- Alguem sabe?
+ Responder ao Tópico
-
Alguem sabe?
Toda e qualquer conexão 443 da bloqueada. e na configuração do proxy
esta porta encontra-se em portas padrões e SSL permitidas.
1204650138.876 10 192.168.0.22 TCP_DENIED/403 1302 CONNECT
omega.contacts.msn.com:443 gislene.silva NONE/- text/html
1204650138.901 1 192.168.0.22 TCP_DENIED/403 1302 CONNECT
omega.contacts.msn.com:443 gislene.silva NONE/- text/html
1204650138.914 1 192.168.0.22 TCP_DENIED/403 1302 CONNECT
omega.contacts.msn.com:443 gislene.silva NONE/- text/html
1204650138.930 1 192.168.0.22 TCP_DENIED/403 1302 CONNECT
omega.contacts.msn.com:443 gislene.silva NONE/- text/html
-
Você não tem nenhuma regra bloqueando msn?
-
Regra
Posta ai seu firewall e nat pra gente dar uma olhada....
-
# Do not modify '/var/ipcop/proxy/squid.conf' directly since any changes
# you make will be overwritten whenever you resave proxy settings using the
# web interface!
#
# Instead, modify the file '/var/ipcop/proxy/advanced/acls/include.acl' and
# then restart the proxy service using the web interface. Changes made to the
# 'include.acl' file will propagate to the 'squid.conf' file at that time.
shutdown_lifetime 5 seconds
icp_port 0
http_port 192.168.0.254:800
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_effective_user squid
cache_effective_group squid
umask 022
pid_filename /var/run/squid.pid
cache_mem 64 MB
cache_dir aufs /var/log/cache 300 16 256
error_directory /usr/lib/squid/advproxy/errors/Portuguese
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
useragent_log /var/log/squid/user_agent.log
strip_query_terms off
log_mime_hdrs off
forwarded_for off
via off
auth_param basic program /usr/lib/squid/advproxy/auth/ncsa_auth /var/ipcop/proxy/advanced/ncsa/passwd
auth_param basic children 5
auth_param basic realm IPCop Advanced Proxy Server
auth_param basic credentialsttl 60 minutes
authenticate_ip_ttl 10 minutes
acl for_inetusers proxy_auth REQUIRED
acl for_extended_users proxy_auth "/var/ipcop/proxy/advanced/ncsa/extended.grp"
acl concurrent max_user_ip -s 1
acl with_allowed_useragents browser (MSIE.*[)]$)|(Windows\-Media\-Player)|(NSPlayer)|(Wget)|(Industry\sUpdate\sControl)|(Windows\sUpdate)|(Service\sPack\sSetup)|(Progressive\sDownload)|(Windows\-Update\-Agent)|(Microsoft\sBITS)
acl within_timeframe time MTWHFAS 00:00-24:00
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 563 # snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 800 # Squids port (for icons)
acl IPCop_http port 81
acl IPCop_https port 445
acl IPCop_ips dst 192.168.0.254
acl IPCop_networks src "/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl IPCop_servers dst "/var/ipcop/proxy/advanced/acls/src_subnets.acl"
acl IPCop_green_network src 192.168.0.0/255.255.255.0
acl IPCop_green_servers dst 192.168.0.0/255.255.255.0
acl CONNECT method CONNECT
#Access to squid:
#local machine, no restriction
http_access allow localhost
#GUI admin if local machine connects
http_access allow IPCop_ips IPCop_networks IPCop_http
http_access allow CONNECT IPCop_ips IPCop_networks IPCop_https
#Deny not web services
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Set custom configured ACLs
http_access allow IPCop_networks for_extended_users
http_access allow IPCop_networks for_inetusers !concurrent within_timeframe with_allowed_useragents
http_access deny all
#Strip HTTP Header
header_access X-Forwarded-For deny all
header_access Via deny all
maximum_object_size 4096 KB
minimum_object_size 0 KB
request_body_max_size 0 KB
reply_body_max_size 0 allow all
visible_hostname IPCOP
cache_mgr [email protected]
url_rewrite_program /usr/sbin/squidGuard
url_rewrite_children 5
-
Apenas era a ordem das regras no urlfilter. a que liberava estava depois das que bloqueava a url. mais tb o reinstalei antes.
Obrigado a todos por tentarem me ajudar
SOU BURRO
-
Alguém aqui usa a opção RESTRIÇÃO DE TEMPO do URLFilter?
pois eu uso, mais da problema.
tenho as seguintes blacklist (dating, recreation/sports, news, chat, webmail, socialnet) que são liberadas nos horario 07hrs as 08hrs(antes do expediente)das 12hrs as 14hrs(almoco)das 18hrs as 21hrs (Depois do expediente)
tb tenho as blacklist: searchengines. spyware, updatesites que são liberadas o tempo todo.
e tb tenho o horario de sabado com as blacklist (dating, recreation/sports, news, chat, webmail, socialnet)
a ordem é a seguinte
interior STQQSSD 00:00 to 24:00 192.168.0.0/24 searchengines|spyware|updatesites
Liberado
interior STQQS== 07:00 to 08:00 192.168.0.0/24 chat|dating|finance/banking|horario|movies|news|recreation/sports|socialnet|webmail
Antes do expediente
interior STQQS== 12:00 to 14:00 192.168.0.0/24 chat|dating|finance/banking|horario|movies|news|recreation/sports|socialnet|webmail
Horario de almoco
interior STQQS== 18:00 to 21:00 192.168.0.0/24 chat|dating|finance/banking|horario|movies|news|recreation/sports|socialnet|webmail
Depois do expediente
interior =====S= 09:00 to 15:00 192.168.0.0/24 chat|dating|finance/banking|horario|movies|news|recreation/sports|socialnet|webmail
Sabado
Sendo que do jeito que esta ninguem acessa nada no horario antes e depois do expediente nem no horario do almoço. se eu colocar a regra LIBERADO por ultimo fica dando o erro que mencionei neste post http://br.groups.yahoo.com/group/ipcop-br/message/537
O que fazer?