linux-4ever
(usa CentOS)
Enviado em 16/12/2014 - 16:49h
buckminster escreveu:
Idéias eu tenho várias, mas só posso dizê-las depois de ver teu squid.conf e o script do Iptables, pois minha bola de cristal está no conserto.
*** Eis aqui meu squid.conf, podes notar alguma bagunça ou regras comentadas pois executei vários testes***
No iptables não configurei nada
#acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
visible_hostname ACESSO-NEGADO-PELO-PROXY
acl localnet src 177.18.173.0/24 # RFC1918 possible internal network
acl localnet src 192.168.1.0/24 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#-----------------------------------------------------------------------------
acl admin src "/etc/squid3/acessos/admin.txt"
acl rede src 173.18.183.0/24
#acl password proxy_auth REQUIRED
#----------------------------------------------------------------------------
http_access allow admin
http_access allow rede
#http_access allow password
http_access allow all
http_access deny !Safe_ports
##Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
http_port 7808
#Visible hostname [Nome do Servidor]
auth_param basic realm Para obter login e senha solicite o administrador da rede.
cache_access_log /var/log/squid3/access.log
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd
#acl password proxy_auth REQUIRED
#http_acess allow password
#http_acess deny all
# Squid normally listens to port 3128
allow localhost manager
http_access deny manager