Squid Bloqueando dominios .com

faguinho
(usa Ubuntu)

Enviado em 24/11/2011 - 11:01h

Galera,

Estou com problema no squid de bloqueio de dominios .com

Procurei bastante na internet mais ainda não encontrei ninguém com esse problema.

É o seguinte, configurei o squid aqui na empresa, e testei em 5 máquinas, até então tudo funcionando perfeitamente. Porém quando eu repliquei o squid para todo parque de micros da empresa, o mesmo em algumas máquinas, principalmente as máquinas com windows XP, estava bloqueando sites que não constam na lista de bloqueio, principalmente os de dominio .com, e também as regras que criei para uma url não passar pelo proxy, não estão funcionando.

Alguém pode me ajudar?

Abaixo segue minhas configurações do meu squid.conf


#ACLs liberadas:

acl portal url_regex -i petronect.com.br
http_access allow portal

acl intranet url_regex -i http://intranet/petronect
http_access allow intranet

acl saen url_regex -i saenrj.petrobras.com.br
http_access allow saen

acl thundera url_regex -i thundera/telematica/suricato.dll
http_access allow thundera

acl accenture url_regex -i accenture.com
http_access allow accenture

acl google url_regex -i google.com.br
http_access allow google

# Todas as redes da empresa
acl rede src 192.168.12.0/255.255.254.0
#acl rede src 192.168.13.0/255.255.254.0

###################################################
### BLOQUEIO GTALK ####
###################################################
#
acl BLOCKTALK url_regex -i chatenabled.mail.google.com
http_access deny BLOCKTALK
###################################################


############################################
### PAGINAS QUE NAO VAO FAZER CACHE ###
############################################
#
acl NOCACHE url_regex "/etc/squid/NOCACHE.txt"
no_cache deny NOCACHE


############################################
### PAGINAS QUE NAO PASSAM PELO PROXY ###
############################################
#
acl no_proxy url_regex "/etc/squid/noproxy.txt"
always_direct allow no_proxy
#


############################################
############################################
# Nao gerar cache - Acesso Liberado
############################################
acl petronect01 dstdomain petronect.com.br
acl petronect02 dstdomain petrobras.com.br
acl petronect03 dstdomain accenture.com
acl petronect04 dstdomain espaciopetrobras.com
acl petronect05 dst 172.19.0.0/255.255.0.0
#acl petronect06 dstdomain dev.petronect.com.br
acl java browser Java/1.4 Java/1.5 Java/1.6
no_cache deny petronect01
no_cache deny petronect02
no_cache deny petronect03
no_cache deny petronect04
no_cache deny petronect05

#############
always_direct allow petronect01
#############

#no_cache deny petronect06
no_cache deny java
http_access allow rede petronect01
http_access allow rede petronect02
http_access allow rede petronect03
http_access allow rede petronect04
http_access allow rede petronect05
#http_access allow rede petronect06
http_access allow rede java
#############################################

#########################################################
# ---------------- Negar Streamer ---------------------------
#########################################################
acl x-type req_mime_type -i ^application/octet-stream$
acl x-type req_mime_type -i application/octet-stream
acl x-type req_mime_type -i ^application/x-mplayer2$
acl x-type req_mime_type -i application/x-mplayer2
acl x-type req_mime_type -i ^application/x-oleobject$
acl x-type req_mime_type -i application/x-oleobject
acl x-type req_mime_type -i ^application/x-pncmd$
acl x-type req_mime_type -i application/x-pncmd
acl x-type req_mime_type -i ^video/x-ms-asf$
acl x-type req_mime_type -i video/x-ms-asf
http_access deny rede x-type
http_reply_access deny rede x-type
########################################################



################# ACLs ################################


###################FACEBOOK#############################

#acl ips-bloqueados dst 69.171.229.11
#http_access deny ips-bloqueados

#acl https url_regex -i "/etc/squid/sites_block_https.txt"
#http_access deny https

#######################################################



acl maquinas src 192.168.12.0/24

acl proibir url_regex "/etc/squid/proibidos/sites_proibidos"

http_access deny maquinas proibir

acl proxy src 192.168.12.0/24

http_access allow proxy


acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

http_access allow localhost

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 192.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network


acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

# TAG: http_access

http_access allow manager localhost
http_access deny manager

http_access allow purge localhost
http_access deny purge

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

#http_access allow localnet
http_access allow localhost

# And finally deny all other access to this proxy
http_access deny all