leandrod_86
(usa Ubuntu)
Enviado em 16/02/2011 - 15:39h
Tá ai
squid.conf
_____________________________________
### Autentica��o no Windows 2008 Server
auth_param basic program /libexec/squid_ldap_auth -R -b "dc=newempresa,dc=local" -D "cn=administrador,cn=Users,dc=newempresa,dc=local" -w "minhasenha" -f sAMAccountName=%s -h 192.168.0.1
auth_param basic children 5
auth_param basic realm Usuario e Senha
auth_param basic credentialsttl 5 minutes
#Recommended minimum configuration:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
#
acl site url_regex .tedesco.com.br
http_access allow site
##roger bloqueia msn
acl permitidos_msn proxy_auth -i "/etc/squid/acls/permitidos_msn"
acl bloqueados url_regex -i "/etc/squid/acls/bloqueados"
# Sites Liberados (sem senha proxy)
acl sites_liberados url_regex -i "/etc/squid/acls/liberados"
http_access allow sites_liberados
# Libera acesso ao Windows Update
acl windows_update url_regex -i microsoft.com
http_access allow windows_update
acl msnmessenger url_regex -i gateway.dll
acl MSN req_mime_type -i ^application/x-msn-messenger$
acl msnmessenger1 url_regex -i
http://messenger.msn.com
acl msnmessenger2 url_regex -i loginnet.passport.com
#Novo bloqueio Marcos
#acl bloqueio_site url_regex -i "/etc/squid/acls/bloqueio_sites"
acl liberados proxy_auth fiscal servicos2 administrador denizar asv rh rh2 vendas guilherme financeiro1 compras qualidade comercial cafe# comercial1 vendas1
acl bloqueados_total proxy_auth vendas2
acl ips_bloqueados src 192.168.0.18
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#http_access deny bloqueados_total
http_access allow liberados
http_access deny bloqueados_total
http_access deny ips_bloqueados
http_access allow CONNECT msnmessenger2 permitidos_msn
http_access deny msnmessenger
http_access deny msnmessenger1
http_access deny CONNECT msnmessenger2
http_access deny MSN
http_access deny bloqueados
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
# And finally deny all other access to this proxy
http_access deny all
icp_access allow localnet
icp_access deny all
htcp_access allow localnet
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/lib/squid/cache 2048 16 256
logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %Hs %<st %Ss:%Sh
access_log /var/lib/squid/logs/access.log common
cache_log /var/lib/squid/logs/cache.log
cache_store_log /var/lib/squid/logs/store.log
logfile_rotate 0
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname internet-gw
icp_port 3130
error_directory /usr/local/squid/share/errors/Portuguese
coredump_dir /usr/local/squid/var/cache