Squid bloqueando tudo [RESOLVIDO]
1. Squid bloqueando tudo [RESOLVIDO]
rafamagalhaes
(usa Ubuntu)
Enviado em 28/03/2012 - 10:39h
Fiz uma configuração no squid.conf, porém o proxy agora está bloqueando tudo. O que eu fiz de errado?cache_mem 64 MB # tamanho do cache em disco
cache_dir ufs c:/squid/var/cache 100 16 256
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/23
acl matriz src 192.168.0.0/23
acl mtl src 192.168.2.0/23
acl itb src 192.168.4.0/23
acl sbb src 192.168.6.0/23
acl cte src 192.168.8.0/23
acl sls src 192.168.12.0/23
acl ctn src 192.168.14.0/23
# Portas definidas por padrão.
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
# acls default squid
acl PURGE method PURGE
acl CONNECT method CONNECT
acl POST method POST
# acl para obter grupos do AD
#external_acl_type NT_global_group %LOGIN c:/squid/libexec/mswin_check_ad_group.exe -G
auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe msol.local/msolbhzdc01 --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
# Grupos do AD
#acl TI external NT_global_group BHZ_TI
#acl Users external NT_global_group Domain-Users
acl password proxy_auth REQUIRED
# ACL para liberar acesso ao JAVA
acl java browser Java/1.4 Java/1.5 Java/1.6
# ACL Para liberar sites
#acl whitelisturls url_regex -i "c:/squid/etc/whitelist/urls"
#acl whitelistdomains url_regex -i "c:/squid/etc/whitelist/domains"
# ACL categorias de sites
acl publicidadedomain url_regex -i "c:/squid/etc/categories/adv/domains"
acl publicidadeurl url_regex -i "c:/squid/etc/categories/adv/urls"
acl agressivodomain url_regex -i "c:/squid/etc/categories/aggressive/domains"
acl agressivourl url_regex -i "c:/squid/etc/categories/aggressive/urls"
acl alcooldomain url_regex -i "c:/squid/etc/categories/alcohol/domains"
acl alcoolurl url_regex -i "c:/squid/etc/categories/alcohol/urls"
acl vpndomain url_regex -i "c:/squid/etc/categories/anonvpn/domains"
acl vpnurl url_regex -i "c:/squid/etc/categories/anonvpn/urls"
acl motosdomain url_regex -i "c:/squid/etc/categories/automobile/bikes/domains"
acl motosurl url_regex -i "c:/squid/etc/categories/automobile/bikes/urls"
acl barcosdomain url_regex -i "c:/squid/etc/categories/automobile/boats/domains"
acl barcosurl url_regex -i "c:/squid/etc/categories/automobile/boats/urls"
acl carrosdomain url_regex -i "c:/squid/etc/categories/automobile/cars/domains"
acl carrosurl url_regex -i "c:/squid/etc/categories/automobile/cars/urls"
acl avioesdomain url_regex -i "c:/squid/etc/categories/automobile/planes/domains"
acl avioesurl url_regex -i "c:/squid/etc/categories/automobile/planes/urls"
acl batepapodomain url_regex -i "c:/squid/etc/categories/chat/domains"
acl batepapourl url_regex -i "c:/squid/etc/categories/chat/urls"
acl costtrapsdomain url_regex -i "c:/squid/etc/categories/costtraps/domains"
acl costtrapsurl url_regex -i "c:/squid/etc/categories/costtraps/urls"
acl namorodomain url_regex -i "c:/squid/etc/categories/dating/domains"
acl namorourl url_regex -i "c:/squid/etc/categories/dating/urls"
acl downloaddomain url_regex -i "c:/squid/etc/categories/downloads/domains"
acl downloadurl url_regex -i "c:/squid/etc/categories/downloads/urls"
acl drogasdomain url_regex -i "c:/squid/etc/categories/drugs/domains"
acl drogasurl url_regex -i "c:/squid/etc/categories/drugs/urls"
acl dinamicodomain url_regex -i "c:/squid/etc/categories/dynamic/domains"
acl escolasdomain url_regex -i "c:/squid/etc/categories/education/schools/domains"
acl escolasurl url_regex -i "c:/squid/etc/categories/education/schools/urls"
acl bancariodomain url_regex -i "c:/squid/etc/categories/finance/banking/domains"
acl bancariourl url_regex -i "c:/squid/etc/categories/finance/banking/urls"
acl segurosdomain url_regex -i "c:/squid/etc/categories/finance/insurance/domains"
acl segurosurl url_regex -i "c:/squid/etc/categories/finance/insurance/urls"
acl emprestimosdomain url_regex -i "c:/squid/etc/categories/finance/moneylending/domains"
acl emprestimosurl url_regex -i "c:/squid/etc/categories/finance/moneylending/urls"
acl imobiliariadomain url_regex -i "c:/squid/etc/categories/finance/realestate/domains"
acl imobiliariaurl url_regex -i "c:/squid/etc/categories/finance/realestate/urls"
acl comerciodomain url_regex -i "c:/squid/etc/categories/finance/trading/domains"
acl comerciourl url_regex -i "c:/squid/etc/categories/finance/trading/urls"
acl outrodomain url_regex -i "c:/squid/etc/categories/finance/other/domains"
acl outrourl url_regex -i "c:/squid/etc/categories/finance/other/urls"
acl esotericodomain url_regex -i "c:/squid/etc/categories/fortunetelling/domains"
acl esotericourl url_regex -i "c:/squid/etc/categories/fortunetelling/urls"
acl forumdomain url_regex -i "c:/squid/etc/categories/forum/domains"
acl forumurl url_regex -i "c:/squid/etc/categories/forum/urls"
acl jogardomain url_regex -i "c:/squid/etc/categories/gamble/domains"
acl jogarurl url_regex -i "c:/squid/etc/categories/gamble/urls"
acl governodomain url_regex -i "c:/squid/etc/categories/government/domains"
acl governourl url_regex -i "c:/squid/etc/categories/government/urls"
acl hackingdomain url_regex -i "c:/squid/etc/categories/hacking/domains"
acl hackingurl url_regex -i "c:/squid/etc/categories/hacking/urls"
acl cozinhadomain url_regex -i "c:/squid/etc/categories/hobby/cooking/domains"
acl cozinhaurl url_regex -i "c:/squid/etc/categories/hobby/cooking/urls"
acl jogosinfodomain url_regex -i "c:/squid/etc/categories/hobby/games-misc/domains"
acl jogosinfourl url_regex -i "c:/squid/etc/categories/hobby/games-misc/urls"
acl jogosonlinedomain url_regex -i "c:/squid/etc/categories/hobby/games-online/domains"
acl jardinagemdomain url_regex -i "c:/squid/etc/categories/hobby/gardening/domains"
acl jardinagemurl url_regex -i "c:/squid/etc/categories/hobby/gardening/urls"
acl animaisdomain url_regex -i "c:/squid/etc/categories/hobby/pets/domains"
acl animaisurl url_regex -i "c:/squid/etc/categories/hobby/pets/urls"
acl domesticadomain url_regex -i "c:/squid/etc/categories/homestyle/domains"
acl domesticaurl url_regex -i "c:/squid/etc/categories/homestyle/urls"
acl hospitaldomain url_regex -i "c:/squid/etc/categories/hospitals/domains"
acl hospitalurl url_regex -i "c:/squid/etc/categories/hospitals/urls"
acl imagehostingdomain url_regex -i "c:/squid/etc/categories/imagehosting/domains"
acl imagehostingurl url_regex -i "c:/squid/etc/categories/imagehosting/urls"
acl ispdomain url_regex -i "c:/squid/etc/categories/isp/domains"
acl empregodomain url_regex -i "c:/squid/etc/categories/jobsearch/domains"
acl empregourl url_regex -i "c:/squid/etc/categories/jobsearch/urls"
acl bibliotecadomain url_regex -i "c:/squid/etc/categories/library/domains"
acl bibliotecaurl url_regex -i "c:/squid/etc/categories/library/urls"
acl militardomain url_regex -i "c:/squid/etc/categories/military/domains"
acl militarurl url_regex -i "c:/squid/etc/categories/military/urls"
acl modelosdomain url_regex -i "c:/squid/etc/categories/models/domains"
acl modelosurl url_regex -i "c:/squid/etc/categories/models/urls"
acl filmesdomain url_regex -i "c:/squid/etc/categories/movies/domains"
acl filmesurl url_regex -i "c:/squid/etc/categories/movies/urls"
acl musicadomain url_regex -i "c:/squid/etc/categories/music/domains"
acl musicaurl url_regex -i "c:/squid/etc/categories/music/urls"
acl noticiadomain url_regex -i "c:/squid/etc/categories/news/domains"
acl noticiaurl url_regex -i "c:/squid/etc/categories/news/urls"
acl podcastsdomain url_regex -i "c:/squid/etc/categories/podcasts/domains"
acl podcastsurl url_regex -i "c:/squid/etc/categories/podcasts/urls"
acl politicadomain url_regex -i "c:/squid/etc/categories/politics/domains"
acl politicaurl url_regex -i "c:/squid/etc/categories/politics/urls"
acl pornodomain url_regex -i "c:/squid/etc/categories/[*****]/domains"
acl pornourl url_regex -i "c:/squid/etc/categories/[*****]/urls"
acl radiotvdomain url_regex -i "c:/squid/etc/categories/radiotv/domains"
acl radiotvurl url_regex -i "c:/squid/etc/categories/radiotv/urls"
acl humordomain url_regex -i "c:/squid/etc/categories/recreation/humor/domains"
acl humorurl url_regex -i "c:/squid/etc/categories/recreation/humor/urls"
acl lutadomain url_regex -i "c:/squid/etc/categories/recreation/martialarts/domains"
acl lutaurl url_regex -i "c:/squid/etc/categories/recreation/martialarts/urls"
acl restaurantesdomain url_regex -i "c:/squid/etc/categories/recreation/restaurants/domains"
acl restaurantesurl url_regex -i "c:/squid/etc/categories/recreation/restaurants/urls"
acl esportesdomain url_regex -i "c:/squid/etc/categories/recreation/sports/domains"
acl esportesurl url_regex -i "c:/squid/etc/categories/recreation/sports/urls"
acl viagemdomain url_regex -i "c:/squid/etc/categories/recreation/travel/domains"
acl bemestardomain url_regex -i "c:/squid/etc/categories/recreation/wellness/domains"
acl bemestarurl url_regex -i "c:/squid/etc/categories/recreation/wellness/urls"
acl redirectordomain url_regex -i "c:/squid/etc/categories/redirector/domains"
acl redirectorurl url_regex -i "c:/squid/etc/categories/redirector/urls"
acl religiaodomain url_regex -i "c:/squid/etc/categories/religion/domains"
acl religiaourl url_regex -i "c:/squid/etc/categories/religion/urls"
acl remotecontroldomain url_regex -i "c:/squid/etc/categories/remotecontrol/domains"
acl remotecontrolurl url_regex -i "c:/squid/etc/categories/remotecontrol/urls"
acl ringtonesdomain url_regex -i "c:/squid/etc/categories/ringtones/domains"
acl ringtonesurl url_regex -i "c:/squid/etc/categories/ringtones/urls"
acl astronomiadomain url_regex -i "c:/squid/etc/categories/science/astronomy/domains"
acl astronomiaurl url_regex -i "c:/squid/etc/categories/science/astronomy/urls"
acl quimicadomain url_regex -i "c:/squid/etc/categories/science/chemistry/domains"
acl quimicaurl url_regex -i "c:/squid/etc/categories/science/chemistry/urls"
acl buscadomain url_regex -i "c:/squid/etc/categories/searchengines/domains"
acl buscaurl url_regex -i "c:/squid/etc/categories/searchengines/urls"
acl edusexodomain url_regex -i "c:/squid/etc/categories/sex/education/domains"
acl edusexourl url_regex -i "c:/squid/etc/categories/sex/education/urls"
acl lingeriedomain url_regex -i "c:/squid/etc/categories/sex/lingerie/domains"
acl lingerieurl url_regex -i "c:/squid/etc/categories/sex/lingerie/urls"
acl comprasdomain url_regex -i "c:/squid/etc/categories/shopping/domains"
acl comprasurl url_regex -i "c:/squid/etc/categories/shopping/urls"
acl redessociaisdomain url_regex -i "c:/squid/etc/categories/socialnet/domains"
acl redessociaisurl url_regex -i "c:/squid/etc/categories/socialnet/urls"
acl spywaredomain url_regex -i "c:/squid/etc/categories/spyware/domains"
acl spywareurl url_regex -i "c:/squid/etc/categories/spyware/urls"
acl trackerdomain url_regex -i "c:/squid/etc/categories/tracker/domains"
acl trackerurl url_regex -i "c:/squid/etc/categories/tracker/urls"
acl updatesitesdomain url_regex -i "c:/squid/etc/categories/updatesites/domains"
acl updatesitesurl url_regex -i "c:/squid/etc/categories/updatesites/urls"
acl urlshortnerdomain url_regex -i "c:/squid/etc/categories/urlshortener/domains"
acl urlshortnerurl url_regex -i "c:/squid/etc/categories/urlshortener/urls"
acl violenciadomain url_regex -i "c:/squid/etc/categories/violence/domains"
acl violenciaurl url_regex -i "c:/squid/etc/categories/violence/urls"
acl warezdomain url_regex -i "c:/squid/etc/categories/warez/domains"
acl warezurl url_regex -i "c:/squid/etc/categories/warez/urls"
acl armasdomain url_regex -i "c:/squid/etc/categories/weapons/domains"
acl armasurl url_regex -i "c:/squid/etc/categories/weapons/urls"
acl webmaildomain url_regex -i "c:/squid/etc/categories/webmail/domains"
acl webmailurl url_regex -i "c:/squid/etc/categories/webmail/urls"
acl webphonedomain url_regex -i "c:/squid/etc/categories/webphone/domains"
acl webphoneurl url_regex -i "c:/squid/etc/categories/webphone/urls"
acl webradiodomain url_regex -i "c:/squid/etc/categories/webradio/domains"
acl webradiourl url_regex -i "c:/squid/etc/categories/webradio/urls"
acl webtvdomain url_regex -i "c:/squid/etc/categories/webtv/domains"
acl webtvurl url_regex -i "c:/squid/etc/categories/webtv/urls"
#ACL para bloquear webmail
#acl webmail url_regex -i "c:/squid/etc/acl/webmail"
#Acl para bloquear download
acl download urlpath_regex .com$ .exe$ .pif$ .bat$ .asfv1$ .wmv$ .mp3$ .avi$ .msi$ .asf$
acl streaming urlpath_regex -i \.asf$ \.asx$ \.avi$ \.au$ \.mid \.midi$ .\asfv1$ \.wav$
# Bloquear MSN
#acl msn url_regex -i "c:/squid/etc/acl/msn"
acl messenger url_regex -i gateway/gateway.dll
#Bloquear GTALK
#acl gtalk url_regex -i "c:/squid/etc/acl/gtalk"
# Liberar acesso ao java
http_access allow java
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Acesso liberado para TI
#http_access allow password TI
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#http_access allow ip_liberado
# Bloqueio por extensão de arquivo
http_access deny download
http_access deny streaming
# Bloqueio por categoria
http_access deny agressivodomain
http_access deny agressivourl
http_access deny vpndomain
http_access deny vpnurl
http_access deny batepapodomain
http_access deny batepapourl
http_access deny costtrapsdomain
http_access deny costtrapsurl
http_access deny namorodomain
http_access deny namorourl
http_access deny downloaddomain
http_access deny downloadurl
http_access deny drogasdomain
http_access deny drogasurl
http_access deny dinamicodomain
http_access deny jogardomain
http_access deny jogarurl
http_access deny hackingdomain
http_access deny hackingurl
http_access deny jogosinfodomain
http_access deny jogosinfourl
http_access deny jogosonlinedomain
http_access deny empregodomain
http_access deny empregourl
http_access deny musicadomain
http_access deny musicaurl
http_access deny pornodomain
http_access deny pornourl
http_access deny radiotvdomain
http_access deny radiotvurl
http_access deny redirectordomain
http_access deny redirectorurl
http_access deny remotecontroldomain
http_access deny remotecontrolurl
http_access deny ringtonesdomain
http_access deny ringtonesurl
http_access deny redessociaisdomain
http_access deny redessociaisurl
http_access deny spywaredomain
http_access deny spywareurl
http_access deny violenciadomain
http_access deny violenciaurl
http_access deny warezdomain
http_access deny warezurl
http_access deny armasdomain
http_access deny armasurl
http_access deny webphonedomain
http_access deny webphoneurl
http_access deny webradiodomain
http_access deny webradiourl
http_access deny webtvdomain
http_access deny webtvurl
# Liberação por categoria
http_access allow publicidadedomain
http_access allow publicidadeurl
http_access allow alcooldomain
http_access allow alcoolurl
http_access allow motosdomain
http_access allow motosurl
http_access allow barcosdomain
http_access allow barcosurl
http_access allow carrosdomain
http_access allow carrosurl
http_access allow avioesdomain
http_access allow avioesurl
http_access allow escolasdomain
http_access allow escolasurl
http_access allow bancariodomain
http_access allow bancariourl
http_access allow segurosdomain
http_access allow segurosurl
http_access allow emprestimosdomain
http_access allow emprestimosurl
http_access allow imobiliariadomain
http_access allow imobiliariaurl
http_access allow comerciodomain
http_access allow comerciourl
http_access allow outrodomain
http_access allow outrourl
http_access allow esotericodomain
http_access allow esotericourl
http_access allow forumdomain
http_access allow forumurl
http_access allow governodomain
http_access allow governourl
http_access allow cozinhadomain
http_access allow cozinhaurl
http_access allow jardinagemdomain
http_access allow jardinagemurl
http_access allow animaisdomain
http_access allow animaisurl
http_access allow domesticadomain
http_access allow domesticaurl
http_access allow hospitaldomain
http_access allow hospitalurl
http_access allow imagehostingdomain
http_access allow imagehostingurl
http_access allow ispdomain
http_access allow bibliotecadomain
http_access allow bibliotecaurl
http_access allow militardomain
http_access allow militarurl
http_access allow modelosdomain
http_access allow modelosurl
http_access allow filmesdomain
http_access allow filmesurl
http_access allow noticiadomain
http_access allow noticiaurl
http_access allow podcastsdomain
http_access allow podcastsurl
http_access allow politicadomain
http_access allow politicaurl
http_access allow humordomain
http_access allow humorurl
http_access allow lutadomain
http_access allow lutaurl
http_access allow restaurantesdomain
http_access allow restaurantesurl
http_access allow esportesdomain
http_access allow esportesurl
http_access allow viagemdomain
http_access allow bemestardomain
http_access allow bemestarurl
http_access allow religiaodomain
http_access allow religiaourl
http_access allow astronomiadomain
http_access allow astronomiaurl
http_access allow quimicadomain
http_access allow quimicaurl
http_access allow buscadomain
http_access allow buscaurl
http_access allow edusexodomain
http_access allow edusexourl
http_access allow lingeriedomain
http_access allow lingerieurl
http_access allow comprasdomain
http_access allow comprasurl
http_access allow trackerdomain
http_access allow trackerurl
http_access allow updatesitesdomain
http_access allow updatesitesurl
http_access allow urlshortnerdomain
http_access allow urlshortnerurl
http_access allow webmaildomain
http_access allow webmailurl
# Liberação de usuário e senha do AD
http_access allow password
#http_access allow password Users
#http_access deny password !TI !Users
# Liberação da rede das localidades
http_access allow matriz
http_access allow mtl
http_access allow itb
http_access allow sbb
http_access allow cte
http_access allow sls
http_access allow ctn
# Bloqueia todo o resto
http_access deny all
#Allow ICP queries from local networks only
icp_access allow matriz
icp_access allow mtl
icp_access allow itb
icp_access allow sbb
icp_access allow cte
icp_access allow sls
icp_access allow ctn
icp_access deny all
# Squid normally listens to port 3128
http_port 8080
# Definir para o idioma portugues as mensagens de erro.
error_directory C:/Squid/share/errors/Portuguese
hierarchy_stoplist cgi-bin ?
# Arquivo onde sera gerado o log de acesso dos usuários.
access_log c:/squid/var/logs/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/\?) 0 0% 0
refresh_pattern . 0 20% 4320