dreamphonyx
(usa Ubuntu)
Enviado em 08/08/2012 - 17:09h
Olá amigos!
Esse é meu primeiro post de duvidas que crio.
Não tenho muitos conhecimentos no Squid, e fiz uma pesquisa muito ampla para conseguir montar um proxy para um cliente que eu tenho.
O que acontece!? Fiz uma configuração do SQUID com autenticação e bloqueios. O meu problema é que tenho as linhas de bloqueio não permitem que o squid funcione. Quando comento as linhas, o navegador me permite acessar qualquer site com qualquer usuário.
Dei uma boa pesquisada, li vááários artigos relacionados... Fiz vários testes, porém, não consegui. Gostaria de saber se alguém pode me ajudar dando uma olhada na minha configuração do squid.conf?!
Desde já, agradeço!
#########################################
###### Porta, Nome e Cache ##############
#########################################
#
http_port 5005
visible_hostname Darkside
#
cache_mem 150 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 256 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
#
#########################################
###### Log ##############################
#########################################
#
cache_access_log /var/log/squid3/access.log
cache_store_log /var/log/squid3/store.log
cache_log /var/squid3/logs/cache.log
cache_dir ufs /var/spool/squid3 20000 16 256
#
#########################################
##### ACLs ##############################
#########################################
#
#acl all src "0.0.0.0/0.0.0.0"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
#acl SSL_ports port port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # portas altas
acl purge method PURGE
acl CONNECT method CONNECT
#
#########################################
### Direitos de Acesso ##################
#########################################
#
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
#
#########################################
##### USANDO NCSA_AUTH ##################
#########################################
#
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/squid_passwd
auth_param basic realm Entre com o Usuario e Senha.
auth_param basic children 5
#
#########################################
##### AUTENTICACAO ######################
#########################################
#
acl autenticados proxy_auth REQUIRED
#
#########################################
##### BLOQUEAR PALAVRAS #################
#########################################
#
acl accesso_full proxy_auth "/etc/squid3/acessos/acesso_full"
acl bloquear_palavras url_regex -i "/etc/squid3/bloqueio/bloquear_palavras"
deny_info
http://www.vivaolinux.com.br/~jpaulo_farias bloquear_palavras
#
#########################################
##### BLOQUEIA O MESSENGER ##############
#########################################
#
acl bloquear_msn dstdomain "/etc/squid3/bloqueio/bloquear_msn"
acl acesso_msn proxy_auth "/etc/squid3/acessos/acesso_msn
http_access allow acesso_msn bloquear_msn
http_access deny bloquear_msn
deny_info
http://www.vivaolinux.com.br/~jpaulo_farias bloquear_msn
#
#########################################
##### BLOQUEIA ORKUT ####################
#########################################
#
acl bloquear_orkut url_regex -i "/etc/squid3/bloqueio/bloquear_orkut"
acl acesso_orkut proxy_auth "/etc/squid3/acessos/acesso_orkut"
http_access allow acesso_orkut bloquear_orkut
http_access deny bloquear_orkut
deny_info
http://www.vivaolinux.com.br/~jpaulo_farias bloquear_orkut
#
#
#########################################
##### BLOQUEIA ORKUT ####################
#########################################
#
acl bloquear_orkut url_regex -i "/etc/squid3/bloqueio/bloquear_orkut"
acl acesso_orkut proxy_auth "/etc/squid3/acessos/acesso_orkut"
http_access allow acesso_orkut bloquear_orkut
http_access deny bloquear_orkut
deny_info
http://www.vivaolinux.com.br/~jpaulo_farias bloquear_orkut
#
#########################################
##### BLOQUEIA GOOGLE TALK ##############
#########################################
#
acl bloquear_googletalk url_regex -i "/etc/squid3/bloqueio/bloquear_googletalk"
acl acesso_googletalk proxy_auth "/etc/squid3/acessos/acesso_googletalk"
http_access allow acesso_googletalk bloquear_googletalk
http_access deny bloquear_googletalk
deny_info
http://www.vivaolinux.com.br/~jpaulo_farias bloquear_googletalk
#
#########################################
##### CONTROLE DE BANDA #################
#########################################
#
#acl livre proxy_auth "/etc/squid3/acessos/acesso_banda
#acl block src 192.168.181.0/24 # Alterar conforme a rede
#delay_pools 2
#
# Classe 1 - Acesso a Internet a 512k
#
#delay_class 1 2
#delay_parameters 1 -1/-1 69000/69000
#
# Classe 2 Acesso a Internet a 180k
#
#delay_class 2 2
#delay_parameters 2 -1/-1 22500/22500
#delay_access 1 allow livre
#delay_access 2 allow block
#
######## ---- Quando comento essas linhas, consigo autenticar os usuarios ----- ########
http_access allow autenticados acesso_full
http_access allow acesso_full bloquear_palavras
http_access deny bloquear_palavras
###########################################################
acl redelocal src 192.168.181.0/24
http_access allow localhost
http_access allow redelocal
#
http_access deny all
Depois digito o comando squid3 -z e me retorna o segunte erro:
root@ubuntu:/etc/squid3# squid3 -z
2012/08/06 17:01:07| aclParseAclList: ACL name 'acesso_full' not found.
FATAL: Bungled squid.conf line 130: http_access allow autenticados acesso_full
Squid Cache (Version 3.1.19): Terminated abnormally.
CPU Usage: 0.032 seconds = 0.000 user + 0.032 sys
Maximum Resident Size: 15664 KB
Page faults with physical i/o: 0
Estou usando o ubuntu 12.04 e squid3
Mais uma vez, agradeço!