defabio
(usa Ubuntu)
Enviado em 02/01/2010 - 10:48h
Olá, estou fazendo um teste com o squid no ubuntu 9.10 desktop mas não fez o bloqueio q fiz, veja abaixo o squid.conf
http_port 172.17.2.21:3128 transparent
#visible_hostname SEMED
#hierarchy_stoplist cgi-bin ?
#cache_mem 256 MB
#maximum_object_size_in_memory 700 KB
#maximum_object_size 10000 KB
#minimum_object_size 0 KB
#cache_swap_low 90
#cache_swap_high 95
#cache_dir ufs /var/spool/squid 10000 16 256
#cache_access_log /var/log/squid/access.log
#error_directory /usr/share/squid/errors/Portuguese
#ftp_user Squid@
# ACLS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 25 # smtp
acl Safe_ports port 110 # pop3
############# DECLARANDO AS ACLs #############
# PCs com acesso total
#acl acesso_total src "/etc/squid/confs/acesso_total"
#http_access allow acesso_total
# bloqueio do msn
#acl msn dst 207.46.110.0/24 207.46.104.0/24 64.4.13.0/24
#http_access deny msn
#acl bloqmessenger url_regex
www.e-messenger.net webmessenger.msn.com
#http_access deny bloqmessenger
# extensoes de arquivos bloqueados
#acl download url_regex -i "/etc/squid/confs/download"
# Lista de bloqueios
acl palavras url_regex -i "/etc/squid/palavras"
# Lista de liberados
#acl liberado url_regex -i "/etc/squid/confs/liberado"
############# ATIVANDO AS ACLs #############
#acl redelocal src 10.24.4.0/24
#http_access allow liberado
#acl acesso_bloqueado src "/etc/squid/confs/acesso_bloqueado"
#http_access deny acesso_bloqueado
#http_access deny download
http_access deny palavras
#http_access allow redelocal !msn
http_access deny all
e no rc.local está assim:
iptables -t nat -A PREROUTING -s 172.17.2.21/255.255.0.0 -p tcp --dport 80 -j REDIRECT --to-port 3128
no arquivo palavras coloquei somente o
www.globo.com para fazer o teste, mas acessou o site normalmente, oq está errado?
obs.: reiniciei o serviço do squid tbm!
Grato.