Jonas Forte
(usa Debian)
Enviado em 15/07/2011 - 13:15h
Amigos estou com problemas no squid. Controlo aqui na empresa 30 usuarios com o squid. O problema é quando alguem pede para liberar algum site pelo IP, não da certo, ai eu vou no rc.firewall e libero geral com iptable, mas ele fica com acesso a tudo igual a Diretoria. Ja tentei de tudo configurei ACLs mas ele da erro. Segue o squid.conf abaixo para os amigos que queiram me ajudar. Desde ja agradeço e um abraço. Sou estudioso na linux ha muito tempo, mas não pratíco muito por falta de tempo, mas um dia irei ficar um expert como voces.
###############
# jonas - 2011
###############
# Default
http_port 10.10.10.1:3128 transparent
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#autenticacao
#auth_param ntlm use_ntlm_negotiate off
#auth_param basic program /etc/squid/bin/ncsa_auth /etc/squid/passwd
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours
#auth_param basic casesensitive off
#
# Configuracao Padrao
cache_mem 64 MB
# cache_dir ufs /var/spool/squid/ 500 16 256
cache_access_log /etc/squid/var/logs/access.log
cache_log /etc/squid/var/logs/cache.log
cache_store_log /etc/squid/var/logs/store.log
#pid_filename /etc/squid/var/logs/squid/squid.pid
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
# Padrao sugerido
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
# ACCESS CONTROL LISTS
# --------------------
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 10000 21 24001
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 24001 # ftp dpi
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
# Nega pedidos de portas desconhecidas
http_access deny !Safe_ports
# Nega CONNECT para portas diferentes das SSL_ports
http_access deny CONNECT !SSL_ports
# Regras especificas
# ------------------
acl redelocal src 10.10.10.0/255.255.255.0 127.0.0.1
#acl arq_usuarios_skyler url_regex "/usr/local/squid/etc/sites_usu_skyler"
#acl usuarios_skyler proxy_auth moratti julio antonio
acl Block url_regex -i "/etc/squid/Bloqueados"
acl bloq urlpath_regex -i "/etc/squid/Bloqueados"
acl bloqsites dstdomain -i "/etc/squid/SitesBloqueados"
acl NoBlock url_regex -i "/etc/squid/Desbloqueados"
acl nobloq urlpath_regex -i "/etc/squid/Desbloqueados"
acl nobloqsites dstdomain -i "/etc/squid/SitesDesbloqueados"
acl macaddress arp 00:1B:24:31:28:0D
#Blacklist
#acl black_porn1 dstdomain -i "/etc/blacklist/domains_porn"
#acl black_porn2 urlpath_regex -i "/etc/blacklist/urls_porn"
#Bloquear IP
#acl ip1 src 192.168.0.36
#acl ip2 src 192.168.0.95
acl hotmail_domains dstdomain .hotmail.msn.com
header_access Accept-Encoding deny hotmail_domains
http_access deny Block !NoBlock
http_access deny bloqsites !nobloqsites
http_access deny bloq !nobloq
#http_access deny !macaddress all
#http_access deny arq_usuarios_skyler
#http_access deny ip1
http_access allow redelocal
#http_access deny ip2
# Nega o acesso de todos por esse proxy
http_access deny all
http_reply_access allow all
# Permite pedidos ICP de todos
icp_access allow all
# Default
# cache_mgr darte-adm@dominio.com.br
# Configuracao para proxy transparente
# ------------------------------------
#httpd_accel_port 80
#httpd_accel_host virtual
#httpd_accel_with_proxy on
#httpd_accel_uses_host_header on
coredump_dir /var/spool/squid
# Linhas acrescidas
visible_hostname proxy.localdomain.com.br
# Para monitoramento
#acl snmppublic snmp_community local_user
#snmp_port 3401
#snmp_access allow localhost
#snmp_access deny all
#error_directory /etc/squid/errors/Portuguese
error_directory /usr/share/squid/errors/Portuguese