Ajuda com Squid.conf

1. Ajuda com Squid.conf

wellyngtonw
(usa Ubuntu)

Enviado em 27/09/2012 - 13:24h

Olá Amigos

Gostaria de uma ajuda com meu Squid
Tenho uma Maquina com Freebsd 9 + Squid3 transparente + pf + sarg

O squid nao faz o Cache dos sites que eu indiquei, no caso windows update, sites como avast. e outros..

Tambem não tenho certeza do Delay Pools se esta mesmo funcionando.

resumindo tenho apenas as regras dos bloqueios, tento o Delay, cado a pessoa consiga acessar os sites bloqueados
e do libera tudo para o MAC do gerente.

Obrigado
Wellyngton

Segue meu squid.conf

###################################################################

http_port 3128 transparent

#Memoria do squid cache
cache_mem 128 MB

#esvazia o cache quando chegar em
cache_swap_low 90
cache_swap_high 95

maximum_object_size 500 MB
maximum_object_size_in_memory 512 KB
minimum_object_size 0 KB
error_directory /usr/local/etc/squid/errors/Portuguese

cache_effective_group squid
cache_effective_user squid

#Dns para squid
dns_nameservers 8.8.8.8
dns_nameservers 8.8.4.4

#nome do host
visible_hostname marte.amplanorte.org.br
coredump_dir none

#ganho de performance
#o Squid irá trabalhar com 2 requisições paralelamente
pipeline_prefetch on

#cache do squid 3072mb 16 pastas e 256 pastas dentro de cada pasta
cache_dir diskd /var/squid/cache 3072 16 256 Q1=64 Q2=72
#ufs
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA

#logs geral
cache_access_log /usr/local/etc/squid/log/access.log
cache_log /usr/local/etc/squid/log/cache.log

# Log de objetos guardados. Pode ser desativado
cache_store_log none

#Numero de arquivos de log rotacionados a guardar
logfile_rotate 4

#local do pid do squid
pid_filename /usr/local/etc/squid/log/squid.pid

#Desligando essa variável, faz com que o Squid descarregue a memória não
#utilizada, chamando uma função interna free() do Squid
memory_pools off

#Por padrão o Squid irá incluir o ip ou nome da sua máquina nas solicitações HTTP.
#Para o site visitado não interessa para ele qual seu ip interno, o importante é que você visitou o site.
forwarded_for off

# Resolve um problema com conexões persistentes que ocorre com certos servidores,
detect_broken_pconn on

#Site com redirect interno, oqual o squid corta a conexao e demora para abrir aplicar a regra abaixo
forward_timeout 15 seconds
######################## FIM CONFI GERAIS ###########################################################

refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml)$ 1440 80% 999999
refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png)$ 1440 80% 999999 ignore-reload
refresh_pattern -i ^http://.*\.(ace|adt|arj|asf|avi|bin|bz2|bzip|cab|dat|dll|doc|dot|exe|fla|flv|gz|iso|lha|log|lzh|mdb|mid|mov|mp3|mpeg|mpg|msi|mso|ogg|pps|ppt|rar|rm|rtf|shs|src|sys|swf|tgz|tif|ttf|wav|wma|wri|wmv|vpu|vpaa|vqf|vob|zip)

################# cache de videos ##########################################################
refresh_pattern -i .flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern .youtube.com 99999 100% 999999 override-expire ignore-reload override-lastmod reload-into-ims
refresh_pattern -i "/usr/local/etc/squid/acl/mimeaplicativo" 10080 90% 999999 ignore-no-cache override-expire ignore-private

acl videos dstdomain .youtube.com .googlevideo.com
cache allow videos
###########################################################################################

##################################Cache windowsupdate######################################
refresh_pattern windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 10080 100% 43200 reload-into-ims
refresh_pattern www.download.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 10080 100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 4320 100% 43200 reload-into-ims
refresh_pattern download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 4320 100% 43200 reload-into-ims
refresh_pattern www.update.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 10080 100% 43200 reload-into-ims
refresh_pattern www.download.windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 10080 100% 43200 reload-into-ims
refresh_pattern my.windowsupdate.website.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 10080 100% 43200 reload-into-ims
refresh_pattern msgruser.dlservice.microsoft.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 4320 80% 43200 reload-into-ims
###########################################################################################
##### ACL Dominios do Windows Update ######################################################
acl windowsupdate dstdomain au.download.windowsupdate.com
acl windowsupdate dstdomain download.microsoft.com
acl windowsupdate dstdomain msgruser.dlservice.microsoft.com
acl windowsupdate dstdomain windowsupdate.com
acl windowsupdate dstdomain microsoft.com
###########################################################################################
quick_abort_min -1
range_offset_limit -1 windowsupdate
cache allow windowsupdate
###########################################################################################
########################### Cache Diversos ###############################################
refresh_pattern avast.com/.*\.(vpu|cab|stamp|exe|vpx) 10080 100% 43200 reload-into-ims
refresh_pattern eset.com/.*\.(vpu|cab|stamp|exe|ver) 10080 100% 43200 reload-into-ims
refresh_pattern trendmicro.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims
refresh_pattern sun.com/.*\.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims
refresh_pattern adobe.com/.*\.(msp|exe) 10080 100% 43200 reload-into-ims
refresh_pattern pack.google.com/.*\.(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dll|psf) 4320 100% 43200 reload-into-ims

acl cacheantivirus dstdomain avast.com
acl cacheantivirus dstdomain eset.com
acl cacheantivirus dstdomain trendmicro.com
acl cacheantivirus dstdomain sun.com
acl cacheantivirus dstdomain adobe.com
acl cacheantivirus dstdomain pack.google.com

cache allow cacheantivirus
###########################################################################################

############ NAO FAZER CACHE DOS CGI ######################################################
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

################configuram como serão tratados os tempos de vida dos objetos no cache######
refresh_pattern \^ftp: 1440 20% 10080
refresh_pattern \^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
###########################################################################################

#Estas ACL's fazem parte da configuração padrão do Squid e é o mínimo
#recomendável para seu uso não sendo necessária nenhuma alteração nas mesmas
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

################ Rede Interna #############################################################
acl rede src 192.168.0.0/16
###########################################################################################

######################## ACL LIBERA TUDO PARA O MAC #######################################
acl gerente arp "/usr/local/etc/squid/acl/libera_gerente"
http_access allow gerente
###########################################################################################

######################## ACL para BLOQUEIOS ###############################################
acl MALWARE dstdomain "/usr/local/etc/squid/acl/malware.cf"
acl ipsite src "/usr/local/etc/squid/acl/ipsite"
acl proibir_palavras url_regex -i "/usr/local/etc/squid/acl/bloqueio_palavras"
acl proibir_sites dstdomain "/usr/local/etc/squid/acl/bloqueio_sites"
acl proibir_ips src "/usr/local/etc/squid/acl/bloqueio_ips"
acl proibir_email dstdomain "/usr/local/etc/squid/acl/bloqueio_email"
acl proibir_videos dstdomain "/usr/local/etc/squid/acl/bloqueio_videos"
acl proibir_redesocial dstdomain "/usr/local/etc/squid/acl/bloqueio_redesocial"
acl proibir_downloads dstdomain "/usr/local/etc/squid/acl/bloqueio_downloads"
acl proibir_fotos dstdomain "/usr/local/etc/squid/acl/bloqueio_fotos"
acl proibir_radios dstdomain "/usr/local/etc/squid/acl/bloqueio_radios"
acl proibir_virus dstdomain "/usr/local/etc/squid/acl/bloqueio_virus"
acl proibir_proxy dstdomain "/usr/local/etc/squid/acl/bloqueio_proxy"
###########################################################################################
########################### APLICA AS REGRAS DAS ACL ACIMA BLOQUEIA #######################
http_access deny MALWARE
http_access deny ipsite
http_access deny proibir_palavras
http_access deny proibir_sites
http_access deny proibir_ips
http_access deny proibir_email
http_access deny proibir_videos
http_access deny proibir_redesocial
http_access deny proibir_downloads
http_access deny proibir_fotos
http_access deny proibir_radios
http_access deny proibir_virus
http_access deny proibir_proxy
############################################################################################

################################ DELAY POOLS ###############################################
acl extensoes url_regex -i .flv$ .mpg$ .avi$ .mpeg$ .aif$ .swf$ .aifc$ .aiff$ .asf$ .asx$ .au$ .m3u$ .med$ .mp3$ .mp4$ .m1v$ .mp2$ .mp2v$ .mpa$ .mov$ .mpe$ .mpg$ .ogg$ .pls$ .ram$ .ra$ .ram$ .snd$ .wma$ .wmv$ .wvx$ .mid$ .midi$ .rmi$ .ex
acl lento url_regex -i "/usr/local/etc/squid/acl/sites_lentos"

####quantos delay####
delay_pools 2

delay_class 1 2
delay_parameters 1 1/1 1/1
delay_access 1 allow extensoes !gerente

delay_class 2 2
delay_parameters 2 100/100 100/100
delay_access 2 allow lento !gerente
################### FIM DELAY ################################################################

http_access allow localhost
http_access allow rede
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#######################fecha a conexao para quem nao tiver nas regras acima###################
http_access deny all

0 0

Quote