- squid nao ler ALCS
+ Responder ao Tópico
-
squid nao ler ALCS
Pessoal eu uso SuSE 8.0, e estou com problemas e dúvidas, uma delas e como fica a linha de redirect de porta do SuSEfirewall2 para o squid eu tou usando desta forma
FW_REDIRECT="0/0,10.10.40.249,tcp,80,3128"
no squid coloquei estas regras
http_port 10.10.40.249:3128
cache_dir ufs /var/cache/squid 300 16 256
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
# Regras inseridas dia 06/02/2003
acl usc src 10.40.40.0/255.255.255.0
acl porn url_regex -i "/usr/local/squid/etc/porn.txt"
acl teste url_regex -i "/usr/local/squid/etc/teste.txt"
acl mp3 url_regex -i.*\.mp3$
acl mpeg url_regex -i.*\.mpeg$
acl avi url_regex -i.*\.avi$
acl rm url_regex -i.*\.rm$
acl viv url_regex -i.*\.viv$
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
# And finally deny all other access to this proxy
http_access allow localhost
http_access allow usc
http_access deny all porn
http_access deny all flavio
http_access deny all mp3
http_access deny all avi
http_access deny all mpeg
http_access deny all rm
http_access deny all viv
http_access deny all
[]´s
Sender
-
squid nao ler ALCS
pessoal eu coloquei uma linha errada no descritivo acima
FW_REDIRECT="0/0,10.40.40.249,tcp,80,3128"
e o correto
[]s
Sender
-
squid nao ler ALCS
Quanto a regra do Squid diz assim:
http_access allow localhost (deixe o localhost)
http_access allow usc (deixe a rede usc)
http_access deny all porn (bloqueie porn ...)
http_access deny all flavio
http_access deny all mp3
http_access deny all avi
http_access deny all mpeg
http_access deny all rm
http_access deny all viv
http_access deny all
Vc esta liberando tudo e depois bloqueando. As regras funcionam de cima para baixo. Basta alterar para:
http_access allow localhost
http_access deny all porn
http_access deny all flavio
http_access deny all mp3
http_access deny all avi
http_access deny all mpeg
http_access deny all rm
http_access deny all viv
http_access allow usc <---- <IMG SRC="images/forum/icons/icon_biggrin.gif">
http_access deny all
-
squid nao ler ALCS
Parece ateh brincadeira mais tem outra linha errada
http_port 10.40.40.249:3128
estas linhas estao corretas no squid
[]´s
Sender
-
squid nao ler ALCS
o Pericles disse tudo...
o seu problema eh que primeiro voce prescisa bloquear tudo e depois dizer o que pode passar...
http_access deny deniedurls
http_access allow fewusers
http_acesss deny all
eh mais ou menos por ai <IMG SRC="images/forum/icons/icon_wink.gif">
-
squid nao ler ALCS
o que faz a opcao -i nas acls do squid?
valew
-
squid nao ler ALCS
A opcao -i permite ignorar maisculas e minusculas dentro do arq da acl