caio.thimons
(usa Ubuntu)
Enviado em 04/01/2013 - 11:18h
Boa tarde, sou meio leigo ainda sobre squid, acabei de instala o squid3 aqui na empresa e estou usando ele com autenticação de usuario, até o momeno esta tudo funcionando a autenticação, os relatorios de acesso á paginas(sarg) tambem está funcionando, porém não esta bloqueando por palavras os sites e nem os sites que coloquei no arquivo, separei os usuarios em 6 categorias:
user_free (administrador darede)
user_chefia (chefe e gerentes)
user_comercial (toda parte comercial)
user_especial ( usuaios com alguns sites liberador)
user_financeiro (toda partefinanceira)
user_usuario (para todos os restantes)
de uma olhada e meu squid e veem se tem algum erro por gentileza, obrigado deis de já.!
Squid3
http_port 3128
auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/passwd
auth_param basic children 5
auth_param basic realm Digite seu usuario e senha
auth_param basic credentialsttl 4 hours
auth_param basic casesensitive off
visible_hostname Server Proxy
cache_mgr ti@cientistas.com.br
error_directory /usr/share/squid3/errors/Portuguese
hierarchy_stoplist cgi-bin ?
cache_mem 256 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 100 MB
cache_dir ufs /var/spool/squid3 2040 16 256
refresh_pattern ^ftp: 360 20% 10080
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
access_log /var/log/squid3/access.log
acl localhost src 127.0.0.1/32
acl localnet src 10.0.0.0/32
#TI
acl user_free proxy_auth "/etc/squid3/user_free"
http_access allow user_free
#Autentica
acl usuarios proxy_auth REQUIRED
http_access allow usuarios
#gerentes e chefia
acl user_chefia proxy_auth "/etc/squid3/user_chefia"
http_access allow user_chefia
#Comercial
acl user_comercial proxy_auth "/etc/squid3/user_comercial"
http_access allow user_comercial
#Administrativo
acl user_administrativo proxy_auth "/etc/squid3/user_administrativo"
http_access allow user_administrativo
#Financeiro
acl user_financeiro proxy_auth "/etc/squid3/user_financeiro"
http_access allow user_financeiro
#usuario Download
#acl user_download proxy_auth "/etc/squid3/user_download"
#usuario especial
acl user_especial proxy_auth "/etc/squid3/user_especial"
http_access allow user_especial
#usuario normal
acl user_especial proxy_auth "/etc/squid3/user_usuario"
http_access allow user_usuario
#sites excessao
acl unblockedsites url_regex -i "/etc/squid3/unblock"
#horario de acesso
#acl almoco time MTWHF 12:00-13:00
#http_access deny almoco user_financeiro
#http_access allow localnet almoco
acl manager proto cache_object
http_access allow manager localhost
http_access deny manager
#controle de banda
delay_pools 2
#sem restricao de banda
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow user_free
delay_access 1 allow user_chefia
#restricao banda geral
delay_class 2 2
delay_parameters 2 20000/20000 20000/20000
delay_access 2 allow all
#Bloqueio MSN
acl msn url_regex -i /gateway/gateway.dll
http_access allow msn user_free
http_access allow msn user_comercial
http_access allow msn user_chefia
http_access deny msn !user_especial
acl purge method PURGE
http_access allow purge localhost
http_access deny purge
acl Safe_ports port 21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 80 # http
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 443 # https
acl Safe_ports port 488 # gss-http
acl Safe_ports port 563 # mntps
acl Safe_ports port 591 # filemaker
acl Safe_ports port 633 # cups
acl Safe_ports port 777 # multiling http
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # swat
acl Safe_ports port 1025-65535 # unregistered ports
http_access deny !Safe_ports
acl connect method CONNECT
acl ssl_ports port 443 # https
acl ssl_ports port 563 # mntps
acl ssl_ports port 873 # rsync
http_access deny connect !SSL_ports
#url dominio bloqueados
acl domains dstdomain "/etc/squid3/domains"
http_access deny domains !unblockedsites
http_access deny domains !user_free
#url dominio bloqueados (facebook e Orkut)
acl domains2 dstdomain "/etc/squid3/domains2"
http_access deny domains2 !unblockedsites
http_access deny domains2 !user_free
http_access deny domains2 !user_especial
#palavras bloqueadas
acl words url_regex -i "/etc/squid3/words"
http_access deny words !unblockedsites
http_access deny words !user_free
#palavras bloqueadas(facebook e Orkut)
acl words2 url_regex -i "/etc/squid3/words2"
http_access deny words2 !unblockedsites
http_access deny words2 !user_free
http_access deny words2 !user_especial
#Bloqueio porta 443 https
acl https port 443
http_access allow https user_free
http_access allow https user_chefia
http_access allow https user_comercial
http_access allow https user_especial
http_access deny https !unblockedsites
http_access allow localhost
http_access deny all