################################################ ##### Log ##### ################################################ # cache_access_log /var/log/squid3/access.log cache_store_log /var/log/squid3/store.log cache_log /var/log/squid3/cache.log ## Criar um cache em disco de 5 GB ## cache_dir aufs /var/spool/squid3 5120 16 256 # ################################################ ##### ACLs ##### ################################################ # #acl all src 0.0.0.0/0.0.0.0 #acl manager proto cache_object #acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # swat acl Safe_ports port 1025-65535 # portas altas acl purge method PURGE acl CONNECT method CONNECT #Bloquear as portas não sitadas http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # ################################################ ##### Direitos de Acessos ##### ################################################ http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge # ################################################ ## CONTROLE DE BANDA ## ################################################ # #acl livre src 192.168.0.0/255.255.255.0 #acl extensoes url_regex -i .exe$ .mp3$ .vqf$ .tar.gz$ .gz$ .rpm$ .zip$ .rar$ .avi$ .mpeg$ .mpe$ .mpg$ .ram$ .rm$ .iso$ .raw$ .wav$ .mov$ #delay_pools 2 # # Classe 1 - Acesso a Internet a 512k # # delay_class 1 2 # delay_parameters 1 -1/-1 69000/69000 # # Classe 2 - Download a 180k # # delay_class 2 2 # delay_parameters 2 -1/-1 22500/22500 #delay_access 1 allow livre #delay_access 2 allow extensoes # ################################################ #### Liberando IP'S #### ################################################ # acl liberados src "/etc/squid/liberados.conf" # http_access allow liberados # ################################################ #### BLOQUEAR PALAVRAS #### ################################################ # acl bloquear_palavras url_regex -i "/etc/squid3/bloqueios.conf" # http_access deny bloquear_palavras # ################################################ ##### Rede Local #### ################################################ acl redelocal src 10.0.0.0/255.0.0.0 # ################################################ #### Liberando as Redes #### ################################################ http_access allow localhost http_access allow redelocal # ################################################ #### Bloqueando todo o Resto #### ################################################ http_access deny all http_access deny bloquear_palavras error_directory /usr/share/squid3/errors/portuguese
Lucas Garcia Moreira tudo em paz? Gostei do seu conf e usarei ele de base para meus estudos e testes. Se não for abusar, poderia contribuir com iptables? No meu caso eu tenho apenas a porta de rede on-board (eth0) e não sei fazer o redirecionamento da porta 80 e 443 para o proxy, pois eu vou usar ele no gateway do cliente (ficar ip do servidor no gateway) e filtrar a rede. Eu já tentei e não consegui, meu servidor tem IP 10.14.89.10. Obrigado.
Patrocínio
Destaques
Artigos
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Dicas
Efeito "livro" em arquivos PDF
Como resolver o erro no CUPS: Unable to get list of printer drivers
Flatpak: remover runtimes não usados e pacotes
Mudar o gerenciador de login (GDM para SDDM e vice-versa) - parte 2
Tópicos
Wifi não funciona no Aspire ES 15 com o Debian (11)
Teclado não funciona no Debian (1)
Como atualizar o Debian 8 para o 10 (10)
Dica sobre iptables ACCEPT e DROP (6)
NGNIX - Aplicar SNAT para evitar roteamento assimetrico (29)
Top 10 do mês
-
Xerxes
1° lugar - 65.773 pts -
Fábio Berbert de Paula
2° lugar - 49.141 pts -
Buckminster
3° lugar - 18.795 pts -
Mauricio Ferrari
4° lugar - 14.807 pts -
Alberto Federman Neto.
5° lugar - 13.583 pts -
Diego Mendes Rodrigues
6° lugar - 12.777 pts -
Daniel Lara Souza
7° lugar - 12.689 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
8° lugar - 12.013 pts -
Andre (pinduvoz)
9° lugar - 10.816 pts -
edps
10° lugar - 10.439 pts
Scripts
[Python] Automação de scan de vulnerabilidades
[Python] Script para analise de superficie de ataque
[Shell Script] Novo script para redimensionar, rotacionar, converter e espelhar arquivos de imagem
[Shell Script] Iniciador de DOOM (DSDA-DOOM, Doom Retro ou Woof!)
[Shell Script] Script para adicionar bordas às imagens de uma pasta
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
