Squid.conf

1. Squid.conf

bizonhoo
(usa Outra)

Enviado em 11/08/2014 - 15:55h

Ola Pessoal so novo no forum e de linux tambem,então vamos com calma ai =)....

Tenho um proxy debian 5.1 com squid,ele libera sites por niveis e ips,ate ai td bem,estou com esse squid.conf:

http_port 8080 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_mem 96 MB
cache_swap_low 1024
cache_swap_high 1024
maximum_object_size 4096 KB
cache_dir ufs /var/spool/squid 192 20 384

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
access_log /var/log/squid/access.log squid
hosts_file /etc/hosts
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0

##########################(FILTRO DE ACESSO)####################################

#acl acesso_negado url_regex -i "/etc/squid/acesso_negado.txt"
#acl acesso_liberado url_regex -i "/etc/squid/acesso_liberado.txt"

##########################(ACESSO TOTAL)########################################
#acl acesso_total src "/etc/squid/acesso_total"
#http_access allow acesso_total

#########################(ACESSO LIBERADO)######################################
#http_access allow acesso_liberado

#########################(ACESSO NEGADO)########################################
#http_access deny acesso_negado

#########################(MENSAGEM AO INFRATOR)#################################
#error_directory /usr/share/squid/errors/Portuguese

#########################BLOQUEIO DE BANDA POR IPS(LEO)########################
acl universo_5k src "/etc/squid/universo_5k"

delay_pools 3
delay_class 1 2
delay_parameters 1 -1/-1 5000/5000
delay_access 1 allow universo_5k

#########################(ACESSO RESTRITO POR IP)###############################
#acl micro src 10.1.1.6/255.255.255.255
#acl site_liberado url_regex -i "/etc/squid/acessoUnicoSite"
#http_access deny micro !site_liberado

#acl micro1 src 10.1.1.104/255.255.255.255
#acl site_liberado1 url_regex -i "/etc/squid/acessoUnicoSite"
#http_access deny micro1 !site_liberado1

########################(CONTROLE DE BANDA)#####################################
#Acl com as extensoes que serao aplicadas o filtro
#acl download url_regex -i ftp .mov .mpeg .wav .tar .mp3 .exe .zip .rar
#acl com os IPs que vai ser aplicado a Regra
#acl HOST1 src 192.168.0.21
#acl HOST2 src 192.168.0.20
#delay_pools 2
#Dois controles de banda
#Primeiro controle de banda
#delay_class 1 2
#Nao tera limite de Banda Para o Host espeficado no delay_class 1 2
#delay_parameters 1 -1/-1 -1/-1
#delay_access 1 allow HOST2
#Segundo controle
#delay_class 2 2
#Tera limite de Banda para o host espeficado no delay_class 2 2 para + - #64Kbits
#delay_parameters 2 3000/3000 3000/3000
#delay_access 2 allow HOST1
#delay_parameters 2 30000/30000 30000/30000

##################(Declarando Grupos de Micros)#################################
acl micros_01 src "/etc/squid/regras/nivel_1/micros.conf"
acl micros_02 src "/etc/squid/regras/nivel_2/micros.conf"
acl micros_03 src "/etc/squid/regras/nivel_3/micros.conf"
acl micros_04 src "/etc/squid/regras/nivel_4/micros.conf"
acl micros_05 src "/etc/squid/regras/nivel_5/micros.conf"
acl micros_06 src "/etc/squid/regras/nivel_6/micros.conf"
acl micros_07 src "/etc/squid/regras/nivel_7/micros.conf"
acl micros_08 src "/etc/squid/regras/nivel_8/micros.conf"
acl micros_09 src "/etc/squid/regras/nivel_9/micros.conf"
acl micros_10 src "/etc/squid/regras/nivel_10/micros.conf"
acl micros_11 src "/etc/squid/regras/nivel_11/micros.conf"
acl micros_msn src "/etc/squid/regras/nivel_msn/micros.conf"

######Declarando Permissoes/Bloqueios Assuntos Grupo 09
acl assun_bloq_09 url_regex -i "/etc/squid/regras/nivel_9/assun_bloq.conf"

######Declarando Permissoes/Bloqueios Sites
acl sites_perm_01 dstdomain -i "/etc/squid/regras/nivel_1/sites_perm.conf"
acl sites_perm_02 dstdomain -i "/etc/squid/regras/nivel_2/sites_perm.conf"
acl sites_perm_03 dstdomain -i "/etc/squid/regras/nivel_3/sites_perm.conf"
acl sites_perm_04 dstdomain -i "/etc/squid/regras/nivel_4/sites_perm.conf"
acl sites_perm_05 dstdomain -i "/etc/squid/regras/nivel_5/sites_perm.conf"
acl sites_perm_06 dstdomain -i "/etc/squid/regras/nivel_6/sites_perm.conf"
acl sites_perm_07 dstdomain -i "/etc/squid/regras/nivel_7/sites_perm.conf"
acl sites_perm_08 dstdomain -i "/etc/squid/regras/nivel_8/sites_perm.conf"
acl sites_bloq_09 dstdomain -i "/etc/squid/regras/nivel_9/sites_bloq.conf"
acl sites_perm_09 dstdomain -i "/etc/squid/regras/nivel_9/sites_perm.conf"
acl sites_perm_all dstdomain -i "/etc/squid/regras/nivel_all/sites_perm.conf"
acl sites_perm_msn dstdomain -i "/etc/squid/regras/nivel_msn/sites_perm.conf"

######Declarando Permissoes/Bloqueios IPS URL
acl ips_perm_01 dst "/etc/squid/regras/nivel_1/ips_perm.conf"
acl ips_perm_02 dst "/etc/squid/regras/nivel_2/ips_perm.conf"
acl ips_perm_03 dst "/etc/squid/regras/nivel_3/ips_perm.conf"
acl ips_perm_04 dst "/etc/squid/regras/nivel_4/ips_perm.conf"
acl ips_perm_05 dst "/etc/squid/regras/nivel_5/ips_perm.conf"
acl ips_perm_06 dst "/etc/squid/regras/nivel_6/ips_perm.conf"
acl ips_perm_07 dst "/etc/squid/regras/nivel_7/ips_perm.conf"
acl ips_perm_08 dst "/etc/squid/regras/nivel_8/ips_perm.conf"
acl ips_perm_09 dst "/etc/squid/regras/nivel_9/ips_perm.conf"
acl ips_perm_all dst "/etc/squid/regras/nivel_all/ips_perm.conf"
acl ips_perm_msn dst "/etc/squid/regras/nivel_msn/ips_perm.conf"

##########Outras Listas de Itens Proibidos
acl porno_bloq_09 url_regex -i "/etc/squid/regras/nivel_9/porno_bloq.conf"
acl [*****] url_regex -i "/etc/squid/regras/nivel_9/[*****]"
acl midia_bloq_09 url_regex -i "/etc/squid/regras/nivel_9/midia_bloq.conf"
acl games_bloq_09 url_regex -i "/etc/squid/regras/nivel_9/games_bloq.conf"
acl warez_bloq_09 url_regex -i "/etc/squid/regras/nivel_9/warez_bloq.conf"
acl chat_bloq_09 url_regex -i "/etc/squid/regras/nivel_9/chat_bloq.conf"
acl down_bloq_09 urlpath_regex -i "/etc/squid/regras/nivel_9/down_bloq.conf"

#########MSN ACLs
acl msn_bloq url_regex -i "/etc/squid/regras/nivel_msn/msn_regex_bloq.conf"
acl msn2_bloq req_mime_type -i "/etc/squid/regras/nivel_msn/msn_mime_bloq.conf"
acl msn3_bloq dstdomain -i "/etc/squid/regras/nivel_msn/msn_dst_bloq.conf"

######## Anti spywares ACLs
acl spyass_bloq_all url_regex -i "/etc/squid/regras/nivel_all/spyass_bloq.conf"
acl spyip_bloq_all dst "/etc/squid/regras/nivel_all/spyip_bloq.conf"
acl spyurl_bloq_all dstdomain -i "/etc/squid/regras/nivel_all/spyurl_bloq.conf"

######Regras Comuns aos acessos.
#http_access allow manager localhost
#miss_access allow all
#icp_access allow all
#http_access deny !Safe_ports
#http_access deny CONNECT !SSL_ports

######Definicoes de Regras para o Grupo 10, este grupo tem acesso completo

http_access deny micros_10 spyass_bloq_all
http_access deny micros_10 spyip_bloq_all
http_access deny micros_10 spyurl_bloq_all
http_access deny micros_10 [*****]

http_access allow ips_perm_all micros_10
http_access allow msn_bloq micros_10 micros_msn
http_access allow msn2_bloq micros_10 micros_msn
http_access allow msn3_bloq micros_10 micros_msn
http_access allow micros_10 sites_perm_msn
http_access allow micros_10 ips_perm_msn
http_access deny micros_10 msn_bloq
http_access deny micros_10 msn2_bloq
http_access deny micros_10 msn3_bloq
http_access allow micros_10

######Definicoes de Regras para o Grupo 11, este grupo tem acesso completo

http_access allow ips_perm_all micros_11
http_access allow msn_bloq micros_11 micros_msn
http_access allow msn2_bloq micros_11 micros_msn
http_access allow msn3_bloq micros_11 micros_msn
http_access allow micros_11 sites_perm_msn
http_access allow micros_11 ips_perm_msn
http_access deny micros_11 msn_bloq
http_access deny micros_11 msn2_bloq
http_access deny micros_11 msn3_bloq
http_access allow micros_11

######Definicoes de Regras especificas por grupos, os grupos de maquinas
######respondem as regras especificas de Permissoes/Bloqueios

http_access deny micros_01 spyass_bloq_all
http_access deny micros_01 spyip_bloq_all
http_access deny micros_01 spyurl_bloq_all
http_access allow msn_bloq micros_01 micros_msn
http_access allow msn2_bloq micros_01 micros_msn
http_access allow msn3_bloq micros_01 micros_msn
http_access allow sites_perm_msn sites_perm_01 micros_01
http_access allow ips_perm_msn ips_perm_01 micros_01
http_access deny msn_bloq micros_01
http_access deny msn2_bloq micros_01
http_access deny msn3_bloq micros_01
http_access allow sites_perm_01 micros_01
http_access allow sites_perm_all micros_01
http_access allow ips_perm_all micros_01
http_access allow ips_perm_01 micros_01
http_access deny micros_01

http_access deny micros_02 spyass_bloq_all
http_access deny micros_02 spyip_bloq_all
http_access deny micros_02 spyurl_bloq_all
http_access allow msn_bloq micros_02 micros_msn
http_access allow msn2_bloq micros_02 micros_msn
http_access allow msn3_bloq micros_02 micros_msn
http_access allow sites_perm_msn sites_perm_02 micros_02
http_access allow ips_perm_msn ips_perm_02 micros_02
http_access deny msn_bloq micros_02
http_access deny msn2_bloq micros_02
http_access deny msn3_bloq micros_02
http_access allow sites_perm_02 micros_02
http_access allow sites_perm_all micros_02
http_access allow ips_perm_all micros_02
http_access allow ips_perm_02 micros_02
http_access deny micros_02

http_access deny micros_03 spyass_bloq_all
http_access deny micros_03 spyip_bloq_all
http_access deny micros_03 spyurl_bloq_all
http_access allow msn_bloq micros_03 micros_msn
http_access allow msn2_bloq micros_03 micros_msn
http_access allow msn3_bloq micros_03 micros_msn
http_access allow sites_perm_msn sites_perm_03 micros_03
http_access allow ips_perm_msn ips_perm_03 micros_03
http_access deny msn_bloq micros_03
http_access deny msn2_bloq micros_03
http_access deny msn3_bloq micros_03
http_access allow sites_perm_03 micros_03
http_access allow sites_perm_all micros_03
http_access allow ips_perm_all micros_03
http_access allow ips_perm_03 micros_03
http_access deny micros_03
http_access deny micros_04 spyass_bloq_all
http_access deny micros_04 spyip_bloq_all
http_access deny micros_04 spyurl_bloq_all
http_access allow msn_bloq micros_04 micros_msn
http_access allow msn2_bloq micros_04 micros_msn
http_access allow msn3_bloq micros_04 micros_msn
http_access allow sites_perm_msn sites_perm_04 micros_04
http_access allow ips_perm_msn ips_perm_04 micros_04
http_access deny msn_bloq micros_04
http_access deny msn2_bloq micros_04
http_access deny msn3_bloq micros_04
http_access allow sites_perm_04 micros_04
http_access allow sites_perm_all micros_04
http_access allow ips_perm_all micros_04
http_access allow ips_perm_04 micros_04
http_access deny micros_04

http_access deny micros_05 spyass_bloq_all
http_access deny micros_05 spyip_bloq_all
http_access deny micros_05 spyurl_bloq_all
http_access allow msn_bloq micros_05 micros_msn
http_access allow msn2_bloq micros_05 micros_msn
http_access allow msn3_bloq micros_05 micros_msn
http_access allow sites_perm_msn sites_perm_05 micros_05
http_access allow ips_perm_msn ips_perm_05 micros_05
http_access deny msn_bloq micros_05
http_access deny msn2_bloq micros_05
http_access deny msn3_bloq micros_05
http_access allow sites_perm_05 micros_05
http_access allow sites_perm_all micros_05
http_access allow ips_perm_all micros_05
http_access allow ips_perm_05 micros_05
http_access deny micros_05

http_access deny micros_06 spyass_bloq_all
http_access deny micros_06 spyip_bloq_all
http_access deny micros_06 spyurl_bloq_all
http_access allow msn_bloq micros_06 micros_msn
http_access allow msn2_bloq micros_06 micros_msn
http_access allow msn3_bloq micros_06 micros_msn
http_access allow sites_perm_msn sites_perm_06 micros_06
http_access allow ips_perm_msn ips_perm_06 micros_06
http_access deny msn_bloq micros_06
http_access deny msn2_bloq micros_06
http_access deny msn3_bloq micros_06
http_access allow sites_perm_06 micros_06
http_access allow sites_perm_all micros_06
http_access allow ips_perm_all micros_06
http_access allow ips_perm_06 micros_06
http_access deny micros_06
http_access deny micros_07 spyass_bloq_all
http_access deny micros_07 spyip_bloq_all
http_access deny micros_07 spyurl_bloq_all
http_access allow msn_bloq micros_07 micros_msn
http_access allow msn2_bloq micros_07 micros_msn
http_access allow msn3_bloq micros_07 micros_msn
http_access allow sites_perm_msn sites_perm_07 micros_07
http_access allow ips_perm_msn ips_perm_07 micros_07
http_access deny msn_bloq micros_07
http_access deny msn2_bloq micros_07
http_access deny msn3_bloq micros_07
http_access allow sites_perm_07 micros_07
http_access allow sites_perm_all micros_07
http_access allow ips_perm_all micros_07
http_access allow ips_perm_07 micros_07
http_access deny micros_07

http_access deny micros_08 spyass_bloq_all
http_access deny micros_08 spyip_bloq_all
http_access deny micros_08 spyurl_bloq_all
http_access allow msn_bloq micros_08 micros_msn
http_access allow msn2_bloq micros_08 micros_msn
http_access allow msn3_bloq micros_08 micros_msn
http_access allow sites_perm_msn sites_perm_08 micros_08
http_access allow ips_perm_msn ips_perm_08 micros_08
http_access deny msn_bloq micros_08
http_access deny msn2_bloq micros_08
http_access deny msn3_bloq micros_08
http_access allow sites_perm_08 micros_08
http_access allow sites_perm_all micros_08
http_access allow ips_perm_all micros_08
http_access allow ips_perm_08 micros_08
http_access deny micros_08

######Definicoes de Regras para o Grupo 09, este grupo responde as regras
######abaixo, acessam qualquer página ou assunto que nao esteja lista
######dos arquivos de bloqueio

http_access deny micros_09 spyass_bloq_all
http_access deny micros_09 spyip_bloq_all
http_access deny micros_09 spyurl_bloq_all
http_access allow msn_bloq micros_09 micros_msn
http_access allow msn2_bloq micros_09 micros_msn
http_access allow msn3_bloq micros_09 micros_msn
http_access allow sites_perm_msn sites_perm_09 micros_09
http_access allow ips_perm_msn ips_perm_09 micros_09
http_access deny msn_bloq micros_09
http_access deny msn2_bloq micros_09
http_access deny msn3_bloq micros_09
http_access allow sites_perm_09 micros_09
http_access allow sites_perm_all micros_09
http_access allow ips_perm_all micros_09
http_access allow ips_perm_09 micros_09
http_access deny sites_bloq_09 micros_09
http_access deny assun_bloq_09 micros_09
http_access deny porno_bloq_09 micros_09
http_access deny midia_bloq_09 micros_09
http_access deny games_bloq_09 micros_09
http_access deny warez_bloq_09 micros_09
http_access deny chat_bloq_09 micros_09
http_access deny down_bloq_09 micros_09
http_access allow micros_09

#######Niveis
icp_access allow all
snmp_access allow all

######Definicao de bloqueio total, um micro para acessar a internet devera
######pertencer a algum dos grupos definidos.
http_access deny all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl pop port 110
acl smtp port 25
acl purge method PURGE
acl CONNECT method CONNECT
acl rede_interna src 192.168.0.0/24
http_access allow rede_interna
http_access allow smtp
http_access allow pop
http_access allow Safe_ports
http_access allow Safe_ports
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
ftp_user allow
#http_access deny all
http_reply_access allow all
#icp_access allow all
cache_effective_group proxy
coredump_dir /var/spool/squid

E queria trocar por este:
===============================================

#####squid#####
####Arquivo de Configuração Squid (21/07/14)####

#Usar mensagens de erro em Portugues#
error_directory /usr/share/squid/errors/Portuguese

#Porta de Acesso a Internet
http_port 8080 transparent
visible_hostname Supervisão Informática

#Tamanho do cache de memória#
cache_mem 200 MB

#Tamanho máximo dos arquivos guardados no cache#
maximum_object_size_in_memory 128 KB

#Tamanho do cache de disco#
maximum_object_size 100 MB
minimum_object_size 0 KB

#Porcentagem de uso do cache para descarte de paginas antigas#
cache_swap_low 90
cache_swap_high 95

#Configuraçao do tamanho do cache de disco propriamente dita#
cache_dir ufs /var/spool/squid 3072 16 256

#Local onde estão os arquivos de log#
cache_access_log /var/log/squid/access.log

#Intervalo de atualizacao do cache#
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

#acl - Recomendadas#
acl all src
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 110 #Pop3
acl Safe_ports port 25 #Smtp

acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#Liberando Acesso Total Encarregados#
acl encarregado src 0.0.0.0
http_access allow encarregado

#Controle de Banda

acl controle src "/etc/squid/controle"

delay_pools 3
delay_class 1 2
delay_parameters 1 -1/-1 30000/30000
delay_access 1 allow controle

#Bloqueios de Sites#

#Bloqueio Por URL
acl sitesbloqueados url_regex -i "/etc/squid3/sitesbloqueados"
http_access deny sitesbloqueados

#Bloqueio Por Nomes
acl nomesproibidos dstdom_regex "/etc/squid3/nomesproibidos"
http_access deny nomesproibidos

#Liberando Ips da Rede
acl ipsliberados src "/etc/squid3/ipsliberados"
http_access allow ipsliberados

#Bloqueando Extensões Download
acl extensoes url_regex -i .exe .mp3 .mp4 .zip .rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .deb .ogg .vob .srt
http_access deny extensoes

acl redelocal src 192.168.0.0/24
http_access allow localhost
http_access deny redelocal
http_access deny all

So que este 2° so acessa paginas htpps,se for entrar em outros sites não entra da "esta pagina não esta acessivel" me perdoem pelo tamanho do post,se tiver que mudar algo me notifiquem,abraços.

Leonado Marson

0 0

Quote