Gerar logs de IP's Liberados no squid [RESOLVIDO]

patrickcampos
(usa Debian)

Enviado em 06/06/2017 - 14:30h

Na empresa temos um servidor com squid ja todo configurado, e nele uma lista de ip's liberados que pode fazer a navegação livre, tudo isto funciona normalmente, porem a diretoria deseja que mesmos estes ip's tenha os logs de acessos monitorados, e o squid não gera log dos ips que estao na lista de liberados. Como eu posso deixar o ip com livre acesso a navegação, porem que seja monitorado nos Logs do Squid?

danniel-lara
(usa Fedora)

Enviado em 06/06/2017 - 14:40h

Posta o Seu Squid.conf para podemos ver
aqui na empresa temos ips liberados e são monitorados squid

patrickcampos
(usa Debian)

Enviado em 06/06/2017 - 14:53h

http_port 192.168.59.217:3128 transparent
visible_hostname Servidor

#dns_nameservers 192.168.59.217
dns_nameservers 8.8.8.8

max_filedesc 4096

cache_mem 1024 MB
maximum_object_size_in_memory 100 KB
memory_replacement_policy heap GDSF

cache_replacement_policy heap LFUDA
maximum_object_size 102400 KB
cache_dir diskd /var/spool/squid 50000 64 256 Q1=64 Q2=72

#cache_swap_low 90
#cache_swap_high 95
#logfile_rotate 10
#quick_abort_min 0 KB
#quick_abort_max 0 KB
#log_icp_queries off
#client_db off
#buffered_logs on
half_closed_clients off

#minimum_object_size 0 KB
cache_access_log /var/log/squid/access.log

######## Regras do Squid nao alterar #####################
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563 8443 10000 17171 8080 82
acl Safe_ports port 80 8080 18080 # http
acl Safe_ports port 8082 # http
acl Safe_ports port 2082 # CPANEL
acl Safe_ports port 631 # Cups
acl Safe_ports port 3000 # relogio-caceres
acl Safe_ports port 800 # Sinamed
acl Safe_ports port 85 # cameras
acl Safe_ports port 82 # dominio_sistemas
acl Safe_ports port 4550 # cameras
acl Safe_ports port 5550 # cameras
acl Safe_ports port 6550 # cameras
acl Safe_ports port 10000 # webmin
acl Safe_ports port 21 # ftp
acl Safe_ports port 8444 1414 # BancoRural
acl Safe_ports port 443 563 8443 10000 17171 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 90 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # swat
acl purge method PURGE
acl CONNECT method CONNECT

######## Regras do Squid nao alterar #####################
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

############ Regras do Skype #############################
acl navegador browser Firefox
acl navegador browser Chrome
acl navegador browser IE
acl navegador browser MSIE
acl navegador browser Opera
acl IPS url_regex -i ^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+):443
acl skype src "/etc/squid/ipskype.txt"
http_access allow IPS !navegador skype
###########################################################

############## Lista Negra ###############################
# acl listanegra dstdom_regex "/etc/squid/listanegra.txt"
##########################################################

############ Regra Horario do Almoco ######################
acl listaalmoco url_regex "/etc/squid/listaalmoco.txt"
acl comercial time MTWHF 12:00-13:30
acl comercial time MTWHF 18:05-23:00
acl comercial time MTWHF 06:00-07:58
http_access allow listaalmoco comercial
###########################################################



################ Lista de IPs Livres Totalmente #######
acl iplivre src "/etc/squid/iplivre.txt"
http_access allow iplivre
#######################################################

############ IP Parcial ###############################
#acl ipparcial src "/etc/squid/ipparcial.txt"
#acl bloqueados dstdom_regex "/etc/squid/bloqueados.txt"
#http_access allow ipparcial !bloqueados
######################################################

############ Lista Branca de Acesso #######################
acl listabranca dstdom_regex "/etc/squid/listabranca.txt"
http_access allow listabranca
###########################################################

#################### Regras Personalizadas ################

#Regra Modelo
#acl marketing src 192.168.59.17
#acl sitesMarketing dstdom_regex facebook fb
#http_access allow marketing sitesMarketing

#Regra Marketing
acl ipmarketing src "/etc/squid/ipmarketing.txt"
acl sitesMarketing dstdom_regex "/etc/squid/sitesMarketing.txt"
http_access allow ipmarketing sitesMarketing

################### Fim das Regras Personalizadas #########

acl redelocal src 192.168.59.0/24
http_access deny redelocal

error_directory /usr/share/squid/errors/pt-br
http_access deny all

patrickcampos
(usa Debian)

Enviado em 08/06/2017 - 09:11h

Caraca, ai ferrou!

Mais valeu cara pela ajuda, pelo menos agora sei onde to pisando!

Buckminster
(usa Debian)

Enviado em 08/06/2017 - 11:53h

folow_x_forwarded_for allow localhost
acl_uses_indirect_client on
log_uses_indirect_client on

http://www.squid-cache.org/Doc/config/

patrickcampos
(usa Debian)

Enviado em 12/06/2017 - 16:49h

adicionei no final do arquivo, mais nada mudou!