Squid (squid.conf)
Squid fácil e intuitivo
Categoria: Miscelânea
Software: Squid
[ Hits: 14.725 ]
Por: Lucas Garcia Moreira
Apresento meu Squid, fácil e intuitivo, que faz parte do artigo "Squid + Sarg + IPtables - Configuração rápida": http://www.vivaolinux.com.br/artigo/Squid-Sarg-IPtables-Configuraeccedileatildeo-reaacutepida
################################################ ##### Porta, Nome e Cache ##### ################################################ # http_port 3128 transparent visible_hostname APA-Proxy # ## Criar cache na memoria de 4 GB ## cache_mem 4096 MB maximum_object_size_in_memory 2 MB maximum_object_size 4 MB minimum_object_size 10 KB cache_swap_low 80 cache_swap_high 95 refresh_pattern ^ftp: 15 20% 2280 refresh_pattern ^gopher: 15 0% 2280 refresh_pattern . 15 20% 2280 # ################################################ ##### Log ##### ################################################ # cache_access_log /var/log/squid3/access.log cache_store_log /var/log/squid3/store.log cache_log /var/log/squid3/cache.log ## Criar um cache em disco de 5 GB ## cache_dir aufs /var/spool/squid3 5120 16 256 # ################################################ ##### ACLs ##### ################################################ # #acl all src 0.0.0.0/0.0.0.0 #acl manager proto cache_object #acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # swat acl Safe_ports port 1025-65535 # portas altas acl purge method PURGE acl CONNECT method CONNECT #Bloquear as portas não sitadas http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # ################################################ ##### Direitos de Acessos ##### ################################################ http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge # ################################################ ## CONTROLE DE BANDA ## ################################################ # #acl livre src 192.168.0.0/255.255.255.0 #acl extensoes url_regex -i .exe$ .mp3$ .vqf$ .tar.gz$ .gz$ .rpm$ .zip$ .rar$ .avi$ .mpeg$ .mpe$ .mpg$ .ram$ .rm$ .iso$ .raw$ .wav$ .mov$ #delay_pools 2 # # Classe 1 - Acesso a Internet a 512k # # delay_class 1 2 # delay_parameters 1 -1/-1 69000/69000 # # Classe 2 - Download a 180k # # delay_class 2 2 # delay_parameters 2 -1/-1 22500/22500 #delay_access 1 allow livre #delay_access 2 allow extensoes # ################################################ #### Liberando IP'S #### ################################################ # acl liberados src "/etc/squid/liberados.conf" # http_access allow liberados # ################################################ #### BLOQUEAR PALAVRAS #### ################################################ # acl bloquear_palavras url_regex -i "/etc/squid3/bloqueios.conf" # http_access deny bloquear_palavras # ################################################ ##### Rede Local #### ################################################ acl redelocal src 10.0.0.0/255.0.0.0 # ################################################ #### Liberando as Redes #### ################################################ http_access allow localhost http_access allow redelocal # ################################################ #### Bloqueando todo o Resto #### ################################################ http_access deny all http_access deny bloquear_palavras error_directory /usr/share/squid3/errors/portuguese
Lucas Garcia Moreira tudo em paz? Gostei do seu conf e usarei ele de base para meus estudos e testes. Se não for abusar, poderia contribuir com iptables? No meu caso eu tenho apenas a porta de rede on-board (eth0) e não sei fazer o redirecionamento da porta 80 e 443 para o proxy, pois eu vou usar ele no gateway do cliente (ficar ip do servidor no gateway) e filtrar a rede. Eu já tentei e não consegui, meu servidor tem IP 10.14.89.10. Obrigado.
Patrocínio
Destaques
Artigos
Cirurgia para acelerar o openSUSE em HD externo via USB
Void Server como Domain Control
Modo Simples de Baixar e Usar o bash-completion
Monitorando o Preço do Bitcoin ou sua Cripto Favorita em Tempo Real com um Widget Flutuante
Dicas
Como bloquear pendrive em uma rede Linux
Um autoinstall.yaml para Ubuntu com foco em quem vai fazer máquina virtual
Instalar GRUB sem archinstall no Arch Linux em UEFI Problemático
Como impedir exclusão de arquivos por outros usuários no (Linux)
Tópicos
Formas seguras de instalar Debian Sid (10)
Alguém executou um rm e quase mata a Pixar! (6)
Duas Pasta Pessoal Aparecendo no Ubuntu 24.04.3 LTS (12)
Por que passar nas disciplinas da faculdade é ruim e ser reprovado é b... (6)
Top 10 do mês
-
Xerxes
1° lugar - 149.017 pts -
Fábio Berbert de Paula
2° lugar - 68.444 pts -
Mauricio Ferrari
3° lugar - 21.659 pts -
Buckminster
4° lugar - 20.786 pts -
Alberto Federman Neto.
5° lugar - 19.535 pts -
edps
6° lugar - 19.268 pts -
Daniel Lara Souza
7° lugar - 18.895 pts -
Andre (pinduvoz)
8° lugar - 17.425 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
9° lugar - 16.272 pts -
Diego Mendes Rodrigues
10° lugar - 14.250 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
