FerdOUT
(usa Outra)
Enviado em 21/05/2015 - 11:11h
Bom dia pessoal.
Estou tendo um problema para colocar meu squid para rodar,
eu tendo usar o comando squid -k reconfigure para testar, e é me retornado um erro de ACL, revisei o arquivo squid.conf várias vezes e não consegui encontrar o erro (considerem que eu estou entrando neste mundo de linux agora..)
Tento também usar o comando "service squid start", e ele dá falha.
O mesmo acontece se eu uso "service squid stop".
[root@fmserver squid]# squid -k reconfigure
2015/05/21 10:08:18| aclParseAclLine: missing ACL name.
FATAL: Bungled squid.conf line 2: acl
Squid Cache (Version 3.0.STABLE20): Terminated abnormally.
CPU Usage: 0.008 seconds = 0.004 user + 0.004 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
[root@fmserver squid]# service squid start
Iniciando o squid: [FALHOU]
2015/05/21 10:08:26| Processing Configuration File: /etc/squid/squid.conf (depth 0)
2015/05/21 10:08:26| aclParseAclLine: missing ACL name.
FATAL: Bungled squid.conf line 2: acl
Squid Cache (Version 3.0.STABLE20): Terminated abnormally.
CPU Usage: 0.009 seconds = 0.003 user + 0.006 sys
Maximum Resident Size: 0 KB
Page faults with physical i/o: 0
[root@fmserver squid]# service squid stop
Parando o squid: [FALHOU]
[root@fmserver squid]#
Este é o meu squid.conf
http_port 3128
acl
acl
rt 3128
visible_hostname fmserver
error_directory /usr/share/squid/errors/Portuguese/
# Cache RAM para armazenar figuras, paginas e html
cache_mem 128 MB
maximum_object_size_in_memory 64 KB
# Cache HD Atualizacoes e downloads
maximum_object_size 500 MB
minimum_object_size 0 KB
# Controle de Cache
cache_swap_low 90
cache_swap_high 95
# Localizacao dos arquivos do proxy
cache_dir ufs /var/spool/squid 20480 16 256
#############regra de ACL para liberar portas especificas
acl safe_ports port 34567
acl safe_ports port 8080
acl safe_ports port 8180
# Logs de acesso squid
cache_access_log /var/log/squid/access.log
cache_mgr suporte@grupofmagricola.com.br
# Configuracao para acesso autenticado no squid
auth_param basic realm Proxy FM-Agricola
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
##### Cache do Windows Update #####
refresh_pattern au.download.windowsupdate.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
refresh_pattern msgruser.dlservice.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
refresh_pattern windowsupdate.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
refresh_pattern
www.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
visible_hostname fmserver
error_directory /usr/share/squid/errors/Portuguese/
# Cache RAM para armazenar figuras, paginas e html
cache_mem 128 MB
maximum_object_size_in_memory 64 KB
# Cache HD Atualizacoes e downloads
maximum_object_size 500 MB
minimum_object_size 0 KB
# Controle de Cache
cache_swap_low 90
cache_swap_high 95
# Atualizacoes de Paginas
refresh_pattern ^ftp: 15 20% 2280visible_hostname fmserver
error_directory /usr/share/squid/errors/Portuguese/
# Configuracao para acesso autenticado no squid
auth_param basic realm Proxy FM-Agricola
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
# Atualizacoes de Paginas
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
# Regra para requisicoes da Rede Local
acl lan src 192.168.0.0/24
# Regra libera sites com problemas no PROXY
acl ips_problema src "/etc/squid/customize/ips_problema"
acl sites_problema dstdomain "/etc/squid/customize/sites_problema"
# Regra que bloqueia downloads de arquivos por EXT
acl extban url_regex -i "/etc/squid/customize/extban"
# Regra para o MSN
acl msn dstdomain .login.live.com
acl msnmessenger url_regex -i gateway.dll
acl msn1 req_mime_type -i ^application/x-mss-messenger$
#################################################################################################################################################################################
# Regras ACL
acl autenticados proxy_auth REQUIRED
# Regra para requisicoes da Rede Local
acl lan src 192.168.0.0/24
# Regra libera sites com problemas no PROXY
acl ips_problema src "/etc/squid/customize/ips_problema"
acl sites_problema dstdomain "/etc/squid/customize/sites_problema"
##########Legenda##############
#rh= recursos humanos
#ti= tecnologia da informacao
#re= recepcao
#ct= contabilidade
# Regra para buscar os sites liberados para cada usuario. Essa regra aplica-se somente a usuarios bloqueados.
#acl sites_jackson url_regex -i "/etc/squid/customize/sites/fr_jackson"
#acl sites_camila url_regex -i "/etc/squid/customize/sites/rh_camila"
#acl sites_silvana url_regex -i "/etc/squid/customize/sites/rh_silvana"
#acl sites_anatrevizan url_regex -i "/etc/squid/customize/sites/ag_anatrevizan"
#acl sites_weber url_regex -i "/etc/squid/customize/sites/ag_weber"
#acl sites_almoxarifado url_regex -i "/etc/squid/customize/sites/al_almoxarifado"
#acl sites_lucassantos url_regex -i "/etc/squid/customize/sites/fr_lucassantos"
#acl sites_rubens url_regex -i "/etc/squid/customize/sites/of_rubens"
#acl sites_juliana url_regex -i "/etc/squid/customize/sites/co_juliana"
#acl sites_bruno url_regex -i "/etc/squid/customize/sites/co_bruno"
#acl sites_vinicius url_regex -i "/etc/squid/customize/sites/ct_vinicius"
#acl sites_brenomiguel url_regex -i "/etc/squid/customize/sites/ct_brenomiguel"#co= compras
#fi= financeiro
#fr= frotas
#ag= agricola
#di= diretoria
#of= oficina
#ju= juridico
#rb= Recebimento
#ep= EPI
#al= almoxarifado
###############################
# Regra para buscar os sites liberados para cada usuario. Essa regra aplica-se somente a usuarios bloqueados.
acl sites_jackson url_regex -i "/etc/squid/customize/sites/fr_jackson"
acl sites_camila url_regex -i "/etc/squid/customize/sites/rh_camila"
acl sites_silvana url_regex -i "/etc/squid/customize/sites/rh_silvana"
acl sites_anatrevizan url_regex -i "/etc/squid/customize/sites/ag_anatrevizan"
acl sites_weber url_regex -i "/etc/squid/customize/sites/ag_weber"
acl sites_almoxarifado url_regex -i "/etc/squid/customize/sites/al_almoxarifado"
acl sites_lucassantos url_regex -i "/etc/squid/customize/sites/fr_lucassantos"
acl sites_rubens url_regex -i "/etc/squid/customize/sites/of_rubens"
acl sites_juliana url_regex -i "/etc/squid/customize/sites/co_juliana"
acl sites_bruno url_regex -i "/etc/squid/customize/sites/co_bruno"
acl sites_vinicius url_regex -i "/etc/squid/customize/sites/ct_vinicius"
acl sites_brenomiguel url_regex -i "/etc/squid/customize/sites/ct_brenomiguel"
# Regra para atribuir usuarios com blocks
acl co_bruno proxy_auth bruno
acl rh_camila proxy_auth camila
acl rh_silvana proxy_auth silvana
acl ct_brenomiguel proxy_auth brenomiguel
acl ct_vinicius proxy_auth vinicius
acl co_juliana proxy_auth juliana
acl ag_anatrevizan proxy_auth anatrevizan
acl ag_weber proxy_auth weber
acl al_almoxarifado proxy_auth almoxarifado
acl fr_lucassantos proxy_auth lucassantos
acl fr_jackson proxy_auth jackson
acl of_rubens proxy_auth rubens
# Regra para usuarios tops
acl ep_cassio proxy_auth cassio
acl rh_pasqual proxy_auth pasqual
acl di_leonardo proxy_auth leonardo
acl rh_marcelo proxy_auth marcelo
acl ju_cesar proxy_auth cesar
acl re_idalete proxy_auth idalete
acl di_luisfernando proxy_auth luisfernando
acl di_fabio proxy_auth fabio
acl ct_henrique proxy_auth henrique
acl ct_queliane proxy_auth queliane
acl usersystem proxy_auth usersystem
acl ju_marcio proxy_auth marcio
acl rh_luizpaulo proxy_auth luizpaulo
acl fi_gabriela proxy_auth gabriela
acl ti_fernando proxy_auth fernando
#acl ag_anatrevizan proxy_auth anatrevizan
acl fi_eder proxy_auth eder
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 79 443 563 447 563 7443 10000
acl Safe_ports port 21 25 53 79 80 110 443 444 447 563 70 210 280 488 59 777 901 8080 8180 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
############################################################Permissoes para as regras ACL##################################################################
# Nega Acesso para qualquer maquina que esteja fora da rede local
http_access deny !lan
# Libera a passagem direta aos ips e sites com problemas
http_access allow ips_problema
http_access allow sites_problema
http_access allow lan1
# Libera acesso para usuarios tops
http_access allow di_leonardo
http_access allow ep_cassio
http_access allow rh_pasqual
http_access allow rh_marcelo
http_access allow di_luisfernando
http_access allow di_fabio
http_access allow ct_henrique
http_access allow ct_queliane
http_access allow usersystem
http_access allow ju_marcio
http_access allow rh_luizpaulo
http_access allow re_idalete
http_access allow ti_fernando
http_access allow fi_gabriela
http_access allow fi_eder
http_access allow ju_cesar
#http_access allow ag_anatrevizan
# Bloqueia algumas extensoes de arquivos de download
http_access deny extban
# Usuarios blocks
http_access allow rh_camila sites_camila
http_access allow ag_weber sites_weber
http_access allow al_almoxarifado !sites_almoxarifado
http_access allow of_rubens sites_rubens
http_access allow rh_silvana sites_silvana
http_access allow co_juliana !sites_juliana
http_access allow co_bruno !sites_bruno
http_access allow ct_brenomiguel sites_brenomiguel
http_access allow ct_vinicius sites_vinicius
http_access allow fr_jackson sites_jackson
http_access allow fr_lucassantos sites_lucassantos
http_access allow ag_anatrevizan !sites_anatrevizan
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
# Regra geral para os clients que nao se adequarem acima
Alguém pode me ajudar com isto?
Obrigado!