Baguazaum
(usa openSUSE)
Enviado em 01/03/2012 - 15:11h
###########################################
###### SERVIDOR PROXY DO 5RCC #######
###########################################
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
# Arquivos armazenados na memoria RAM e tamanho maximo desses arquivos respectivamente
cache_mem 10000 MB
maximum_object_size_in_memory 512 KB
maximum_object_size 512 MB
minimum_object_size 1 MB
cache_swap_low 90
cache_swap_high 95
#Arquivos de Cache armazenados no HD
cache_dir ufs /var/spool/squid 30000 16 512
cache_access_log /var/log/squid/access.log
#Regra que aparece o nome do Servidor na Tela de Login
visible_hostname maua.aryrauen.eb.mil.br
# faz mostrar que regra bloqueou ou liberou a navegação no (cache.log)
debug_options ALL,1 33,2
hosts_file /etc/hosts
# Autenticação Mysql
auth_param basic realm SecInfo
auth_param basic program /usr/lib/squid/mysqlt_auth
auth_param basic children 5
auth_param basic casesensitive off
auth_param basic credentialsttl 15 minutes
# ---------------------------------------------------------------------
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
# autenticação
acl password proxy_auth REQUIRED
# minha rede = 5rcc
acl minharede src 192.168.0.0/255.255.255.0
# horarios
acl manha time MTWHF 08:00-12:00
acl tarde time MTWH 13:00-18:00
# Para final de semana Usar AS (S = Domingo e A = Sabado)
# Privilegios e Permissoes
acl supervip proxy_auth -i "/etc/squid/arquivos/supervip.txt"
acl irrestritos proxy_auth -i "/etc/squid/arquivos/irrestritos.txt"
acl comuns proxy_auth -i "/etc/squid/arquivos/comuns.txt"
# Libera Sites/Dominios/Updates sem autenticacao
acl liberados url_regex -i "/etc/squid/arquivos/liberados.txt"
# extensoes proibidas
acl extensao url_regex -i "/etc/squid/arquivos/extensao.txt"
# palavras proibidas
acl pproib url_regex -i "/etc/squid/arquivos/pproib.txt"
# sites proibidos hora do expediente
acl horaexp url_regex "/etc/squid/arquivos/horaexp.txt"
#sites pribidos sempre PARA TODOS
acl proibidao url_regex "/etc/squid/arquivos/proibidao.txt"
# ARQUIVOS
# liberados.txt
# extensao.txt
# pproib.txt
# irrestritos.txt
# supervip.txt
# horaexp.txt
# ips_dst_liberados.txt
#libera site exceções
acl exceto url_regex -i imbel.gov .radiohaus.com
# proibe acesso simultaneo do usuario com a mesma conta em mais de uma maquina e desativa navegacao por um minuto
authenticate_ip_ttl 1 minutes
acl usuariodup max_user_ip -s 1
# libera site por meio de IP destino ex: 200.193.140.78
acl ips_dst_liberados dst "/etc/squid/arquivos/ips_dst_liberados.txt"
# bloqueia acesso de sites por meio de IP ex:
http://200.193.140.98
acl todos_ips url_regex -i ^(http|https|ftp)+://[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025 65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 8999 # serpro
acl Safe_ports port 23000 # serpro
acl Safe_ports port 8443 # serpro
acl Safe_ports port 443 # telnet serpro
acl Safe_ports port 23 # telnet serpro
acl Safe_ports port 8880 # hpopenview embratel
acl Safe_ports port 5222 # msn do expresso (jabber)
acl Safe_ports port 13000 13005 # sites do dgp
acl Safe_ports port 500 # vpn
acl Safe_ports port 1194 # vpn
acl Safe_ports port 4500 # vpn
acl Safe_ports port 8080 # localhost
acl Safe_ports port 8081 # baixaki
acl Safe_ports port 1863 # MSN
acl Safe_ports port 12005 # Agenda
acl Safe_ports port 10122 # SITE RGT
acl Safe_ports port 3142 # serv rep
acl Safe_ports port 49245
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
# Liberando Sites/Dominios/Updates/antu-virus e MSN sem autenticacao
http_access allow liberados
# libera usuários Super Vip
http_access allow password supervip
# bloqueia extensoes proibidas
http_access deny extensao
#libera exceções
http_access allow exceto
# bloqueia palavras proibidas
http_access deny pproib
# bloqueia acesso do mesmo usuario em 2 maquinas simultaneamente
http_access deny usuariodup
# libera o acesso a sites atravez dos ips listados no arquivo ips_dst_liberados.txt
http_access allow ips_dst_liberados
# libera irrestritos
http_access allow password irrestritos
http_access deny proibidao
# bloqueia acessar site por meio de ip direto
http_access deny todos_ips
http_access deny minharede horaexp manha
http_access deny minharede horaexp tarde
# libera grupo comum
http_access allow password comuns
http_reply_access allow all
#esta eh a ultima regra
http_access deny all
cache_effective_group proxy
error_directory /usr/share/squid/errors/Portuguese
deny_info horaexp.html manha
deny_info horaexp.html tarde
deny_info block.html pproib
deny_info block.html proibidao
deny_info down.html extensao
deny_info ip.html todos_ips
deny_info usrdup.html usuariodup
coredump_dir /var/spool/squid