sambentley
(usa Red Hat)
Enviado em 07/11/2014 - 08:56h
QUAL A ACL E COMO DEVO ESPECIFICAR NO ARQUIVO OS DOMINIOS A SEREM BLOQUEADOS POR FAvor, SEGUE MEU SQUID.
##
http_port 3128 transparent
visible_hostname netservercontal
cache_mem 64 MB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256
cache_access_log /var/log/squid/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl localnet src 10.10.20.0/24
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 563 #https,snews
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 901 #swat
acl Safe_ports port 1025-65535 #portas altas
acl purge method PURGE
acl CONNECT method CONNECT
acl SSL_ports port 443 563
##ACLS
#acl sitesbloqueados url_regex -i "/etc/squid/dominiosbloqueados"
#acl palavrasproibidas url_regex -i "/etc/squid/palavrasproibidas"
acl ips_bloqueados src "/etc/squid/ips_bloqueados"
acl sites_bloqueados dstdomain "/etc/squid/sites_bloqueados"
#acl sitespermitidos url_regex -i "/etc/squid/dominiospermitidos"
acl redelocal src 10.10.20.0/24
#ACL para bloquear skype
acl redelocal src 10.10.20.0/24
#ACL para bloquear skype
acl acl_url_im_skype url_regex ^((0|1[0-9]{0,2}|2[0-9]{0,1}|2[0-4][0-9]|25[0-5]|[3-9][0-9]{0,1})\.){3}(0|1[0-9]{0,2}|2[0-9]{0,1}|2[0-4][0-9]|25[0-5][3-9][0-9]{0,1})(:|/|$\?)
http_access allow manager localhost localnet
http_access deny manager
#http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
##Controle de acesso
#http_access deny sitesbloqueados
#http_access deny palavrasproibidas
#http_access allow liberados
#http_access deny CONNECT acl_url_im_skype
http_access deny ips_bloqueados
http_access deny sites_bloqueados
http_access allow localhost
http_access allow redelocal
http_access allow all