juniorbiu
(usa Debian)
Enviado em 07/09/2013 - 13:48h
Senhores,
Falha minha, segue o meu squid.conf
==============================
http_port 8080
visible_hostname PROXY
error_directory /usr/share/squid3/errors/Portuguese
#dns_v4_first on
append_domain .xxxxxxx.net
tcp_outgoing_address xxxxxxxx.net
auth_param basic children 8
hierarchy_stoplist CGI-bin ?
cache_mgr proxy_xx@xxxxxx.com
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
# Memoria cache
cache_mem 512 MB
# Usar maximo de memoria possivel
memory_pools on
memory_pools_limit 2048 MB
#Tamanho maximo de arquivos alocados na RAM
maximum_object_size_in_memory 2048 KB
# Maximo e Minimo armazenados em disco
maximum_object_size 512 MB
minimum_object_size 0 KB
# Porcentagem de atualizacao do cache - limpo ao atingir o maximo
cache_swap_low 85
cache_swap_high 90
cache_dir ufs /var/spool/squid3 4096 16 256
# Diretorio de log do Squid
cache_access_log /var/log/squid3/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl purge method PURGE
acl local_websites dst_as 10.0.0.0/255.0.0.0
#ACL de Acessos
acl SSL_ports port 443
acl SSL_ports port 2095
acl SSL_ports port 2082
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 445
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow local_websites
#Bloqueio de video via streaming
acl streaming rep_mime_type -i "/etc/squid3/blockmime.txt"
acl videomusic urlpath_regex -i \.aif$ \.aifc$ \.aiff$ \.asf$ \.asx$ \.avi$ \.au$ \.m3u$ \.med$ \.mp3$ \.m1v$ \.mp2$ \.mp2v$ \.mpa$ \.mov$ \.mpe$ \.mpg$ \.mpeg$ \.ogg$ \.pls$ \.ram$ \.ra$ \.ram$ \.snd$ \.wma$ \.wmv$ \.wvx$ \.mid$ \.midi$ \.rmi$ \.flv$
#ACLs WS UPDATE
acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain
www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain ds.download.windowsupdate.com
acl windowsupdate dstdomain fe1.update.microsoft.com
acl windowsupdate dstdomain fg.v4.download.windowsupdate.com
acl CONNECT method CONNECT
acl wuCONNECT dstdomain
www.update.microsoft.com
http_access allow CONNECT wuCONNECT localhost
http_access allow windowsupdate localhost
#ACLs
acl sites_bloqueados url_regex -i "/etc/squid3/sites_bloqueados.txt"
acl sites_liberados url_regex -i "/etc/squid3/sites_liberados.txt"
acl redes_sociais url_regex -i "/etc/squid3/redes_sociais.txt"
acl liberados src "/etc/squid3/ips_liberados.txt"
acl formato_arquivo url_regex -i "/etc/squid3/formato_arquivo.txt"
acl horario_almoco time 12:00-14:00
## REGRAS ##
http_access allow redes_sociais horario_almoco
http_access allow videomusic horario_almoco
http_reply_access allow streaming horario_almoco
http_access allow liberados
http_access allow liberados videomusic
http_reply_access allow liberados streaming
http_access allow sites_liberados
http_access deny redes_sociais
http_access deny sites_bloqueados
http_access deny formato_arquivo
http_access deny videomusic
http_reply_access deny streaming
################################################
## SQUIDGUARD ##
redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
#Numero de processos do squidguard
redirect_children 8
#Mantem o Squid funcionando caso o Squidguard pare
redirector_bypass on
##############################################
acl rede_local src 10.152.0.0/16
http_access allow rede_local
http_access allow localhost
http_access deny all