bom dia a todos, preciso de uma ajudinha http://www.guiadohardware.net/comuni...ilies/wink.gif bom aqui onde traballho nos usamos proxy transparente e estou querendo colocar proxy autenticadohttp://www.guiadohardware.net/comuni...ilies/wink.gif.
bom quero fazer da seguinte forma:
- todos as estaçoes que estao cadastradas no DHCP poderão acessar a intranet e alguns sites de trabalaho sem precisar autenticação.
-quando o usuario for acessar a net ,será requisitado o login e senha para acessar.
O que eu consegui fazer:
-ja fiz varios testes com tuto na net, o unico resultado que consegui foi autenticar todos que entraram na rede, mas ai fica complicado pois cadastrar umas 200 pessoas sedo que so 50 precisam acessar net.
segue o squid.conf
http_port 3128
visible_hostname srvinternet-Dell
cache_mem 512 MB
#esvazia o cache:
cache_swap_low 90
cache_swap_high 93
maximum_object_size_in_memory 200 KB
maximum_object_size 512 MB
minimum_object_size 10 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_log /var/log/squid/store.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 20% 2280
refresh_pattern . 15 20% 2280
logfile_rotate 10
icp_port 0
#icp_port 3130
#-------------------------------------------------------------#
####################### REGRAS DE ACL #########################
#-------------------------------------------------------------#
######autenticacao de ususario#########
#auth_param basic realm Squid
#auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
#acl autenticados proxy_auth REQUIRED
#######autenticacao de usuario
#http_access allow autenticados
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl Safe_ports port 8999 # serpro
acl Safe_ports port 23000 # serpro
acl Safe_ports port 8443 # serpro
acl Safe_ports port 23 # telnet serpro
acl Safe_ports port 8880 # hpopenview embratel
acl Safe_ports port 10000 # Webmin
acl Safe_ports port 13000-13005 # sites do dgp
acl purge method PURGE
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl redelocal src 192.168.0.0/24
############configuracao do sqstat#############
acl manager proto cache_object
acl webserver src 192.168.0.222/32
http_access allow manager webserver
http_access deny manager
##################################################
############ libera sites do exercito brasileiro sem autenticacao##################
acl liberasiteeb url_regex -i .eb.mil.br .ensino.eb.br .gov.br
http_access allow liberasiteeb
#####bloquea enderecos fora da rede local
#http_access deny !redelocal
#-------------------------------------------------------------#
########### BLOQUEIA MSN PARA USUARIOS #######################
#Bloqueando MSN
acl msn1 dstdomain loginnet.passport.com
acl msnmessenger url_regex -i gateway.dll
acl MSN req_mime_type -i ^application/x-msn-messenger$
acl webmsn dstdomain webmessenger.msn.com
acl libera_msn src "/etc/squid/libera_msn"
#-------------------------------------------------------------#
############### LIBERA ACESSO FULL AO EXECUTIVO ###############
#-------------------------------------------------------------#
### Libera somente executivo
acl executivo src "/etc/squid/executivo"
http_access allow executivo
#####libera net no horario de almoco##########
acl almoco time MTWHF 12:00-13:15
acl sitesalmoco dstdom_regex "/etc/squid/sitesalmoco"
http_access allow sitesalmoco almoco
http_access deny sitesalmoco
######bloqueia por extensao########
acl ext url_regex -i \.flv$ \.zip$ \.avi$ \.mp3$ \.exe$ \.torrent$ \.wmv$ \.rmvb$ \.iso$ \.bat$ \.inf$ \.wav$
http_access deny ext
#-------------------------------------------------------------#
#################### BLOQUEIA ACESSOS ####################
#-------------------------------------------------------------#
acl bloqueio url_regex -i http://.*/search\?q=.*
acl bloqueio url_regex -i Buy sell exchange convert Liberty Reserve WebMoney WMZ WMR StrictPay,Euro Gold Cash,Perfect Money Pecunix ProCurrex C-gold Yandex Money MoneyMail Instant online exchanges Ucash,solidtrustpay,Gold Pay,Gold-Pay,EvoWallet,cashU,moneybookers,e-dinar,edin
acl bloqueio url_regex -i http://.*/u/
acl bloqueio url_regex -i http://125.13.172.45/s/
acl bloqueio url_regex -i http://65.55.136.121:80
acl bloqueio url_regex -i http://i4.ytimg.com
acl bloqueio url_regex -i http://66.249.68.194
acl bloqueio url_regex -i http://www.whatismyip.org/
acl bloqueio url_regex -i http://whatismyip.org/
http_access deny bloqueio
### Bloqueia por Palavras
acl bloqueados dstdom_regex "/etc/squid/bloqueados"
http_access deny bloqueados
###libera msn
http_access allow libera_msn
http_access deny msnmessenger
http_access deny msn1
http_access deny MSN
http_access deny webmsn
### Libera internet somente para total
acl total src "/etc/squid/total"
http_access allow total
http_access deny redelocal
#####bloquea enderecos fora da rede local
http_access deny all