fabiano duarte
(usa Debian)
Enviado em 13/01/2012 - 14:41h
n4t4n escreveu:
Posta seu squid.conf
#tags comuns
# CACHE DE MEMORIA
# -------------------------------------------------------------------
cache_mem 100 MB
maximum_object_size_in_memory 90 KB
# LIMITE PARA LIMPEZA DOS ARQUIVOS ANTIGOS DO CACHE EM % DE USO
# ------------------------------------------------------------------
cache_swap_low 90
cache_swap_high 95
# CACHE DE DISCO
# ------------------------------------------------------------------
maximum_object_size 60 MB
minimum_object_size 1 KB
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_swap_log /var/spool/squid/swap.log
cache_dir diskd /var/spool/squid 1024 16 256
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
error_directory /usr/share/squid/errors/Portuguese/
# Dns provedor
dns_nameservers 200.150.4.5 200.150.13.246
# Porta de acesso a internet
http_port 3128 transparent
# Nome da rede
visible_hostname XXXXXXXXXXXXX.
#acls access list globais
#gerenciar cache destas portas que podem ser acessadas
acl manager proto cache object
#sempre aceitar ssl destas portas
acl SSL_ports port 443 563
#porta http padrão
acl safe_ports port 80 110
#porta ftp padrão
acl safe_ports port 21
#porta HTTP e SNEWS
acl safe_ports port 443 56
#porta gopher padrão
acl safe_ports port 70
#porta waits padrão
acl safe_ports port 210
#portas não registradas (softwares diversos)
acl safe_ports port 1025-65535 1863
#porta http-mgmt padrão
acl safe_ports port 280
#porta gss-http padrão
acl safe_ports port 488
#porta filemaker padrão
acl safe_ports port 591
#porta multing-http padrão
acl safe_ports port 777
#acls p/ conexões
acl CONNECT method CONNECT
#declara interface de loopback
acl localhost src 127.0.0.1/255.255.255.255
#nega acesso http para manager
http_access allow manager localhost
#nega acesso a manager
#http_access deny manager
#nega acesso a todas as portas que não estão listadas em safe ports
http_access deny !safe_ports
#nega acesso a todas as portas SSL diferentes das declaradas
http_access deny CONNECT !SSL_ports
http_access deny !safe_ports
#nega acesso a todas as portas SSL diferentes das declaradas
http_access deny CONNECT !SSL_ports
# ACL que identifica toda a rede
acl redeinterna src 10.0.0.0/255.0.0.0
# ACL que identifica todas as rede
acl all src 0.0.0.0/0.0.0.0
########################################################################
### Grupo de ips com limite de banda
delay_pools 3
# Significa que teremos 03 controles de banda
# Primeiro controle
#delay_class 1 2
#acl controle_banda src "/etc/squid/controle_banda"
#delay_parameters 1 25000/25000 25000/25000
#delay_access 1 allow controle_banda
delay_class 1 2
acl clientes_100k src "/etc/squid/clientes_100k"
delay_parameters 1 -1/-1 12800/12800
delay_access 1 allow clientes_100k
delay_class 2 2
acl clientes_200k src "/etc/squid/clientes_200k"
delay_parameters 2 -1/-1 25600/25600
delay_access 2 allow clientes_200k
delay_class 3 2
acl clientes_300k src "/etc/squid/clientes_300k"
delay_parameters 3 -1/-1 38400/38400
delay_access 3 allow clientes_300k
########################################################################
### Skype
acl skype_80 url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:80
acl skype_443 url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:443
acl acl_url_im_skype url_regex ^((0|1[0-9]{0,2}|2[0-9]{0,1}|2[0-4][0-9]|25[0-5]|[3-9][0-9]{0,1})\.){3}(0|1[0-9]{0,2}|2[0-9]{0,1}|2[0-4][0-9]|25[0-5][3-9][0-9]{0,1})(:|/|$\?)
########################################################################
### Sites comuns
acl sites_comuns url_regex -i "/etc/squid/sites_comuns"
########################################################################
### Sites comuns2
acl sites_comuns2 url_regex -i "/etc/squid/sites_comuns2"
...
...
...
...
######## Zona de Seguranca R #############
acl vendas2 src "/etc/squid/vendas2"
acl sites_vendas2 url_regex -i "/etc/squid/sites_vendas2"
########################################################################
############# Aplicacao das regras
#http_access allow redeinterna sites_comuns
http_access deny CONNECT skype_80 all
http_access deny CONNECT skype_443 all
http_access deny CONNECT skype_ua all
http_access deny CONNECT acl_url_im_skype all
#http_access allow expediente srcmsn
http_access deny ips_msnbloque srcmsn
http_access allow !ips_msnbloque srcmsn
http_access allow faturamento2 sites_faturamento2
http_access deny faturamento2 sites_comuns
http_access allow vendas2 sites_vendas2
http_access deny vendas2 sites_comuns
http_access allow sac sites_sac
http_access deny sac sites_comuns
http_access allow convidado sites_comuns2
http_access allow redeinterna sites_comuns
http_access allow liberados all
http_access allow ips_downloads download_liberados
http_access deny ips_downloads downloads
#http_access allow juridico sites_juridico
http_access allow expediente sites_expediente
#http_access allow comercial sites_comercial
http_access allow marketing !sites_marketing
http_access allow vendas sites_vendas
http_access allow cadastro sites_cadastro
http_access allow faturamento sites_faturamento
http_access allow recepcao sites_recepcao
http_access allow contabilidade sites_contabilidade
http_access allow pericia sites_pericia
http_access allow cpd sites_cpd
http_access allow financeiro sites_financeiro
http_access allow secretaria sites_secretaria
http_access allow controlados !sites_bloq
########################################################################
### Bloquear todo o resto
http_access deny all
