SQUID [RESOLVIDO]
1. SQUID [RESOLVIDO]
jocemir
(usa Red Hat)
Enviado em 28/11/2013 - 15:11h
pessoal,
tenho um proxy squid na minha rede, quando tento acessar qualquer tipo de site o mesmo mostra uma mensagem no acccess.log:
1141745294.708 0 192.168.1.253 TCP_DENIED/403 1372 CONNECT xxx.xxx.xx.xxx:10000 - NONE/- text/htm
Segue minha configuração do squid, obrigado a todos pela ajuda !!!
http_port 8080
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#cache dir ufs /var/spool/squid 100 16 256
#cache_men 164 MB
cache_access_log /var/log/squid/access.log
auth_param basic children 5
auth_param basic realm squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl Safe_ports port 80 # http
acl Safe_ports port 53 # tcp
acl Safe_ports port 2631 # conectividade
acl Safe_ports port 21 # ftp
acl Safe_ports port 389 # lDP
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 110 # pop
acl Safe_ports port 587 # smtp
acl Safe_ports port 5900 # vnc
acl CONNECT method CONNECT
acl purge method PURGE
#
#
#################
#Redes SJT ######
#################
acl rede_sjt src 192.168.100.0/255.255.255.0
#
#
##########################
# Usuários da Rede SJT #####
##########################
acl jgomes-ti src 192.168.100.26
acl tjorge-ti src 192.168.100.45
#########################
# Rede Visitante DHCP ###
#########################
acl visitante0 src 192.168.100.233
acl visitante1 src 192.168.100.234
acl visitante2 src 192.168.100.235
acl visitante3 src 192.168.100.236
acl visitante4 src 192.168.100.237
##############################
# Servidores #################
##############################
acl sjtarq src 192.168.100.xxx
acl sjtsql src 192.168.100.xxx
acl win2008bkp src 192.168.100.xxx
#######################################
# Regras de negação e liberaçãç ######
#######################################
acl [*****] url_regex "/etc/squid/[*****]"
acl noporn url_regex "/etc/squid/noporn"
acl talk url_regex "/etc/squid/talk"
acl notalk url_regex "/etc/squid/notalk"
#
####################################
# Regras para bloquear downloads ###
####################################
## ACL que bloqueia Downloads com as seguintes extensões
acl downloads urlpath_regex ^ftp \.exe$ \.scr$ \vba$ \.pif$ \.avi$ \.mp3$ \.mlv$ \.mp2$ \.mp2v$ \.mpa$ \.mov$ \.mpe$ \.mpeg$ \.ogg$ \.pls$ \.ram$ \.snd$ \.wma$ \.wvx$ \.mid$ \.midi$ \.rmi$ \.img$ \.rar$ \.bin$ \.wav$ \.iso$
acl exe url_regex -i.*.exe$
acl scr url_regex -i.*.scr$
acl vbs url_regex -i.*.vbl$
acl pif url_regex -i.*.pif$
acl avi url_regex -i.*.avi$
acl mp3 url_regex -i.*.mp3$
acl mlv url_regex -i.*.mlv$
acl mp2 url_regex -i.*.mp2$
acl mp2v url_regex -i.*.mp2v$
acl mpa url_regex -i.*.mpa$
acl mov url_regex -i.*.mov$
acl mpe url_regex -i.*.mpe$
acl mpeg url_regex -i.*.mpeg$
acl mpg url_regex -i.*.mpg$
acl ogg url_regex -i.*.ogg$
acl pls url_regex -i.*.pls$
acl ram url_regex -i.*.ram$
acl ra url_regex -i.*.ra$
acl ram url_regex -i.*.ram$
acl snd url_regex -i.*.snd$
acl wma url_regex -i.*.wma$
acl wmv url_regex -i.*.wmv$
acl wvx url_regex -i.*.wvx$
acl mid url_regex -i.*.mid$
acl midi url_regex -i.*.midi$
acl rml url_regex -i.*.rmll$
acl img url_regex -i.*.img$
acl rar url_regex -i.*.rar$
acl zip url_regex -i.*.zip$
acl bin url_regex -i.*.bin$
acl wav url_regex -i.*.wav$
acl iso url_regex -i.*.iso$
acl nodownloads urlpath_regex \webmail.exe \.windowsupdate\.microsoft.com
########################
# Regras de acesso######
########################
#
http_access allow manager localhost
http_access deny manager
http_access allow PURGE localhost
http_access deny PURGE
#
########################################
# Inicio das Regras de acesso Empresa###
########################################
#
http_access allow localhost
http_access allow noporn
httpd_accel_port 21
#
#############################
# Usuários fora do bloqueio##
#############################
http_access allow sjtarq
http_access deny [*****]
http_access deny talk
#
##############################
# Usuários fora do bloqueio###
##############################
#
http_access allow jgomes-ti
http_access allow tjorge-ti
#
###########################################
# Libera o notalk para todos os Usuários ##
###########################################
#http_access allow notalk
#
############################
# Libera o Windows update ##
############################
#
http_access allow nodownloads
http_access allow SJTARQ
http_access allow SJTSQL
http_access allow WIN2008BKP
#
###################################
# Inicio do bloqueio de Downloads##
###################################
#
http_access deny downloads
http_access deny exe
http_access deny scr
http_access deny vbs
http_access deny pif
http_access deny avi
http_access deny mp3
http_access deny mlv
http_access deny mp2
http_access deny mp2v
http_access deny mpa
http_access deny mov
http_access deny mpe
http_access deny mpeg
http_access deny mpg
http_access deny ogg
http_access deny pls
http_access deny ram
http_access deny ra
http_access deny ram
http_access deny snd
http_access deny wma
http_access deny wmv
http_access deny wvx
http_access deny mid
http_access deny midi
http_access deny img
http_access deny rar
http_access deny zip
http_access deny bin
http_access deny wav
http_access deny iso
#
######################################################################
# Inicio do cadastro de usuários com acesso a internet sem Downloads##
######################################################################
#
#ttp_access allow jgomes-ti
#ttp_access allow tjorge-ti
###Visitantes#######
http_access allow visitante0
http_access allow visitante1
http_access allow visitante2
http_access allow visitante3
http_access allow visitante4
#
#
#############################
http_access deny all
http_reply_access allow all
icp_access allow all
visible_hostname FW-SJT
httpd_accel_host virtual
httpd_accel_host port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#ie refresh on
# linguagem dos erros
error_directory /usr/share/squid/errors/Portuguese
logfile_rotate 10
coredump_dir /var/spool/squid
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Atenção a quem posta conteúdo de dicas, scripts e tal (6)
Artigos
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
O mínimo que você precisa saber sobre o terminal (parte 2)
O mínimo que você precisa saber sobre o terminal (parte 1)
Como iniciar uma máquina virtual do VirtualBox automaticamente no boot do LUbuntu 18 LTS
Dicas
Mudar o gerenciador de login (GDM para SDDM e vice-versa) - parte 2
Como deixar as abas do Firefox mais fininhas
Mudar o gerenciador de login (GDM para SDDM)
"Tentando" fazer com que programas rodem no Wayland e no X11
Tópicos
Google Chrome não para de escrever no disco (12)
Windows XP rodando no Linux (5)
Som saiu,sumio,nao funciona, apos atualizacao do linux mint por 22 (1)
Erro ao iniciar Ubuntu 24.04.1 LTS - Management Owner Key - MoK (3)
Top 10 do mês
-
Xerxes
1° lugar - 65.787 pts -
Fábio Berbert de Paula
2° lugar - 42.224 pts -
Clodoaldo Santos
3° lugar - 30.769 pts -
Sidnei Serra
4° lugar - 20.130 pts -
Buckminster
5° lugar - 16.613 pts -
Mauricio Ferrari
6° lugar - 13.306 pts -
Daniel Lara Souza
7° lugar - 12.173 pts -
Diego Mendes Rodrigues
8° lugar - 12.076 pts -
Alberto Federman Neto.
9° lugar - 11.238 pts -
edps
10° lugar - 9.440 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
