micaelaizen
(usa Debian)
Enviado em 02/05/2014 - 08:42h
Estou tendo problemas com o squid aqui na empresa, preciso configurar para bloquear site, antes ele estava bloqueando, agora nao esta mais vou deixar o squid.conf abaixo.
E o SSH nao esta mais acessando outro computadores, por exemplo, eu consigo acessar o servidor de outros computadores, mas nao consigo acessar outros computadores, diz erro na porta 22.
# Configuracao geral
http_port 3128
cache_mem 32 MB
cache_dir ufs /var/spool/squid 100 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
pid_filename /var/run/squid.pid
error_directory /usr/share/squid/errors/Portuguese
emulate_httpd_log on
visible_hostname proxy
cache_mgr Sec_Info
# ACL para autenticacao
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic realm ENTRE COM SEU LOGIN E SENHA!
acl autenticados proxy_auth REQUIRED
# ACL sqstat
acl sqstat proto cache_object
acl webserver src 10.0.0.0/8R
acl sqstat_site url_regex 10.0.0.1
http_access allow sqstat webserver
http_access deny sqstat
# http_access allow sqstat_site
# ACL servicos recomendados e cia
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 22 443 444 563 8999 13352 23000 8443 8080 1-65535 # https, snews
# acl SSL_ports port 873 # rsync
acl Safe_ports port 23 # Telnet - Coisa do serpro
acl Safe_ports port 80 81 # http
acl Safe_ports port 22 # SSH acesso remoteba
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 8080
# acl Safe_ports port 70 # gopher
# acl Safe_ports port 210 # wais
acl Safe_ports port 1-65535 # unregistered ports
# acl Safe_ports port 280 # http-mgmt
# acl Safe_ports port 488 # gss-http
# acl Safe_ports port 591 # filemaker
# acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 500 4500 # VPN CITEX
acl Safe_ports port 1723 # VPN QG
acl Safe_ports port 3456 # Receita Net
acl purge method PURGE
acl CONNECT method CONNECT
# ACL de liberacao de portas
acl Safe_ports port 3050 # Interbase/Firebird
acl Safe_ports port 23000 # Serpro
acl Safe_ports port 8999 # Serpro
acl Safe_ports port 13352 # SIRF
acl Safe_ports port 500 # FAP Digital
#acl Safe_ports port 27000-27050 #Steam
#acl Safe_ports port 4380 # Steam
# ACL para transmissão do IR
acl receitanet dst 161.148.231.100/255.255.255.255
# Black list de usuarios
acl blacklist_users proxy_auth "/etc/squid/list/blacklist"
# ACL rede interna
acl intranet src 10.0.0.0/255.0.0.0
# Pasta de arquivos do serv
acl file_share url_regex 10.0.0.1
#http_access allow file_share
# Define os administradores
# acl admin proxy_auth "/etc/squid/list/admin"
acl admin arp "/etc/squid/list/admin"
# Define quem pode acessar a internet
acl internet arp "/etc/squid/list/internet"
# Define sites bloqueados
acl site dstdomain -i "/etc/squid/list/site"
# Define sites confiaveis na qual nao é necessario autenticação para accessar (repos das distro)
acl trusted dstdomain -i "/etc/squid/list/trusted"