#Squid.conf
#by Gustavo Lange
#30/06/2009

# Porta do Squid
http_port xx.x.x.x:3128

# Hostname do squid
visible_hostname proxy.xxx.com

# Configuracoes do Cache
cache_mem 8 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 KB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95

# Configuracoes do squid.conf padroes
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

error_directory /usr/share/errors/Portuguese

# Caminho dos logs
access_log /var/log/squid/logs/access.log

# Administrador do Squid
cache_mgr ti@xxx.com

# Configuracoes do squid.conf padroes
refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320

# Filtros personalizados
acl blockedsites url_regex -i "/etc/squid/bloqueados/block.txt"
acl unblockedsites url_regex -i "/etc/squid/bloqueados/unblock.txt"
acl block_ext urlpath_regex -i "/etc/squid/bloqueados/block-path.txt"
acl block_almoco urlpath_regex -i "/etc/squid/bloqueados/meiodia.txt"

# Autenticacao de Usuarios
auth_param basic program /usr/local/bin/smb_auth -W dominio -u ip_do_servidor_ad
auth_param basic children 5
auth_param basic realm [-- Seu acesso está sendo monitorado --]

# Usuarios sem restricoes de sites
acl atotal proxy_auth "/etc/squid/atotal.txt"
acl userblock proxy_auth "/etc/squid/userblock.txt"

# Usuarios para liberacao por horarios
acl liberados proxy_auth "/etc/squid/libera.txt"

# Restringe internet por horarios para todos users
acl blockALL1 time MTWHFA 17:30-23:59
acl blockALL2 time MTWHFA 00:00-07:20
acl blockDOM time S 00:00-23:59
#acl blockT time MTWHFAS 00:01-23:59
acl almoco time MTWHF 12:05-12:55

# Configuracoes padroes do squid.conf
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# ACLs personalizadas
acl rede_local src xx.xx.xx.x/24
acl domainusers proxy_auth REQUIRED

# Libera usuarios irrestritos
http_access allow atotal
http_access deny userblock

# Aplica regra de bloqueio por horarios
http_access deny blockALL1 domainusers !liberados
http_access deny blockALL2 domainusers
http_access deny blockDOM domainusers
#http_access deny blockT domainusers !liberados
http_access allow domainusers almoco

# Restringe sites proibidos
http_access deny blockedsites !unblockedsites
http_access deny block_ext 

# Libera rede local para usuarios do dominio autenticados
http_access allow rede_local domainusers

# regra padrao do squid.conf
http_access deny all
coredump_dir /var/lib/squid/cache