Squid erro URL inválida
1. Squid erro URL inválida
felipeb2a
(usa Ubuntu)
Enviado em 04/01/2017 - 13:32h
Estou tendo problemas ao abri alguns sites com URL sem (www, http), Outros sites abrem normalmente.Segue erro que o squid informa abaixo.
Squid não transparente.
URL inválida
Alguma característica da URL requisitada é incorreta.
Alguns dos possíveis problemas são:
Protocolo de acesso faltando ou incorreto (deveria ser http:// ou semelhante)
Nome do host faltando
Escape duplo ilegal na URL-Path
Caracter ilegal no nome de host; underscores não são permitidos.
Alguma característica da URL requisitada é incorreta.
Alguns dos possíveis problemas são:
Protocolo de acesso faltando ou incorreto (deveria ser http:// ou semelhante)
Nome do host faltando
Escape duplo ilegal na URL-Path
Caracter ilegal no nome de host; underscores não são permitidos.
Configuração do squid e iptables
SQUID
#-----------------------------------------------------------------|CONFIGURACOES SQUID|-------------------------------------------------------------#
http_port 3128
visible_hostname proxy-server
cache_effective_user squid #significa que o Squid rodará como o usuário squid
error_directory /usr/local/squid/share/errors/pt-br #o parâmetro que coloca as páginas de erro do Squid em português
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_mgr felipe.ferreira@server.com.br #EMAIL WEBMASTER
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /usr/local/squid/var/cache 2048 16 256 #arquivo de log do Squid e o diretório de cache
cache_access_log /usr/local/squid/var/logs/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
http_access deny manager
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#-----------------------------------------------------------------|ACLs|----------------------------------------------------------------------------#
#-------------------------------------|MAC ADDRESS|------------------------------------------#
acl macaddressti arp "/usr/local/squid/etc/controle/mac_ti"
acl macaddressdiretores arp "/usr/local/squid/etc/controle/mac_diretores"
acl macaddressgerentes arp "/usr/local/squid/etc/controle/mac_gerentes"
#-------------------------------------|LIBERADOS|--------------------------------------------#
acl sites_liberados url_regex -i "/usr/local/squid/etc/controle/sites_liberados"
acl palavras_liberadas url_regex -i "/usr/local/squid/etc/controle/palavras_liberadas"
#-------------------------------------|BLOQUEIOS|--------------------------------------------#
acl sites_bloqueados url_regex -i "/usr/local/squid/etc/controle/sites_bloqueados"
acl extensoes_bloqueadas url_regex -i "/usr/local/squid/etc/controle/extensoes_bloqueadas"
acl palavras_bloqueadas url_regex -i "/usr/local/squid/etc/controle/palavras_bloqueadas"
#-------------------------------------|LIMITADO|--------------------------------------------#
acl sites_limitados url_regex -i "/usr/local/squid/etc/controle/sites_limitados"
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#-----------------------------------------------------------------|CONTROLE DE BANDA|---------------------------------------------------------------#
#1° CONTROLE C/LIMITE
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 22500/22500
#2° CONTROLE C/LIMITE
delay_class 2 2
delay_parameters 2 -1/-1 -1/-1
delay_access 1 allow sites_limitados
delay_access 2 allow macaddressdiretores
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#--------------------------------------------------------------|MASCARA DE REDE|--------------------------------------------------------------------#
acl redelocal src 192.168.0.0/24
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#--------------------------------------------------------------|HTTP ACCESS|------------------------------------------------------------------------#
#-------------------------------------|DIRETORES|--------------------------------------------#
http_access allow macaddressdiretores
#-------------------------------------|GERENTES|---------------------------------------------#
http_access allow macaddressgerentes
#-------------------------------------|USUARIOS LIBERADOS|-----------------------------------#
#http_access allow macaddressti
#-------------------------------------|BLOQUEIOS|--------------------------------------------#
http_access deny extensoes_bloqueadas
http_access deny palavras_bloqueadas
http_access deny sites_bloqueados
#-------------------------------------|LIBERADOS|--------------------------------------------#
http_access allow sites_liberados
http_access allow palavras_liberadas
#-------------------------------------|GERAL|------------------------------------------------#
http_access allow redelocal
http_access deny all
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#--------------------------------------------------------------|PAGINA DE ERRO|---------------------------------------------------------------------#
deny_info ERR_PAGE_SQUID sites_bloqueados
deny_info ERR_PAGE_SQUID extensoes_bloqueadas
#---------------------------------------------------------------------------------------------------------------------------------------------------#
IPTABLES
#!/bin/bash
##################################################################################################
# DECLARANDO AS VARIÁVEIS #
##################################################################################################
#INTERFACE DE REDE LIGADA A INTERNET
IFACE_WEB="eth0"
#INTERFACE DE REDE LIGADA A REDE INTERNA
IFACE_REDE="eth1"
#REDE INTERNA
REDE_INTERNA="192.168.0.0/24"
#PORTAS LIBERADAS TCP
PORTAS_TCP="20,21,22,53,80,443,1022,3128,8000,8001,9080,9090,10000"
#PORTAS LIBERADAS UDP
PORTAS_UDP="53,1194,123"
#PORTAS LIBERADAS PORTAS REDE INTERNA
PORTAS_REDE_INTERNA="25,110,557,993,445"
##################################################################################################
#----------------------------------->FUNCTION START<---------------------------------------------#
##################################################################################################
function start () {
##################################################################################################
# MODULOS IPTABLES #
##################################################################################################
modprobe ip_tables
modprobe iptable_nat
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe nf_conntrack_ipv4
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe nf_nat
/sbin/modprobe nf_conntrack
/sbin/modprobe x_tables
/sbin/modprobe nf_nat_pptp
##################################################################################################
# ATIVANDO ALGUMAS COISAS BASICAS DO KERNEL #
##################################################################################################
#COMENTE/DESCOMENTE, ATIVE/DESATIVE (DESABILITAR = 0 HABILITAR = 1)
echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Habilitar o uso de syncookies (muito útil para evitar SYN flood attacks)
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all # Descomente caso queira desabilita o "ping" (Mensagens ICMP) para sua máquina
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects # Não aceite redirecionar pacotes ICMP
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses # Ative a proteção contra respostas a mensagens de erro falsas
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Evita a peste do Smurf Attack e alguns outros de redes locais
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route # Desabilita roteamento de fonte, evitando que indivíduos maliciosos gerarem trafego fingindo ser da rede local
#echo 0 > /proc/sys/net/ipv4/ip_forward # Desabilita roteamento de pacotes, lembre-se de configurar as portas da CHAIN FORWARD, caso a use
##################################################################################################
# LIMPAR TABELAS #
##################################################################################################
#LIMPA AS REGRAS DA TABELA
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
##################################################################################################
# DEFINIR POLITICAS PADROES #
##################################################################################################
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
##################################################################################################
# CRIA IDA E VOLTA AS CHAINS #
##################################################################################################
#CRIA A IDA E VOLTA DO ACESSO NAS CHAINS INPUT, OUTPUT E FORWARD, ASSIM NÃO PRECISAMOS CRIAR A IDA E VOLTA NAS REGRAS
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
##################################################################################################
# REGRAS NAT #
##################################################################################################
#COMPARTILHA INTERNET ETH0 FOR ETH1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#REDIRECT SQUID
iptables -A INPUT -p tcp -i eth1 --dport 3128 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 ! -s 192.0.0.248
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Passkeys: A Evolução da Autenticação Digital
Instalação de distro Linux em computadores, netbooks, etc, em rede com o Clonezilla
Título: Descobrindo o IP externo da VPN no Linux
Armazenando a senha de sua carteira Bitcoin de forma segura no Linux
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Dicas
Instalando Brave Browser no Linux Mint 22
vídeo pra quem quer saber como funciona Proteção de Memória:
Encontre seus arquivos facilmente com o Drill
Mouse Logitech MX Ergo Advanced Wireless Trackball no Linux
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Tópicos
VMs e Interfaces de Rede desapareceram (3)
Desde que seja DDR3, posso colocar qualquer memória? (5)
Tem como deixar um processo rodando mesmo após o desligamento da maqui... (5)
Top 10 do mês
-
Xerxes
1° lugar - 74.370 pts -
Fábio Berbert de Paula
2° lugar - 54.671 pts -
Mauricio Ferrari
3° lugar - 16.909 pts -
Andre (pinduvoz)
4° lugar - 15.593 pts -
Alberto Federman Neto.
5° lugar - 15.543 pts -
Daniel Lara Souza
6° lugar - 15.042 pts -
Diego Mendes Rodrigues
7° lugar - 14.632 pts -
Buckminster
8° lugar - 13.587 pts -
edps
9° lugar - 12.548 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
10° lugar - 11.764 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
