Squid AD grupos externos

1. Squid AD grupos externos

lucas nunes
lucasguara

(usa Debian)

Enviado em 02/04/2013 - 17:50h

Pessoal estou com a seguinte dificuldade.Preciso bloquear o acesso a internet , de todos usuários que não está nos grupos do AD abaixo. Exemplo se eu criar um usuário fora desses grupos ele continua acessando quero que nao acesse nada somente se estiver nos grupos ou=internet,dc=gardenia,dc=loca

acl AcessoFull external ldap_group LdapVSAcessoFull
acl AcessoEmpresa external ldap_group LdapVSAcessoEmpresa
acl AcessoOperacional external ldap_group LdapVSAcessoOperacional
acl DownloadLiberado src "/etc/squid/downloadliberado"
acl BloqueioDownload rep_mime_type -i "/etc/squid/bloqueiodownload"
acl https_negado dstdomain "/etc/squid/https_negado.txt"
acl dominios_bloqueados url_regex "/etc/squid/dominios_bloqueados.txt"
acl sites-semsenha url_regex -i "/etc/squid/sites-semsenha.txt"
acl sites-operacional url_regex -i "/etc/squid/sites-operacional.txt"
acl Sites-Almoco url_regex -i "/etc/squid/Sites-Almoco.txt"
acl AcessoAlmoco11horas external ldap_group LdapVSAlmoco11horas
acl Almoco-1100-1200 time 11:00-12:00
acl AcessoAlmoco12horas external ldap_group LdapVSAlmoco12horas
acl Almoco-1200-1300 time 12:00-13:00
acl GPAcessoBancos external ldap_group ldapAcessoBancos
acl Acesso-Bancos url_regex -i "/etc/squid/bancos.txt"


#########################################################

Segue meu squid completo desde ja agradeço.

auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b "dc=gardenia,dc=local" -D "cn=proxy_user,ou=internet,dc=gardenia,dc=local" -w "123456" -f sAMAccountName=%s -h 129.1.1.1
auth_param basic realm "Acesso a internet - GARDENIA"
auth_param basic children 5
auth_param basic credentialsttl 15 minute
visible_hostname vsgateway

external_acl_type ldap_group %LOGIN /usr/lib64/squid/squid_ldap_group -R -b "dc=gardenia,dc=local" -D "cn=proxy_user,ou=internet,dc=gardenia,dc=local" -w "123456" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=internet,dc=gardenia,dc=local))" -h 129.1.1.1

acl all src 129.1.1.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 8443
acl Safe_ports port "/etc/squid/safe_ports.txt" # multiling http
acl CONNECT method CONNECT
icp_access allow all
http_port 3128
hierarchy_stoplist cgi-bin ?
#debug_options ALL,1 33,2
access_log /var/log/squid/access.log
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl apache rep_header Server ^Apache
acl csserasa url_regex "/etc/squid/csserasa.txt"

acl AcessoFull external ldap_group LdapVSAcessoFull
acl AcessoEmpresa external ldap_group LdapVSAcessoEmpresa
acl AcessoOperacional external ldap_group LdapVSAcessoOperacional
acl DownloadLiberado src "/etc/squid/downloadliberado"
acl BloqueioDownload rep_mime_type -i "/etc/squid/bloqueiodownload"
acl https_negado dstdomain "/etc/squid/https_negado.txt"
acl dominios_bloqueados url_regex "/etc/squid/dominios_bloqueados.txt"
acl sites-semsenha url_regex -i "/etc/squid/sites-semsenha.txt"
acl sites-operacional url_regex -i "/etc/squid/sites-operacional.txt"
acl Sites-Almoco url_regex -i "/etc/squid/Sites-Almoco.txt"
acl AcessoAlmoco11horas external ldap_group LdapVSAlmoco11horas
acl Almoco-1100-1200 time 11:00-12:00
acl AcessoAlmoco12horas external ldap_group LdapVSAlmoco12horas
acl Almoco-1200-1300 time 12:00-13:00
acl GPAcessoBancos external ldap_group ldapAcessoBancos
acl Acesso-Bancos url_regex -i "/etc/squid/bancos.txt"

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
no_cache deny csserasa
always_direct allow csserasa
http_access allow localhost
http_access allow sites-semsenha
http_access allow csserasa
http_access allow AcessoFull
http_access allow Sites-Almoco AcessoAlmoco12horas Almoco-1200-1300
http_access deny CONNECT https_negado
http_access allow AcessoEmpresa !dominios_bloqueados
http_access allow AcessoOperacional sites-semsenha sites-operacional

http_access allow sites-operacional
http_access allow GPAcessoBancos Acesso-Bancos

#Maquinas Liberada para Download
http_reply_access allow sites-semsenha

#Bloqueio de Download
http_reply_access allow DownloadLiberado
http_reply_access deny BloqueioDownload

http_access deny all

http_access deny all

broken_vary_encoding allow apache
cache_effective_user squid
cache_effective_group squid
coredump_dir /var/spool/squid
debug_options 28,9



  






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts