Tenho squid autenticado.
o usuário só navega, se colocar as configurações do proxy.
Se ele marcar o proxy, não consegue entrar no msn mas consegue baixar e-mails do outlook e entrar no skype e não pede autenticação.
Se ele não marcar o proxy no navegador:
Ele não navega em nada, mas consegue entrar no msn/skype e baixar/enviar e-mails do outlook.
O que posso fazer para bloquear isso? tenho uma acl chamada no_auth(não pede autenticação para acessar os sites dentro dela) que se eu não colocar as urls do msn dentro dela, os usuários não conseguem conectar no msn mesmo que a acl do usuário tenha as urls do msn. mas nessa acl só tem as urls do msn então não era para conectar no skype ou baixar e-mail sem pedir autenticação concorda?
Abaixo meu squid.conf
root@cache:/home/novaf# cat /etc/squid/squid.conf
#NOME DO SERVIDOR#####################################################
visible_hostname DebianLinux
######################################################################
#IP+PORTA USADA ####################################################
http_port 10.0.1.254:3128
######################################################################
icp_port 0
######################################################################
#CACHE USADO-METADE DA RAM)###########################################
cache_mem 512 MB
######################################################################
#Cache Swap###########################################################
cache_swap_low 80
cache_swap_high 90
######################################################################
#OBJECT_SIZE##########################################################
maximum_object_size 200 MB
minimum_object_size 0 KB
#tamanho m?ximo dos objetos alocados na mem?ria.
maximum_object_size_in_memory 30 KB
######################################################################
#DIRETORIOS DO CACHE MULTIPLOS########################################
cache_dir aufs /var/cachesquid1 5000 16 256
# Resolve um problema com conex?es persistentes que ocorre com certos servidores,
# e que provoca delays em nosso cache.
detect_broken_pconn on
# Provoca um ganho de performance ao usar conex?es Pipeline (requisi??es em
# paralelo)
#pipeline_prefetch on
#DNS squid cache
dns_nameservers 10.0.1.254
#####################################################################
#LOGS################################################################
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log none
#####################################################################
#REGRA AUTENTICACAO
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 3
authenticate_ttl 10 minutes
authenticate_ip_ttl 0
####################################################################
request_body_max_size 0 MB
####################################################################
#ACL's########################################################
#SITES QUE N?O PRECISAM DE AUTENTICACAO COM SENHA
acl NO_AUTH url_regex -i '/etc/squid/no_auth_url'
http_access allow NO_AUTH
#################################################
#SITES BLOQUEADOS PARA QUALQUER USUARIO
acl BLOCK url_regex -i '/etc/squid/bloqueados'
http_access deny BLOCK
#################################################
#MSN S? PARA USUARIOS DESSA ACL##################
acl bloqueiamsn url_regex -i "/etc/squid/bloqueiamsn"
acl g_liberado proxy_auth itamar carlos.eduardo fernandocomercial alisson neide ademario marinalva fernando rmartins vicente handerson
http_access deny bloqueiamsn !g_liberado
#################################################
##### BLOQUEIO DE DOWNLOAD DAS EXTENSOES ABAIXO##
acl extensoes url_regex -i \.bat \.scr \.mp3 \.bat \.vbs \.wmv \.wma \.mp4
http_access deny extensoes
#acl downloads urlpath_regex "/etc/squid/downloads.txt"
#http_access deny downloads
#testando a opcao abaixo
#acl downloads req_mime_type application/octet-stream application/zip audio/mpeg audio/wav video/mpeg video/avi video/quicktime video/x-msvideo video/x-ms-wmv/
#http_access deny downloads
#################################################
#REGRAS GERAIS###################################
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 4243 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
#FTP
ftp_passive on
ftp_sanitycheck on
#Estas 'refresh_pattern' fazem com que o squid mantenha o maximo
#possivel um objeto em cache, aumentando o cache HIT e byte HIT
refresh_pattern -i \.jpg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.gif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.png$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.jpeg$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.bmp$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tif$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.tiff$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.swf$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.exe$ 0 50% 21600 reload-into-ims
refresh_pattern -i \.php$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.html$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.htm$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtml$ 0 20% 1440 reload-into-ims
refresh_pattern -i \.shtm$ 0 20% 1440 reload-into-ims
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
#ZPH cache FULL
zph_local 0x60
zph_mode tos
zph_option 136
zph_parent 0
zph_sibling 0
#SITES QUE N?O ENTRAM NO CACHE###################
acl NO_CACHE url_regex -i '/etc/squid/no_cache_url'
no_cache deny NO_CACHE
#################################################
#AUTENTICA??ES POR USUARIO#######################
#Fernando
acl u_fernandocomercial proxy_auth fernandocomercial
#Marcelo
acl u_marcelo proxy_auth marcelo
#Mariana
acl u_mariana proxy_auth mariana
#Angel
acl u_angel proxy_auth angel
e etc...
#ACLS DE AUTENTICAO(O QUE PODE E O QUE N?O PODE ACESSAR)##########
#USER: Daniel
acl u_daniel_url_allow url_regex -i "/etc/squid/u_daniel_allow"
http_access allow u_daniel u_daniel_url_allow
acl u_daniel_url_deny url_regex -i "/etc/squid/u_daniel_deny"
http_access deny u_daniel u_daniel_url_deny
#ACLS DE AUTENTICAO(O QUE PODE E O QUE Nÿ?O PODE ACESSAR)##########
#USER: Mariana
acl u_mariana_url_allow url_regex -i "/etc/squid/u_mariana_allow"
http_access allow u_mariana u_mariana_url_allow
acl u_mariana_url_deny url_regex -i "/etc/squid/u_mariana_deny"
http_access deny u_mariana u_mariana_url_deny
#USER: Junior
acl u_junior_url_allow url_regex -i "/etc/squid/u_junior_allow"
http_access allow u_junior u_junior_url_allow
acl u_junior_url_deny url_regex -i "/etc/squid/u_junior_deny"
http_access deny u_junior u_junior_url_deny
e etc...
####################################################################
#LIBERAR AUTENTICACAO################################################
acl autenticados proxy_auth REQUIRED
http_access allow autenticados
#####################################################################
miss_access allow all
cache_mgr root
memory_pools on
#####################################################################
#BLOQUEIA TUDO#######################################################
http_access deny all
####################################################################
então, cada usuário tem sua acl de permissão e bloqueio...eu bloqueio tudo e só libero o que eu quero.
como faço para resolver esse problema do skype/msn/outlook?