andre_ramos
(usa openSUSE)
Enviado em 11/12/2009 - 11:45h
Estou com um problema no squid, criei uma acl para libera o site do youtube e bloquea o restante dos sites, mas os ips que coloco no arqvivo para liberar o site do youtube tambem fica liberado todos os sites ou seja nao esta bloqueando os sites bloqueados e sim danda acesso total.
Oque será que fiz de errado?
segue o scrip do squid.conf
# WELCOME TO SQUID 3.0.STABLE10
# ----------------------------
################# Autenticação de Usuários ##########################
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#####################################################################
#acl password proxy_auth REQUIRED//Qdo for usar a autent. descomentar
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl redetoctao src 192.168.0.0/24 # RFC1918 possible internal network
##################### Regras ########################################
acl Safe_ports port 20 # programa oi
acl SSL_ports port 443 563 # https
acl Safe_ports port 553 # Autenticacao do outlook
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 8021
acl Safe_ports port 2121
acl Safe_ports port 89 # juridico 2ccago
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl IPliberados src "/etc/squid/regras/IPliberado.txt"
acl sites_permitidos url_regex -i "/etc/squid/regras/sites_permitidos.txt"
acl libera-msn src "/etc/squid/regras/libera-msn.txt"
acl libera-youtube src "/etc/squid/regras/libera-youtube.txt"
acl bloqueados url_regex -i "/etc/squid/regras/bloqueados.txt"
acl imo url_regex -i imo.im:443
acl ultrasurf dstdom_regex -i ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}($|:.+|/))
acl msn url_regex -i gateway.dll ADSAdClient31.dll
acl msn_bloq dstdomain "/etc/squid/regras/msn_bloq.txt"
acl msn1 url_regex passport.com confi.messenger.msn.com
acl msn2 req_mime_type -i ^application/x-msn-messenger
acl CONNECT method CONNECT
#####################################################################
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
####################### Permisões das Regras ########################
http_access allow IPliberados
http_access allow sites_permitidos
http_access allow libera-youtube
http_access deny bloqueados
http_access deny imo
http_access deny CONNECT ultrasurf
http_access allow libera-msn
http_access deny msn !libera-msn
http_access deny msn_bloq !libera-msn
http_access deny msn1 !libera-msn
http_access deny msn2 !libera-msn
#####################################################################
http_access allow redetoctao
http_access allow localhost
http_access deny all
icp_access allow redetoctao
icp_access deny all
htcp_access allow redetoctao
htcp_access deny all
############### Endereço do Servidor e Porta para Acesso############
http_port 192.168.0.246:3128 transparent
####################################################################
hierarchy_stoplist cgi-bin ?
######################## Tamanhos das Cache ########################
cache_dir ufs /var/cache/squid 2048 16 256
cache_swap_low 90
cache_swap_high 95
########################### Caminhos dos Logs ######################
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
error_directory /usr/share/squid/errors/Portuguese
#######################Controle de Acessos #########################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#####################################################################
icp_port 3230
coredump_dir /var/cache/squid
grato