Squid 3 [RESOLVIDO]
1. Squid 3 [RESOLVIDO]
wiliampegoraro
(usa Outra)
Enviado em 06/03/2013 - 09:07h
Bom dia companheiros, estou configurando meu squid, mas está apresentando os seguintes erros, e não sei o que fazer. Abaixo segue o erro e o squid completoroot@servernet02:~# squid3 -k reconfigure
2013/03/06 08:50:58| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2013/03/06 08:50:58| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2013/03/06 08:50:58| WARNING: For now we will assume you meant to write /32
FATAL: getpwnam failed to find userid for effective user 'squid'
Squid Cache (Version 3.1.19): Terminated abnormally.
CPU Usage: 0.040 seconds = 0.028 user + 0.012 sys
Maximum Resident Size: 70832 KB
Page faults with physical i/o: 0
root@servernet02:~#
##################### SQUID ########################
http_port 3128 transparent
maximum_icp_query_timeout 2000
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
##manual do squid pede pra por isso pra ajudar no windows update
#range_offset_limit -1
#quick_abort_min -1
##
maximum_object_size 600 MB
minimum_object_size 10 KB
maximum_object_size_in_memory 100 KB
##cache_replacement_policy heap GDSF
##memory_replacement_policy heap GDSF
##otimisacoes novas
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
## off para o squid fechar conexoes
half_closed_clients off
##fim otimizacoes novas
cache_dir ufs /var/spool3/squid 30000 128 128
cache_access_log /var/log/squid3/access.log.1
cache_log /var/log/squid3/cache.log.1
cache_store_log none
emulate_httpd_log off
mime_table /etc/squid3/mime.conf
pid_filename /var/run/squid.pid
debug_options ALL,1
hosts_file /etc/hosts
#fazer cache do windows update
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims
refresh_pattern msgruser.dlservice.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims
#faz o cache dos arquivos do anti-virus Kaspersky
refresh_pattern dnl-/.*\.(xml|stt|dll|dat|avc|dif|exe|cab|fad) 10080 100% 43200 reload-into-ims
#cache dos videos do youtube mas acho que nao funciona
#refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
#acl youtube dstdomain .youtube.com
#cache allow youtube
cache_effective_user squid
cache_effective_group squid
visible_hostname intranet.rafitec.com.br
visible_hostname suporte.rafitec.com.br
logfile_rotate 10
icon_directory /usr/local/share/icons
#error_directory /usr/local/share/errors/Portuguese
error_directory /etc/squid3/ErrosPersonalizados
coredump_dir /var/squid3/cache
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#dstdom_regex se a palavra estiver no dominio da url
#url_regex se a palavra estiver na url
#urpath_regex se a palavra estiver
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl proibir_ip_local src "/etc/squid3/proibir_ip_local"
acl proibir_dominios dstdom_regex -i "/etc/squid3/proibir_dominios"
#acl proibir_downloads url_regex #estava assim antes, proibindo em toda a url, foi adicionado .com
acl proibir_downloads urlpath_regex -i \.com$ \.vbs$ \.bat$ \.avi$ \.mp3$ \.scr$ \.cmd$ \.rmvb$ \.wmv$ \.wma$ \.mpg$ \.mpeg$ \.mp4$ \.iso$ \.zip$ \.rar$ \.cab$ \.rpm$ \.tar$ \.gz$ \.tgz.$ \.tgz$ \.exe$ \.msi$ \.flv$ \.pls$ \.cpl$
#acl proibir_downloads_compactados url_regex -i \.iso$ \.rar$ \.cab$ \.rpm$ \.tar$ \.gz$ \.tgz.$ \.tgz$ \.jar$
#acl proibir_downloads_virus url_regex -i \.com$ \.vbs$ \.bat$ \.scr$ \.cmd$ \.exe$ \.msi$ .cpl$
#acl proibir_downloads_audio url_regex -i \.mp3$ \.wma$ \.ogg$ \.pls$
#acl proibir_downloads_video url_regex -i \.avi$ \.rmvb$ \.wmv$ \.mpg$ \.mpeg$ \.mp4$ \.flv$
#Radios_online
acl streaming rep_mime_type ^video/x-ms-asf
acl music urlpath_regex -i \.aif$ \.aifc$ \.aiff$ \.asf$ \.asx$ \.avi$ \.au$ \.m3u$ \.med$ \.mp3$ \.m1v$ \.mp2$ \.mp2v$ \.mpa$ \.mov$ \.mpe$ \.mpg$ \.mpeg$ \.ogg$ \.pls$ \.ram$ \.ra$ \.ram$ \.snd$ \.wma$ \.wmv$ \.wvx$ \.mid$ \.midi$ \.rmi$
acl proibir_atualizacoes_horario time MTWHF 07:00-09:30
acl proibir_atualizacoes_sites dstdom_regex -i "/etc/squid3/proibir_atualizacoes_sites"
#############################################################################################
################### LIBERAR ACESSO AO YOUTUBE PARA CERTOS IP ################################
#############################################################################################
acl ip_youtube src 192.168.200.245/32 #JOANES_WIRELESS
acl ip_youtube src 192.168.200.163/32 #PAULO
acl ip_youtube src 192.168.200.231/32 #SONIA
acl ip_youtube src 192.168.200.246/32 #JOANES
acl ip_youtube src 192.168.200.29/32 #ALEXANDRE_MANUTENCAO
acl ip_youtube src 192.168.200.33/32 #JOSIANE_COMERCIAL
acl ip_youtube src 192.168.200.191/32 #JULIANO_TI
acl ip_youtube src 192.168.200.120/32 #JARBAS_TI
acl ip_youtube src 192.168.200.176/32 #ISLEY_MANUTENCAO
acl ip_youtube src 192.168.200.18/32 #MICHEL_MANUTENCAO
acl proibir_youtube dstdom_regex -i "/etc/squid3/proibir_youtube"
http_access allow ip_youtube proibir_youtube
#############################################################################################
acl proibir_palavras_na_url url_regex -i "/etc/squid3/proibir_palavras_na_url"
#criar ACL para proibir palavras somente do dominio em diante
#urlpath_regex: semelhante ao url_regex, mas exclui o protocolo e o domínio na busca
acl proibir_palavras_no_dominio dstdom_regex -i "/etc/squid3/proibir_palavras_no_dominio"
acl proibir_ip_remoto dst "/etc/squid3/proibir_ip_remoto"
acl proibir_malware url_regex -i "/etc/squid3/proibir_malware"
acl proibir_possiveis_virus dstdom_regex -i "/etc/squid3/proibir_possiveis_virus"
acl proibir_temporario dstdom_regex -i "/etc/squid3/proibir_temporario"
acl proibir_youtube dstdom_regex -i "/etc/squid3/proibir_youtube"
acl proibir_imcontrol url_regex -i "/etc/squid3/proibir_imcontrol"
acl liberar_imcontrol url_regex -i "/etc/squid3/liberar_imcontrol"
acl liberar_palavras_na_url url_regex -i "/etc/squid3/liberar_palavras_na_url"
acl liberar_palavras_no_dominio dstdom_regex -i "/etc/squid3/liberar_palavras_no_dominio"
acl liberar_downloads_nos_sites dstdom_regex -i "/etc/squid3/liberar_downloads_nos_sites"
acl liberar_updates dstdom_regex -i "/etc/squid3/liberar_updates"
acl liberar_site_full_temporario dstdom_regex -i "/etc/squid3/liberar_site_full_temporario"
acl liberar_root src "/etc/squid3/liberar_root"
acl liberar_acesso_ip_limitado src "/etc/squid3/liberar_acesso_ip"
#acl liberar_acesso_total_horario src "/etc/squid3/liberar_acesso_total_horario"
#acl liberar_acesso18h time MTWHF 18:10-23:49
#acl liberar_acesso_total_root time MTWHF 07:45-18:15
acl liberar_acesso_total_root time MTWHF 07:45-22:00
acl liberar_acesso_horario time MTWHF 07:45-18:00
acl ip_horario_comercial src "/etc/squid3/liberar_acesso_ip_horario"
acl liberar_ip_remoto dst "/etc/squid3/liberar_ip_remoto"
acl NOCACHE dstdomain -i "/etc/squid3/proibir_cache"
acl liberar_dominios dstdom_regex -i "/etc/squid3/liberar_dominios"
#SQStat
acl webserver src 127.0.0.1/255.255.255.255
http_access allow manager webserver
################# PROIBIR TEMPORARIOS E YOUTUBE PARA OS ROOTS #######################
http_access deny proibir_youtube
http_access deny proibir_temporario
http_access deny proibir_imcontrol !liberar_imcontrol
#####################################################################################
#proibir acesso total de ips locais para não fazer nem atualizacao
http_access deny proibir_ip_local
#no_cache deny NOCACHE
http_access allow manager localhost
http_access allow liberar_root liberar_acesso_total_root
################## PROIBIR ATUALIZACAO DAS 7:00 AS 9:00 #############################################
http_access deny proibir_atualizacoes_sites proibir_atualizacoes_horario
################## HABILITAR ATUALIZACOES E DESABILITAR QUANDO NECESSARIO ###########################
###http_access deny proibir_temporario
http_access allow liberar_updates
#####################################################################################################
http_access allow liberar_site_full_temporario
http_access allow liberar_dominios
http_access allow liberar_ip_remoto
http_access deny proibir_malware
http_access deny proibir_downloads !liberar_downloads_nos_sites
http_access deny proibir_possiveis_virus
#http_access allow liberar_acesso_total_horario liberar_acesso18h
http_access deny proibir_palavras_na_url !liberar_palavras_na_url
http_access deny proibir_palavras_no_dominio !liberar_palavras_no_dominio
http_access deny proibir_ip_remoto
##http_access deny proibir_youtube
##HTTP RADIO_ONLINE
http_access deny music
http_reply_access deny music
http_access deny streaming
http_reply_access deny streaming
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny proibir_dominios
http_access allow liberar_acesso_ip_limitado
http_access allow liberar_acesso_horario ip_horario_comercial
http_reply_access allow all
http_access deny all
#TESTE DE CONTROLE DE BANDA
#delay_pools 2
#delay_class 1 3
#delay_class 2 3
#delay_access 1 allow copa
#delay_access 2 allow liberar_acesso_ip_limitado
#delay_parameters 1 -1/-1 -1/-1 -1/-1
#delay_parameters 2 80000/80000 40000/40000 5000/5000