Squid +Ntlm + Streaming [RESOLVIDO]
1. Squid +Ntlm + Streaming [RESOLVIDO]
Clarck.hot
(usa Outra)
Enviado em 09/02/2012 - 16:44h
Olá pessoal, configurei um squid com ntlm(win2008) não adicionei regras sobre streaming, porém quando um usuário que está na regra com liberação total tenta abrir um site de rádio on-line o squid apresenta o log abaixo e não carrega.1328811781.198 214 192.168.0.238 TCP_MISS/404 1555 GET http://redemelodia.net/Scripts/AC_ActiveX.js joao.silva DIRECT/72.18.154.45 text/html
1328811781.411 379 192.168.0.238 TCP_MISS/404 1555 GET http://redemelodia.net/Scripts/AC_RunActiveContent.js joao.silva DIRECT/72.18.154.45 text/html
1328811781.422 382 192.168.0.238 TCP_CLIENT_REFRESH_MISS/304 396 GET http://redemelodia.net/Player/player_links.jpg joao.silva DIRECT/72.18.154.45 -
1328811781.748 293 192.168.0.238 TCP_MISS/200 677 GET http://streaming3.joinhost.com.br/radio_melodia joao.silva DIRECT/74.86.205.2 video/x-ms-asf
1328811784.016 0 192.168.0.238 TCP_DENIED/407 1787 GET http://streaming3.joinhost.com.br/radio_melodia - NONE/- text/html
1328811784.019 0 192.168.0.238 TCP_DENIED/407 2022 GET http://streaming3.joinhost.com.br/radio_melodia - NONE/- text/html
1328811784.023 0 192.168.0.238 TCP_DENIED/407 1787 GET http://streaming3.joinhost.com.br/radio_melodia - NONE/- text/html
Segue meu squid.conf
http_port 192.168.0.1:3128
cache_dir aufs /var/spool/squid 20000 32 256
cache_mem 256 MB
maximum_object_size 131070 KB
minimum_object_size 0 KB
ipcache_size 16384
ipcache_low 90
ipcache_high 95
memory_pools on
fqdncache_size 16384
maximum_object_size_in_memory 8 MB
digest_generation off
forwarded_for off
strip_query_terms on
ie_refresh on
detect_broken_pconn on
pipeline_prefetch off
quick_abort_min -1 KB
quick_abort_max 16 KB
positive_dns_ttl 5 minute
half_closed_clients off
read_timeout 240 second
pconn_timeout 240 second
cache_mgr admin@wando.com.br
visible_hostname PROXY-ROMMANEL
error_directory /usr/share/squid/errors/pt-br
coredump_dir /var/spool/squid
logfile_rotate 120
shutdown_lifetime 1 second
hierarchy_stoplist cgi-bin ?
append_domain .wando.com.br
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
coredump_dir /var/spool/squid
uri_whitespace allow
dns_nameservers 192.168.0.1
# Autenticação no Windows 2008
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Proxy Squid - Digite suas credenciais
auth_param basic credentialsttl 5 hours
# ACLs
# acls de origem
acl all src all
acl rede_local src 192.168.0.0/24
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#Regras de acesso para rede local
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl SSL_ports port 443 563
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl Safe_ports port 901 #swat
acl Safe_ports port 443 563 #https e snews
acl Safe_ports port 1025-65535 #portas altas
acl Safe_ports port 1863 # msn
acl Safe_ports port 5148 # msn
acl Safe_ports port 403 # msn
acl Safe_ports port 1025-65535 # unregistered ports
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# acl para obter grupos do AD
external_acl_type grupo_AD ttl=1800 %LOGIN /usr/lib/squid/wbinfo_group.pl
################# DEFININDO REGRAS #####################
#acesso_Full -> tem como única restricao palavras de baixo calao.
acl acesso_Full external grupo_AD net-full
#acesso_Restrito-01 -> sem msn, skype e midias sociais.
acl acesso_Restrito-01 external grupo_AD net-no-msn_midias
#acesso_Restrito-02 -> sem acesso a mídias sociais
acl acesso_Restrito-02 external grupo_AD net-no-midias
#acesso_Restrito-03 -> acesso somente aos correios e sites de transportadoras
acl acesso_Restrito-03 external grupo_AD net-correios_transp_atend
#acesso_Restrito-04 -> acesso somente aos correios/sites de transportadoras e msn
acl acesso_Restrito-04 external grupo_AD net-correios_transp_msn
#acesso somente a msn/skype/gtalk
acl acesso_Restrito-05 external grupo_AD net-only_msn
#acesso a sites relacionados ao rh e contabil, sem midias e ou mensageiros.
acl acesso_Restrito-06 external grupo_AD net-cont_rh
#caso ativa abre pop-up solicitando autenticacao
#acl AUTENTICADOS proxy_auth REQUIRED
#Explicitando regras
acl sites_block dstdomain -i "/etc/squid/acls/sites_block.txt"
acl midias url_regex -i "/etc/squid/acls/sites_midia.txt"
acl palavras_proib url_regex -i "/etc/squid/acls/palavras_proibidas.txt"
acl msn url_regex -i "/etc/squid/acls/msn.txt"
acl transp_atend url_regex -i "/etc/squid/acls/sites_transp-atend.txt"
acl transp_atend_msn url_regex -i "/etc/squid/acls/sites_transp_msn-atend.txt"
acl cont_rh dstdomain -i "/etc/squid/acls/sites_cont-rh.txt"
##########################################################
#Bloqueio o restante
http_access deny all
#Regras padrões
http_reply_access allow all
icp_access allow all
http_access deny all
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
