Site do Sicredi
1. Site do Sicredi
marildo.vezaro
(usa Debian)
Enviado em 07/05/2013 - 12:16h
OláSou um pouco iniciante em servidores proxy com squid. Estou com um problema com site do sicredi.
Sicredi mudou o site, mas a rede em que está o servidor squid que montei atuando so mostra site antigo para usuarios e não tem cristo que faça acessar o novo, como posso resolver isso? Ja tentei desviar no firewall o site mas sem sucesso. Segue o scrip do firewall e proxy se alguem pode me dar um auxilio.
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
#Limpa tabelas
iptables -t filter -F
iptables -t nat -F
iptables -t mangle -F
#mas
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
iptables -A FORWARD -p tcp --dport 110 -j ACCEPT
iptables -A FORWARD -p tcp --dport 993 -j ACCEPT
iptables -A FORWARD -p tcp --dport 995 -j ACCEPT
iptables -A FORWARD -p tcp --dport 25 -j ACCEPT
iptables -A FORWARD -p tcp --dport 465 -j ACCEPT
iptables -A FORWARD -p tcp --dport 587 -j ACCEPT
#iptables -A FORWARD -p tcp --dport 443 -j ACCEPT
iptables -A FORWARD -p tcp --dport 81 -j ACCEPT
#portas dns
iptables -t filter -A FORWARD -s 192.168.190.0/24 -p udp --sport 53 -j ACCEPT
iptables -t filter -A FORWARD -s 192.168.190.0/24 -p udp --dport 53 -j ACCEPT
#MSN
iptables -A FORWARD -s 192.168.190.0/24 -p tcp --dport 1863 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d loginnet.passport.com -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d 64.4.13.0/24 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d login.live.com -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d login.passport.com -j ACCEPT
iptables -A OUTPUT -d twitter.com -p tcp --dport 443 -j REJECT
#nfe
iptables -A FORWARD -s 192.168.190.0/24 -d 201.49.164.105/32 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d 189.31.180.195/32 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d 200.241.32.197/32 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d 200.141.128.73/32 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d 186.209.98.73/32 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d 200.49.239.118/32 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d 95.211.94.10/32 -j ACCEPT
iptables -A FORWARD -s 192.168.190.0/24 -d gateway.messenger.hotmail.com -j ACCEPT
#SQUID
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
exit 0
/////////////////////////
squid
/////////////////////////
http_port 3128
icp_port 3130
visible_hostname vezaroweb.com.br
#Nega cache de paginas dinamicas
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
debug_options ALL,1 33,2
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
#Memoria usada para cache de paginas
cache_mem 2048 MB
#Tamanho maximo arquivo salvo em cache
maximum_object_size 100 MB
#Tamanho minimo arquivo salvo em cache
minimum_object_size 2 KB
#Apaga arquivos antigos atingindo 95% HD ate voltar abaixo de 90%
cache_swap_low 90
cache_swap_high 95
#Local e tamanho reservado ao cache
cache_dir ufs /var/spool/squid 52048 16 256
#Registros de acessos
cache_access_log /var/log/squid/access.log squid
#Traducao do squid no browser
error_directory /usr/share/squid/errors/pt-br
client_netmask 255.255.255.0
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off
#Atualizacao de cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
#REDE LOCAL
acl rede_local src 192.168.190.0/24
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl SSL_ports port 587
acl SSL_ports port 995
acl SSL_ports port 8089
#acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 8089
acl Safe_ports port 587
acl Safe_ports port 995
acl Safe_ports port 53
acl purge method PURGE
acl CONNECT method CONNECT
#Bloqueio de sites https
acl https_bloqueados url_regex -i "/etc/squid/config/https_bloqueados"
http_access deny https_bloqueados
http_access deny CONNECT https_bloqueados
#MSN mime
acl msn_mime req_mime_type application/x-msn-messenger
http_access allow msn_mime
#Banner anuncio do msn
acl ADSAdClien url_regex ADSAdClien
http_access deny ADSAdClien
deny_info http://192.168.190.5/msn.html ADSAdClien
#Servidor Apache liberado
acl web_local url_regex 192.168.190.5
http_access allow web_local
#Receita
acl receita url_regex receita.fazenda.gov.br fazenda.gov.br sefaz.mt.gov.br sintegra.gov.br sefaz.go.gov.br fazenda.sp.gov.br sefaz.ms.gov.br sef.sc.gov.br sefaz.ba.gov.br sefaz.ce.gov.br sefaz.df.gov.br sefaz.es.gov.br sintegra.sefaz.pr.gov.br sefaz.ma.gov.br sefaz.mg.gov.br sefaz.pa.gov.br sefaz.pe.gov.br fazenda.rj.gov.br sefaz.rs.gov.br sefaz.to.gov.br
http_access allow receita
#Autenticacao para acesso
acl usuarios proxy_auth REQUIRED
#Usuarios com acesso livre
acl usuario_livre proxy_auth "/etc/squid/config/usuario_livre"
#Usuarios com acesso controlado pelos sites bloqueados
acl usuario_restrito proxy_auth "/etc/squid/config/usuario_restrito"
acl url_bloqueado url_regex -i "/etc/squid/config/url_bloqueado"
#Usuarios com acesso somente aos sites liberados
acl usuario_bloqueado proxy_auth "/etc/squid/config/usuario_bloqueado"
acl url_liberado url_regex -i "/etc/squid/config/url_liberado"
#Libera acesso ao msn
acl msn_liberado url_regex gateway.dll www.sqm.microsoft.com microsoft.com messenger.msn.com gateway.messenger.hotmail.com byrdr.omega.contacts.msn.com .atdm.com contacts.msn.com local-bay.contacts.msn.com by2.storage.msn.com sqm.microsoft.com g.msn.com msn.com verisign.com byrdr.omega.contacts.msn.com contacts.msn.com contacts.msn.com:443 sqmserver.dll drv_MSN_Today m.adnxs.com msads.net
acl POST method GET POST CONNECT
acl rq_mime_msn req_mime_type application/x-msn-messenger
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access allow SSL_ports CONNECT
http_access allow rede_local msn_liberado POST
http_access deny Safe_ports !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny to_localhost
http_access allow usuario_livre
http_access deny url_bloqueado
http_access allow usuario_restrito !url_bloqueado
http_access allow url_liberado
http_access deny usuario_bloqueado !url_liberado
http_access allow usuarios usuario_livre
http_access allow usuarios usuario_restrito
http_access allow usuarios usuario_bloqueado
http_access deny !rede_local
http_access allow rede_local
http_access deny all
icp_access allow all
coredump_dir /var/spool/squid
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast
extension_methods REPORT MERGE MKACTIVITY CHECKOUT