flv_dantt
(usa Fedora)
Enviado em 03/02/2012 - 08:36h
[quote]flv_dantt escreveu:
Esta meio grande, na verdade, nao fui eu quem construi, pois quando entrei na empresa ele já estava funcionando, porem estava tudo liberado... fiz apenas algumas modificações.
--------------------------------------------------------------------------------------------------------
# ACLs
acl all src 0.0.0.0/0
acl antivirus url_regex -i "/etc/squid/acls/antivirus.txt"
acl bancos url_regex -i "/etc/squid/acls/bancos.txt"
acl bannermsn url_regex -i "/etc/squid/acls/bannermsn.txt"
acl direto url_regex -i "/etc/squid/acls/direto.txt"
acl blockvideo url_regex -i .video.globo.com .youtube.com .videos.terra.com.br
http_access deny blockvideo
acl downloaders proxy_auth "/etc/squid/acls/downloaders.txt"
acl ext-proibidas urlpath_regex -i "/etc/squid/acls/ext-proibidas.txt"
acl ipadmin src "/etc/squid/acls/ipadmin.txt"
acl ipadmindst dst "/etc/squid/acls/ipadmin.txt"
acl java browser Java/1.4 Java/1.5 Java/1.6
acl localip dst 192.168.0.254
acl macliberado arp "/etc/squid/acls/macallow.txt"
acl macproibido arp "/etc/squid/acls/macdeny.txt"
acl messenger url_regex -i "/etc/squid/acls/msn.txt"
acl noauth url_regex -i "/etc/squid/acls/noauth.txt"
acl password proxy_auth REQUIRED
acl rede src 192.168.0.0/24
acl semcache url_regex -i "/etc/squid/acls/semcache.txt"
acl updates url_regex -i "/etc/squid/acls/updates.txt"
acl bloqueados url_regex -i "/etc/squid/acls/bloqueados.txt"
acl bloqueados proxy_auth "/etc/squid/acls/bloqueados.txt"
#cache deny bancos
cache deny semcache
cache deny java
cache deny semcache
cache deny java
cache deny localip
acl manager proto cache_object
acl webserver src 192.168.0.254/255.255.255.255
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# Permissoes de acesso HTTP
http_access allow manager localhost
http_access allow manager webserver
http_access allow antivirus
http_access deny bannermsn
http_access deny messenger
http_access deny macproibido
http_access allow bancos
http_access allow noauth
http_access allow macliberado
http_access allow noauth
http_access allow macliberado
http_access allow localip
http_access allow ipadmin
http_access allow ipadmindst
http_access allow java
http_access allow updates
http_access allow downloaders ext-proibidas
http_access allow updates ext-proibidas
http_access deny ext-proibidas all
http_access allow password
http_access allow rede
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access allow localhost
http_access deny all
icp_access allow all
http_access deny bloqueados