cpdrede
(usa CentOS)
Enviado em 10/11/2010 - 13:56h
E ai pessoal, gostaria de pedir ajuda pra vcs, montei um proxy na empresa que trabalho e quando coloco uma acl para liberar algumas ips da rede interna, não funciona,alguem poderia dar uma olhada no conf que montei e se possivel me mostrar o erro.
PS - Os arquivos estão com opção de execução (755) e contem todos os ips da minha rede interna.
Segue o arquivo
##################################################
############## Configuracoes padrao ##############
### Porta padrao do Squid e Nome do Servidor ###
##################################################
http_port 192.168.1.1:3128
visible_hostname Servidor
#Nao salva paginas dinamicamentes
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
##################################################
######### Regras de Cache #########
##################################################
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 1024 16 256
cache_access_log /var/log/squid/access.log
client_netmask 255.255.255.0
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
error_directory /usr/share/squid/errors/Portuguese/
emulate_httpd_log on
##################################################
########## Configuracao Minima ##########
##################################################
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
##################################################
########## Direitos de Acesso ##########
##################################################
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
##################################################
## Programa de autenticacao e arquivo de senhas ##
##################################################
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/usuarios
auth_param basic realm REDE PROTEGIDA POR SENHA
auth_param basic children 5
auth_param basic credentialsttl 5 minutes
auth_param basic casesensitive on
##################################################
########## Criacao das ACLS ##########
##################################################
acl ips_rede_liberados src "/etc/squid/arquivos/ips_rede_liberados"
acl autenticados proxy_auth REQUIRED
acl sites_permitidos url_regex -i "/etc/squid/arquivos/sites_permitidos"
acl dominios_bloqueados dstdomain "/etc/squid/arquivos/dominios_bloqueados"
acl sites_bloqueados url_regex -i "/etc/squid/arquivos/sites_bloqueados"
acl extencao_bloqueadas url_regex -i "/etc/squid/arquivos/extencao_bloqueadas"
acl palavras_proibidas urlpath_regex -i "/etc/squid/arquivos/palavras_proibidas"
acl ips_bloqueados dstdomain "/etc/squid/arquivos/ips_bloqueados"
acl ips_rede_bloqueados src "/etc/squid/arquivos/ips_rede_bloqueados"
acl max_conection maxconn 10
##################################################
########## Liberacoes das ACLS ##########
##################################################
http_access allow ips_rede_liberados
http_access allow autenticados
http_access allow sites_permitidos
http_access deny all
http_access deny dominio_sbloqueados
http_access deny sites_bloqueados
http_access deny palavras_proibidas
http_access deny ips_bloqueados
http_access deny ips_rede_bloqueados
http_access deny extencao_bloqueadas
http_access deny max_conection redelocal
acl redelocal src 192.168.1.0/24
http_access allow localhost
http_access allow redelocal
http_access deny all