japsuporte
(usa Ubuntu)
Enviado em 26/10/2010 - 21:53h
Boa noite pessoal.
Estou enfrentand diversos problemas com squid 2.7 no ubuntu 10.04 server.
O meu squid.conf esta sendo configurado para autenticar o usuario e sair pela porta padrão do squid. Fiz alguns teste de autentição somente com dois usuarios. Qual foi minha supresa ao tentar com o usuario "agente" na acl´s usr_banco, e usr_proxy. os primeiros teste foram satisfatorios bloqueados como manda o script, porem quando adicionei o User fabio o usuario agente perdeu-se so bloqueava usr_banco, e a usr_proxy mesmo com o usuario dentro ele liberava como não tivesse esse user la dentro, Já o usuario fabio fez o papel bloqueando a acl´s "proxy"
Já falei om varias pessoas e fui em diversos forum buscar alguma ajuda, e não obtive nada. Segue abaixo meu squid.conf para terem ideia de como está.
Obs.: estou quase mudando para o debian pensando que esse problema possa ser do ubuntu e o squid 2.7.
http_port 3128
visible_hostname xxxxxx-proxy
cache_mem 32 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256
cache_access_log /var/log/squid/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl all src 0.0.0.0/0.0.0.0
acl redelocal src 192.168.1.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
############################## Autenticacao #####################################
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/senhas/squid_passwd
auth_param basic realm SERVIDOR DE INTERNET < - > CAPITALPLUS
acl autenticados proxy_auth REQUIRED
################ LIBERADO TOTAL #########################################
acl liberado proxy_auth "/etc/squid/usuario/usr_liberado"
############ LISTA DE BANCO BLOQUEIOS ################################
acl capital proxy_auth "/etc/squid/usuario/usr_capital"
acl url_banco url_regex -i "/etc/squid/sites/url_banco"
########### LISTA DE PROXY BLOQUEADOS ###############################
acl proxy proxy_auth "/etc/squid/usuario/usr_proxy"
acl url_sites_proxy url_regex -i "/etc/squid/sites/url_sites_proxy"
######### LISTA DE MSN BLOQUEADOS ###################################
#acl msn proxy_auth "/etc/squid/usuario/usr_msn"
#acl url_msn_online url_regex -i "/etc/squid/sites/url_msn_online"
########## LISTA DE SITES PORNOS BLOQUEADOS #########################
#acl
[*****] proxy_auth "/etc/squid/usuario/usr_porno"
#acl url_sites_porno url_regex -i "/etc/squid/sites/url_sites_porno"
############# PALAVRAS BLOQUEADAS #####################################
#acl palavrasb proxy_auth "/etc/squid/usuario/usr_palavrasb"
#acl palavras_block url_regex "/etc/squid/palavras/palavras_block"
#########################################################################
http_access allow liberado
http_access allow capital !url_banco
http_access allow proxy !url_sites_proxy
http_access allow localhost
http access allow redelocal
http_access deny all
icp_access allow all