Enviado em 30/01/2013 - 12:08h
Boa tarde, estou montando um gw e to tentando configurar o squid pra autenticar com meu
# Integrando com AD
auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b "dc=coop,dc=emp" -D "cn=gwproxy,ou=GWInternet,dc=coop,dc=emp" -w "xxx" -f sAMAccountName=%s -h 192.168.0.150
auth_param basic children 5
auth_param basic realm Acesso Internet Monitorado, digite seu usuario e senha:
auth_param basic credentialsttl 1 hour
#acl autentica proxy_auth REQUIRED
external_acl_type squid_ldap %LOGIN /usr/lib64/squid/squid_ldap_group -R -b "dc=coop,dc=emp" -D "cn=gwproxy,ou=GWInternet,dc=coop,dc=emp" -w "xxx" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=GWInternet,dc=coop,dc=emp))" -h 192.168.0.150
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port "/etc/squid/safe_ports"
acl CONNECT method CONNECT
# Recommended minimum Access Permission configuration:
# Squid normally listens to port 3128
http_port 3128
visible_hostname gwlondon
acl apache rep_header Server ^Apache
#acl redelocal proxy_auth REQUIRED src 192.168.0.0/24
acl redelocal proxy_auth REQUIRED
#ACLs de conexao, etc
#ACLs de acesso
acl SitesBlok dstdomain "/etc/squid/sitesbloqueados.txt"
acl PalavrasBlok url_regex -i "/etc/squid/palavrasbloqueadas.txt"
acl UsuariosFull external squid_ldap LdapGWFull
acl UsuariosEmpresa external squid_ldap LdapGWEmpresa
acl redelocal proxy_auth REQUIRED
http_access allow manager localhost
# Arquivo de log do Squid, todos os logs de usuáos ficam neste arquivo
access_log /var/log/squid/access.log
#http_access allow e deny padrao
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow UsuariosFull
http_access allow UsuariosEmpresa !SitesBlok !PalavrasBlok
http_access deny SitesBlok
http_access deny PalavrasBlok
#http_access allow password
# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
# Add any of your own refresh_pattern entries above these.
#acl QUERY urlpath_regex cgi-bin \?
#cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#
cache_effective_user squid
cache_effective_group squid
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Criando uma VPC na AWS via CLI
Multifuncional HP imprime mas não digitaliza
Dica básica para escrever um Artigo.
Como Exibir Imagens Aleatórias no Neofetch para Personalizar seu Terminal