liberar ftp no squid
1. liberar ftp no squid
migueldx
(usa Ubuntu)
Enviado em 30/10/2014 - 12:06h
Pessoal estou com o seguinte problema, fiz um proxy squid transparente com alguns sites bloqueados e o restante liberando, hora do almoço tudo liberado e nuvens bloqueadas.porem quando quero acessar um FTP externo aqui da empresa o squid esta bloqueando, como ainda esta em fase de testes, apenas duas maquinas estao com o proxy ativado nas configuraçoes, e justamente essas duas maquinas nao conseguem acessar o ftp o restante consegue, portanto não é FIREWALL.
Para minha surpresa coloquei autenticação no squid.conf mas nao criei usuario nenhum, e a partir dai ao tentar acessar o FTP o squid pediu usuario e senha.
segue o squid.conf
#PORTA
http_port 3128
visible_hostname PROXY
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
cache_mem 1024 MB
maximum_object_size 32 MB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs c:/squid/var/cache 2048 16 256
#################
#AUTENTICAÇÃO#
#################
auth_param basic program c:/squid/libexec/ncsa_auth.exe c:/squid/etc/passwd
auth_param basic children 5
auth_param basic realm PROXY
auth_param basic credentialsttl 2 hours
####################
#arquivo de logs #
####################
access_log c:/squid/var/logs/access.log squid
cache_log c:/squid/var/logs/cache.log
cache_store_log c:/squid/var/logs/store.log
mime_table c:/squid/etc/mime.conf
pid_filename c:/squid/var/logs/squid.pid
unlinkd_program c:/squid/libexec/unlinkd.exe
icon_directory c:/squid/share/icons
error_directory c:/squid/share/errors/Portuguese
coredump_dir c:/squid/var/cache
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 5432 # postgres
acl Safe_ports port 3389 # remoto
acl CONNECT method CONNECT
acl redelocal src 192.168.25.0/24 ## COLOQUE AQUI SUA RANGE DE IPS
acl skype_80 url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:80
acl skype_443 url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:443
############################################################################
# Proibindo acesso a nuvens
############################################################################
acl nuvem dstdom_regex -i "C:\squid\etc\nuvem.txt"
http_access deny nuvem
############################################################################
# Liberando acesso hora do almoço
############################################################################
acl almoco time 12:00-14:00
http_access allow almoco
######################################################################
#Bloqueio de sites
######################################################################
acl bloqueados dstdom_regex -i "C:\squid\etc\bloqueados.txt"
http_access deny bloqueados
############################################################################
# Regra para bloqueio de extensões de rádios online / arquivos de streaming:
############################################################################
acl streaming rep_mime_type -i "c:\squid\etc\mimeaplicativo.txt"
http_reply_access deny streaming
http_access allow manager localhost
http_access deny manager
http_access allow CONNECT !SSL_ports
http_access allow redelocal
http_access deny all
http_reply_access allow all
icp_access allow all
######################################################################
# FIM DA CONFIGURAÇÃO
######################################################################
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Artigos
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Dicas
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Tópicos
Testando links de internet (0)
Quando fui olhar as logs achei um erro !!! (1)
Servidor said: 530 5.7.0 Must issue a STARTTLS command first (in r... (5)
Top 10 do mês
-
Xerxes
1° lugar - 69.230 pts -
Fábio Berbert de Paula
2° lugar - 50.118 pts -
Renato Michnik de Carvalho
3° lugar - 27.298 pts -
Mauricio Ferrari
4° lugar - 15.062 pts -
Alberto Federman Neto.
5° lugar - 14.686 pts -
Daniel Lara Souza
6° lugar - 13.705 pts -
Diego Mendes Rodrigues
7° lugar - 13.010 pts -
Buckminster
8° lugar - 12.470 pts -
edps
9° lugar - 12.215 pts -
Alessandro de Oliveira Faria (A.K.A. CABELO)
10° lugar - 11.529 pts
Scripts
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
