Minha acl nao esta bloqueando [RESOLVIDO]

1. Minha acl nao esta bloqueando [RESOLVIDO]

Andre chagas ramos
andre_ramos

(usa openSUSE)

Enviado em 11/12/2009 - 11:45h

Estou com um problema no squid, criei uma acl para libera o site do youtube e bloquea o restante dos sites, mas os ips que coloco no arqvivo para liberar o site do youtube tambem fica liberado todos os sites ou seja nao esta bloqueando os sites bloqueados e sim danda acesso total.

Oque será que fiz de errado?

segue o scrip do squid.conf


# WELCOME TO SQUID 3.0.STABLE10
# ----------------------------

################# Autenticação de Usuários ##########################
#auth_param basic program <uncomment and complete this line>
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#####################################################################

#acl password proxy_auth REQUIRED//Qdo for usar a autent. descomentar
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl redetoctao src 192.168.0.0/24 # RFC1918 possible internal network

##################### Regras ########################################
acl Safe_ports port 20 # programa oi
acl SSL_ports port 443 563 # https
acl Safe_ports port 553 # Autenticacao do outlook
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 8021
acl Safe_ports port 2121
acl Safe_ports port 89 # juridico 2ccago
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl IPliberados src "/etc/squid/regras/IPliberado.txt"
acl sites_permitidos url_regex -i "/etc/squid/regras/sites_permitidos.txt"
acl libera-msn src "/etc/squid/regras/libera-msn.txt"
acl libera-youtube src "/etc/squid/regras/libera-youtube.txt"
acl bloqueados url_regex -i "/etc/squid/regras/bloqueados.txt"
acl imo url_regex -i imo.im:443
acl ultrasurf dstdom_regex -i ([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}($|:.+|/))
acl msn url_regex -i gateway.dll ADSAdClient31.dll
acl msn_bloq dstdomain "/etc/squid/regras/msn_bloq.txt"
acl msn1 url_regex passport.com confi.messenger.msn.com
acl msn2 req_mime_type -i ^application/x-msn-messenger
acl CONNECT method CONNECT
#####################################################################

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

####################### Permisões das Regras ########################
http_access allow IPliberados
http_access allow sites_permitidos
http_access allow libera-youtube
http_access deny bloqueados
http_access deny imo
http_access deny CONNECT ultrasurf
http_access allow libera-msn
http_access deny msn !libera-msn
http_access deny msn_bloq !libera-msn
http_access deny msn1 !libera-msn
http_access deny msn2 !libera-msn
#####################################################################

http_access allow redetoctao
http_access allow localhost
http_access deny all

icp_access allow redetoctao
icp_access deny all

htcp_access allow redetoctao
htcp_access deny all

############### Endereço do Servidor e Porta para Acesso############
http_port 192.168.0.246:3128 transparent
####################################################################

hierarchy_stoplist cgi-bin ?

######################## Tamanhos das Cache ########################
cache_dir ufs /var/cache/squid 2048 16 256
cache_swap_low 90
cache_swap_high 95

########################### Caminhos dos Logs ######################
access_log /var/log/squid/access.log squid

cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
error_directory /usr/share/squid/errors/Portuguese

#######################Controle de Acessos #########################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#####################################################################

icp_port 3230
coredump_dir /var/cache/squid


grato




  


2. Re: Minha acl nao esta bloqueando [RESOLVIDO]

Andre chagas ramos
andre_ramos

(usa openSUSE)

Enviado em 11/12/2009 - 15:59h

Karos amigos ja consegui descobrir o erro

o erro era que estava fora da ordem as autorizaçoes das acls

funcionou blz ok

grato






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts