laguna
(usa Ubuntu)
Enviado em 13/12/2010 - 13:14h
Olá kmarada
kra achei teu conf mesmo de teste meio chapado (doido) mais vamos la
vc criou a acl para sua rede
acl all src 192.168.0.0/255.255.255.0
as outras acls
#sites
acl sites.bloqueados url_regex -i "/etc/squid/sites.bloqueados"
#sem acesso
http_access deny informatica
#clientes
acl informatica src "/etc/squid/ips.informatica"
posteriormente vc fecha a conexão para rede local
http_access deny all
veja os detalhes vc ta liberando o squid para qm?
pois não tem nenhuma acl aceita para navegar.
vou postar abaixo um .conf, adapte ele para suas necessidades e veja se resolve
authenticate_cache_garbage_interval 1 days
# ACCESS CONTROLS
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
#------------------------------------------------------------------
#ACL com as MAC
acl admin arp "/etc/squid/mac/admin.txt"
acl vip arp "/etc/squid/mac/vip.txt"
acl geral arp "/etc/squid/mac/geral.txt"
#---------------------------------------------------------------------
#ACL com palavras e sites proibidos
acl block_vip url_regex -i "/etc/squid/sites/block_vip.txt"
acl block_geral url_regex -i "/etc/squid/sites/block_geral.txt"
#---------------------------------------------------------------------
#Acl com bloqueio por IP
acl ip-block dst "/etc/squid/ip-dst/ip.txt"
#----------------------------------------------------------------------
#Bloqueio de donwload por extensão
acl download_vip url_regex -i "/etc/squid/download/download_vip.txt"
acl download_geral url_regex -i "/etc/squid/download/download.txt"
#-----------------------------------------------------------------------
#Bloqueando MSN
acl msn1 dstdomain -i "/etc/squid/msn/msn1.txt"
acl msn2 url_regex -i "/etc/squid/msn/msn2.txt"
acl msn url_regex -i /gateway/gateway.dll
#----------------------------------------------------------------------
#Bloqueando os grupos
http_access allow admin
http_access allow vip !block_vip !download_vip !msn !msn2 !msn1
http_access allow geral !block_geral !download_geral !ip-block !msn !msn2 !msn1
http_access allow localhost
#Proxy externo
http_access deny all
#--------------------------------------------------------------------------
icp_access allow all
http_port 3128 transparent
hierarchy_stoplist cgi-bin ?
#Cache feito em memoria RAM
#cache_mem 64 MB
#Tamando arquivos em cache na memoria RAM
#maximum_object_size_in_memory 500 KB
memory_replacement_policy heap LFUDA
cache_replacement_policy heap GDSF
#10000 em MB (10 GB),temos 16 pastas com 256 subpastas cada uma
cache_dir ufs /var/spool/squid 10000 16 256
minimum_object_size 0 KB
maximum_object_size 800 MB
cache_swap_low 90 #Limite da percentagem de cache
cache_swap_high 95 #Quando atingir 95% da percentagem, excluir até voltar a 90%
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
logfile_rotate 0
pid_filename /var/run/squid.pid
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
#Suggested default:
refresh_pattern ^http:// 30 40% 20160
refresh_pattern ^ftp:// 30 50% 20160
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Package(.gz)*)$ 0 20% 2880
refresh_pattern ^gopher:// 30 40% 20160
refresh_pattern . 1440 100% 1440 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i exe$ 0 50% 999999
refresh_pattern -i zip$ 0 50% 999999
refresh_pattern -i iso$ 0 50% 999999
refresh_pattern -i flv$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i swf$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i cab$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i rar$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i deb$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i mp3$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i msi$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i rmvb$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i mp4$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i gif$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i png$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i jpg$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i tar$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i jar$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i war$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i dll$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i pdf$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i doc$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i pps$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i mpeg$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i mov$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i mpg$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i avi$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i 3gp$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i wmv$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i bmp$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i tif$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i amv$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i psf$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i gz$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
refresh_pattern -i vdf$ 0 50% 999999 ignore-reload override-lastmod override-expire reload-into-ims
acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
extension_methods REPORT MERGE MKACTIVITY CHECKOUT
visible_hostname fp.labs
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/Portuguese
#dns_nameservers 201.10.128.3 201.10.120.3
hosts_file /etc/hosts
coredump_dir /var/spool/squid