+ Responder ao Tópico



  1. #1

    Padrão liberar msn squid autenticado

    sempre usei os squid autenticado e para liberar o msn para os usuários sempre fiz da seguinte forma:

    usuário restrito: tme uma acl com sites liberados e os seguintes links:

    #msn
    passport
    messenger
    msn
    live
    hotmail
    dstdomain
    loginnet.passaport.com
    gateway.dll


    e usuários liberados não acl logo acessam tudo como eu e sempre funcionou.agora tive reinstalar o debian 4.0 numa máquina um pouco mais robusta(P4 2.66/512mb/80GB sata ) então instalei o debian 4.0 lenny(eu estava com o etch 4.0) e fiz todas configurações e copiei o arquivo de autenticação passwd para o servidor novo com isso os usuários que já existiam acessam o msn normalmente mas e eu criar um usuário novo quer seja liberado(acessa tudo mas não consegue acessar o msn+hotmail) quer seja restrito(tem acl com os sites passados acima mas tb não acessa mais) não acessam mais o msn...o meu liberado(não tem acl) acessa tudo por ser antigo mas criei um novo liberado com o nome teste e o mesmo acessa tudo mas não acessa o msn e hotmail, o que pode ser?

  2. #2

    Padrão ..

    Posta ai o seu squid.conf para analizarmos e possamos ter uma visao mais ampliada do que possa a ser.

  3. #3

    Padrão

    vou colocar completo sem tirar nem por. como pode ver abaixo o usuário antigo fernando o meu no caso acessa tudo e o msn já o usuário teste não que criei hoje...o passwd antigo rodada no squid 2.6 debian etch 4.0 e hoje estou do o debian lenny 4.0 squid 2.7 não sei se muda algo mas era para acessar normal pois os links estão dentro das acls e o usuário teste/rmartins e etc..que estão liberados para tudo não acessam o msn+hotmail já o meu fernando/ademario que foram criados no servidor anterior acessao tudo e o msn tb.


    visible_hostname DebianLinux

    http_port 10.0.1.254:3128

    icp_port 0

    #htcp_port 0
    #mcast_groups 239.128.16.128
    #tcp_outgoing_address 0.0.0.0
    #udp_incoming_address 0.0.0.0
    #udp_outgoing_address 0.0.0.0
    #cache_peer hostname type 3128 3130
    #icp_query_timeout 0
    #maximum_icp_query_timeout 2000
    #mcast_icp_query_timeout 2000
    #dead_peer_timeout 10 seconds

    cache_mem 256 MB
    cache_swap_low 80
    cache_swap_high 90
    maximum_object_size 4096 KB

    #minimum_object_size 0 KB
    #fqdncache_size 1024

    cache_dir diskd /var/cachesquid1 2900 128 512 Q1=64 Q2=72
    cache_dir diskd /var/cachesquid2 2900 128 512 Q1=64 Q2=72
    cache_dir diskd /var/cachesquid3 2900 128 512 Q1=64 Q2=72
    cache_dir diskd /var/cachesquid4 2900 128 512 Q1=64 Q2=72
    cache_dir diskd /var/cachesquid5 2900 128 512 Q1=64 Q2=72
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log

    #cache_log /dev/null-antigo
    #cache_store_log /var/log/squid/store.log

    cache_store_log none

    #cache_swap_log
    #emulate_httpd_log off
    #mime_table /etc/squid/mime.conf
    #log_mime_hdrs off
    #useragent_log none
    #pid_filename /var/run/squid.pid
    #debug_options ALL,1
    #log_fqdn off
    #client_netmask 255.255.255.255
    #ftp_user Squid@
    #ftp_list_width 32
    ##ftp_passive on
    #cache_dns_program /usr/lib/squid/dnsserver
    #dns_children 5
    #dns_defnames off
    #dns_nameservers 127.0.0.1
    #unlinkd_program /usr/lib/squid/unlinkd
    #pinger_program /usr/lib/squid/pinger
    #redirect_program none
    #redirect_children 5
    #redirect_rewrites_host_header on

    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
    auth_param basic children 3


    #authenticate_program none
    #authenticate_program /koewy/modules/firewall/bin/koewy_pam_auth-> antigo
    #authenticate_children 3


    authenticate_ttl 10 minutes
    authenticate_ip_ttl 0

    #wais_relay_host localhost
    #wais_relay_port 8000
    #request_header_max_size 10 KB
    #request_body_max_size 1 MB

    request_body_max_size 0 MB

    #reply_body_max_size 0
    #reply_body_max_size 0

    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 10080

    #replacement_policy LFUDA
    #reference_age 1 year
    #quick_abort_min 16 KB
    #quick_abort_max 16 KB
    #quick_abort_pct 95
    #negative_ttl 5 minutes
    #positive_dns_ttl 6 hours
    #negative_dns_ttl 5 minutes
    #range_offset_limit 0 KB
    #connect_timeout 120 seconds
    #peer_connect_timeout 30 seconds
    #siteselect_timeout 4 seconds
    #read_timeout 15 minutes
    #request_timeout 30 seconds
    #client_lifetime 1 day
    #half_closed_clients on
    #pconn_timeout 120 seconds
    #ident_timeout 10 seconds
    #shutdown_lifetime 30 seconds
    #Defaults:
    acl NO_AUTH url_regex -i '/etc/squid/no_auth_url'
    acl BLOCK url_regex -i '/etc/squid/bloqueados'



    ##### EXTENSOES ##########
    acl NEGAEXE url_regex -i ^http://.*\.exe$
    #acl EXTENSOES url_regex -i \.exe \.arj \.mp3 \.bat \.pif \.scr \.src \.wma \.avi \.wmv \.pps
    acl EXTENSOES url_regex -i \.arj \.mp3 \.bat \.pif \.scr \.src \.wma \.avi \.wmv \.pps \.ppt



    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 4243 563
    acl Safe_ports port 80 21 443 563 70 210 1025-65535
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl NO_CACHE url_regex -i '/etc/squid/no_cache_url'



    http_access deny bloqueiamsn
    #http_access allow PORTAS
    #http_access allow EXTENSOES
    http_access deny EXTENSOES

    #http_access allow g_liberado
    #http_access deny NEGAEXE

    #http_access allow MSN LIBERADOS_MSN
    #http_access deny MSN

    http_access allow NO_AUTH
    http_access deny BLOCK



    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    no_cache deny NO_CACHE
    #Usuarios:

    #USER:Fernando
    acl u_fernando proxy_auth fernando
    #Natasha
    acl u_natasha proxy_auth natasha
    #USER:Ademario
    acl u_ademario proxy_auth ademario
    #USER:Alex
    acl u_alexsandro.silva proxy_auth alexsandro.silva
    #USER: alisson
    acl u_alisson proxy_auth alisson
    #USER: Misterlan
    acl u_misterlan proxy_auth misterlan
    #USER: neide
    acl u_neide proxy_auth neide
    #USER: hiltevan
    acl u_hiltevan proxy_auth hiltevan
    #USER: Haila
    acl u_haila proxy_auth haila
    #USER: Georgy
    acl u_georgy proxy_auth georgy
    #USER: roze
    acl u_roze proxy_auth roze
    #acl u_georgy proxy_auth georgy
    #USER: edno
    acl u_edno proxy_auth edno
    #USER: saul
    acl u_saul proxy_auth saul
    #USER:diego
    acl u_diego proxy_auth diego
    #USER: Luiz Roma
    acl u_luiz.roma proxy_auth luiz.roma
    #USER: Neomar
    acl u_neomar proxy_auth neomar
    #USER: Mariana
    acl u_mariana proxy_auth mariana
    #USER: Marinalva
    acl u_marinalvaxp proxy_auth marinalvaxp
    #User: inspetor
    acl u_inspetor proxy_auth inspetor
    #User: teste
    acl u_teste proxy_auth teste
    #User: Rogerio
    acl u_rmartins proxy_auth rmartins
    Última edição por lfernandosg; 12-08-2008 às 13:21.

  4. #4

    Padrão

    restante do squid.conf:



    #Acls por usuario
    #USER: inspetor
    acl u_inspetor_url_allow url_regex -i "/etc/squid/u_inspetor_allow"
    http_access allow u_inspetor u_inspetor_url_allow
    acl u_inspetor_url_deny url_regex -i "/etc/squid/u_inspetor_deny"
    http_access deny u_inspetor u_inspetor_url_deny



    #USER: Ademario
    acl u_ademario_url_allow url_regex -i "/etc/squid/u_ademario_allow"
    http_access allow u_ademario u_ademario_url_allow


    #USER: Alex
    acl u_alexsandro.silva_url_allow url_regex -i "/etc/squid/u_alex_allow"
    http_access allow u_alexsandro.silva u_alexsandro.silva_url_allow
    acl u_alexsandro.silva_url_deny url_regex -i "/etc/squid/u_alex_deny"
    http_access deny u_alexsandro.silva u_alexsandro.silva_url_deny


    #USER: alisson
    acl u_alisson_url_allow url_regex -i "/etc/squid/u_alisson_allow"
    http_access allow u_alisson u_alisson_url_allow
    acl u_alisson_url_deny url_regex -i "/etc/squid/u_alisson_deny"
    http_access deny u_alisson u_alisson_url_deny



    #USER: Diego
    acl u_diego_url_allow url_regex -i "/etc/squid/u_diego_allow"
    http_access allow u_diego u_diego_url_allow
    acl u_diego_url_deny url_regex -i "/etc/squid/u_diego_deny"
    http_access deny u_diego u_diego_url_deny



    #USER: Edno
    acl u_edno_url_allow url_regex -i "/etc/squid/u_edno_allow"
    http_access allow u_edno u_edno_url_allow
    acl u_edno_url_deny url_regex -i "/etc/squid/u_edno_deny"
    http_access deny u_edno u_edno_url_deny




    #USER: georgy
    acl u_georgy_url_allow url_regex -i "/etc/squid/u_georgy_allow"
    http_access allow u_georgy u_georgy_url_allow
    #acl u_georgy_url_deny url_regex -i "/etc/squid/u_georgy_deny"
    #http_access deny u_georgy u_georgy_url_deny



    #USER: Misterlan
    acl u_misterlan_url_allow url_regex -i "/etc/squid/u_misterlan_allow"
    http_access allow u_misterlan u_misterlan_url_allow
    acl u_misterlan_url_deny url_regex -i "/etc/squid/u_misterlan_deny"
    http_access deny u_misterlan u_misterlan_url_deny

    #USER: Natasha
    acl u_natasha_url_allow url_regex -i "/etc/squid/u_natasha_allow"
    http_access allow u_natasha u_natasha_url_allow
    acl u_natasha_url_deny url_regex -i "/etc/squid/u_natasha_deny"
    http_access deny u_natasha u_natasha_url_deny



    #USER:Luiz roma
    acl u_luiz.roma_url_allow url_regex -i "/etc/squid/u_luiz.roma_allow"
    http_access allow u_luiz.roma u_luiz.roma_url_allow
    acl u_luiz.roma_url_deny url_regex -i "/etc/squid/u_luiz.roma_deny"
    http_access deny u_luiz.roma u_luiz.roma_url_deny

    #USER:Mariana
    acl u_mariana_url_allow url_regex -i "/etc/squid/u_mariana_allow"
    http_access allow u_mariana u_mariana_url_allow
    acl u_mariana_url_deny url_regex -i "/etc/squid/u_mariana_deny"
    http_access deny u_mariana u_mariana_url_deny


    #USER:Rose
    acl u_rose_url_allow url_regex -i "/etc/squid/u_rose_allow"
    http_access allow u_roze u_rose_url_allow
    #acl u_rose_url_deny url_regex -i "/etc/squid/u_rose_deny"
    #http_access deny u_roze u_rose_url_deny





    #USER: Saul
    acl u_saul_url_allow url_regex -i "/etc/squid/u_saul_allow"
    http_access allow u_saul u_saul_url_allow
    acl u_saul_url_deny url_regex -i "/etc/squid/u_saul_deny"
    http_access deny u_saul u_saul_url_deny






    #USER: Teste
    acl u_teste_url_allow url_regex -i "/etc/squid/u_teste_allow"
    http_access allow u_teste u_teste_url_allow


    #USER: haila
    acl u_haila_url_allow url_regex -i "/etc/squid/u_haila_allow"
    http_access allow u_haila u_haila_url_allow
    acl u_haila_url_deny url_regex -i "/etc/squid/u_haila_deny"
    http_access deny u_haila u_haila_url_deny


    #USER: hiltevan
    acl u_hiltevan_url_allow url_regex -i "/etc/squid/u_hiltevan_allow"
    http_access allow u_hiltevan u_hiltevan_url_allow
    acl u_hiltevan_url_deny url_regex -i "/etc/squid/u_hiltevan_deny"
    http_access deny u_hiltevan u_hiltevan_url_deny



    #USER: Neide
    acl u_neide_url_allow url_regex -i "/etc/squid/u_neide_allow"
    http_access allow u_neide u_neide_url_allow
    acl u_neide_url_deny url_regex -i "/etc/squid/u_neide_deny"
    http_access deny u_neide u_neide_url_deny


    #USER: Rogerio
    acl u_rmartins_url_allow url_regex -i "/etc/squid/u_rogerio_allow"
    http_access allow u_rmartins u_neide_url_allow
    acl u_rmartins_url_deny url_regex -i "/etc/squid/u_rogerio_deny"
    http_access deny u_rmartins u_rmartins_url_deny





    #USER:Neomar
    acl u_neomar_url_allow url_regex -i "/etc/squid/u_neomar_allow"
    http_access allow u_neomar u_neomar_url_allow
    acl u_neomar_url_deny url_regex -i "/etc/squid/u_neomar_deny"
    http_access deny u_neomar u_neomar_url_deny

    #USER:Marinalva
    acl u_marinalvaxp_url_allow url_regex -i "/etc/squid/u_marinalvaxp_allow"
    http_access allow u_marinalvaxp u_marinalvaxp_url_allow
    #acl u_marinalvaxp_url_deny url_regex -i "/etc/squid/u_marinalvaxp_deny"
    #http_access deny u_marinalvaxp u_marinalvaxp_url_deny



    #USER:Fernando
    acl u_fernando_url_allow url_regex -i "/etc/squid/u_fernando_allow"
    http_access allow u_fernando u_fernando_url_allow
    #acl u_fernando_url_deny url_regex -i "/etc/squid/u_fernando_deny"
    #http_access deny u_fernando u_fernando_url_deny





    icp_access allow all
    miss_access allow all

    #proxy_auth_realm Senha de acesso para uso da internet
    #ident_lookup_access deny all

    cache_mgr root

    #cache_effective_user squid
    #cache_effective_group squid
    #visible_hostname www-cache.foo.org
    #unique_hostname www-cache1.foo.org
    #announce_period 1 day
    #announce_host tracker.ircache.net
    #announce_port 3131
    #httpd_accel_host virtual
    #httpd_accel_port 80
    #httpd_accel_with_proxy on
    #httpd_accel_uses_host_header on
    #dns_testnames netscape.com internic.net nlanr.net microsoft.com
    #logfile_rotate 0
    #append_domain .yourdomain.com
    #tcp_recv_bufsize 0 bytes
    #err_html_text

    memory_pools on
    forwarded_for off

    #log_icp_queries on
    #icp_hit_stale off
    #minimum_direct_hops 4
    #cachemgr_passwd secret shutdown
    #cachemgr_passwd lesssssssecret info stats/objects
    #cachemgr_passwd disable all
    #store_avg_object_size 13 KB
    #store_objects_per_bucket 50
    #client_db on
    #netdb_low 900
    #netdb_high 1000
    #netdb_ping_period 5 minutes
    #query_icmp off
    #test_reachability off
    #buffered_logs off
    #reload_into_ims off
    #anonymize_headers
    #fake_user_agent none
    #error_directory /etc/squid/errors
    #minimum_retry_timeout 5 seconds
    #maximum_single_addr_tries 3
    #snmp_port 3401
    #snmp_access allow snmppublic localhost
    #snmp_access deny all
    #snmp_incoming_address 0.0.0.0
    #snmp_outgoing_address 0.0.0.0
    #wccp_router 0.0.0.0
    #wccp_version 4
    #wccp_incoming_address 0.0.0.0
    #wccp_outgoing_address 0.0.0.0

    ie_refresh on

    #delay_pools 0
    #delay_pools 2 # 2 delay pools
    #delay_class 1 2 # pool 1 is a class 2 pool
    #delay_class 2 3 # pool 2 is a class 3 pool
    #delay_access 1 allow some_big_clients
    #delay_access 1 deny all
    #delay_access 2 allow lotsa_little_clients
    #delay_access 2 deny all
    #delay_parameters 1 -1/-1 8000/8000
    #delay_parameters 2 32000/32000 8000/8000 600/64000
    #delay_initial_bucket_level 50
    #incoming_icp_average 6
    #incoming_http_average 4
    #min_icp_poll_cnt 8
    #min_http_poll_cnt 8
    #uri_whitespace strip
    #acl buggy_server url_regex ^http://....
    #broken_posts allow buggy_server
    #prefer_direct on
    #strip_query_terms on
    #ignore_unknown_nameservers on
    #digest_generation on
    #digest_bits_per_entry 5
    #digest_rebuild_period 1 hour
    #digest_rewrite_period 1 hour
    #digest_swapout_chunk_size 4096 bytes
    #digest_rebuild_chunk_percentage 10
    #client_persistent_connections on
    #server_persistent_connections on

  5. #5

    Padrão

    estou para ficar doido com isso..achei que era a versão 2.7 do squid que estava dando problemas então peguei outra máquina e instalei a versão stable do debian 4.0 com squid 2.6 e está acontecendo o mesmo erro...olha que estranho...transferir tudo que eu tinha de backup menos o passwd onde fica os usuários autenticados pois quis fazer o teste criando os usuários do zero e me deparei com a seguinte situação:


    criei um usuario chamado teste liberado para tudo juntamente com o arquivo passwd:

    #htpasswd -c /etc/squid/passwd teste coloquei senha 1234

    depois fui tentar acessar os sites...acessei todos normalmente...mas por incrível que parece continuo sem acessar o hotmail e o site do underlinux...fica pedindo senha até entrar na tela de cache negado.


    OBS.:lembrando que esse usuário teste não tem nenhuma ACL e entra em tudo já testei o uol, mercado livre e etc...


    então fiz outro teste, criei o usuário antigo meu chamado fernando:

    htpasswd /etc/squid/passwd fernando coloquei minha senha...


    e para surpresa..entrou em tudo, msn, hotmail, uol e etc...como isso está acontecendo já que estou criando o usuário do zero e ele tem o mesmo perfil do teste? acho que tem algo pegando dos usuários antigo pois criei um outro usuario que nunva tinha criado e deu o mesmo erro do teste...alguém me ajuda por favor.

  6. #6

    Padrão ..

    Fala Fernando.

    Cara ainda nao tive tempo de analisar direito esse squid.conf seu, mas pelo que ja notei acredito que seja as ordens das acls com a autenticaçao.Por exemplo aqui na empresa eu uso + ou _ assim so pra vc ter uma ideia da ordem vou mostar so a parte referente a autenticaçao e acls.

    #CONFIGURAÇOES DE AUTENTICAÇAO
    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
    auth_param basic children 5

    auth_param basic realm Controle de Acesso
    auth_param basic credentialsttl 2 hours



    #USUARIOS DE ACESSO TOTAL
    acl acesso_total proxy_auth "/etc/squid/diretivas/acesso_total"
    http_access allow acesso_total

    #BLOQUEIOS DE PALAVRAS PADRAO
    acl bloquear_palavras url_regex -i "/etc/squid/bloqueios/bloquear_palavras.squid"
    http_access deny bloquear_palavras

    #BLOQUEIOS DE SITES PADRAO
    acl bloquear_sites dstdomain -i "/etc/squid/bloqueios/bloquear_sites.squid"
    http_access deny bloquear_sites

    #BLOQUEIO MALWARE
    acl malware_block_list url_regex -i "/etc/squid/bloqueios/malware_block_list.squid"
    http_access deny malware_block_list


    #ACESSO RESTRITO COM SENHA
    acl restritos proxy_auth "/etc/squid/diretivas/restritos"
    http_access allow restritos


    ....................................................
    Nessa configuraçao o usuario que entar com o usuario de acesso total vai poder acessar tudo pois o mesmo esta antes das diretivas de acesso ou seja as acls. Ja o usuario restrito vai ter acesso restrito inclusive a o messenger pois o mesmo esta logo apos as acls de bloqueio.

    Obs. Lembrando que o messenger tem uqe estar configurado para passar pelo proxy com usuario e senha de acesso total,tive um grande problema aqui na empresa com isso pois o squid nao deixava ninguem conectar.

    Como eu disse nao analizei direito o seu squid.conf isso so e uma dica pra ve se resolve, e como vc disse sobre o usuario antigo esta aparecendo abre o aquivo passwd com "nano passwd" e verifica os usuarios ja cadastrados.

    Qualquer coisa tamo ai.

  7. #7

    Padrão

    fala cara blz? obridado pela dica..posso tentar sua solução mas acho que o problema deve ser outro pois os usuaários que já existiam acessam normalmente tudo e o msn.


    para você entender melhor:

    hoje peguei o servidor que estava funcionando normal com squid 2.6 e fui testar aqui...criei um usuário novo e o mesmo acesso tudo menos o hotmail+msn...então muito estranho não? pois acho que se fosse posição das acls, os antigos tb não iriam conseguir.


    depois tentei criar o arquivo passwd do zero e recriar todos usuários...e só funciona com os usuários antigos dentro do squid.conf...pois quando crio um novo ele acessa tudo menos o hotmail+messenger.


    outra coisa que notei foi o seguinte....no servidor antigo eu tinha um emenda usando autenticado+transparent pois todos o sites que estavam dentro da acl no_auth não precisava autenticar estando o browser configurado ou não....então antes o msn era liberado e estava dentro da acl no_auth e antes de colocar o servidor novo, tirei os links do msn de dentro da acl e coloquei dentro da acl de cara usuário e estava funcionando...hoje para teste peguei os links de coloquei de volta no servidor antigo e notei que só funcionou com o browser configurado.

    se puder me ajudar fico muito grato pois esse problema está tirando meu sono...chegaram uns novatos na empresa e preciso liberar msn para o usuario deles...


    outra coisa se puder me mandar seu squid.conf para meu e-mail:

    [email protected]
    [email protected]

    fico grato pois vou pegar outra máquina e tentar refazer do zero usando sua ordem para ver se resolve.o seu squid é o 2.7 ou 2.6?


    Aguardo e muito obrigado.

  8. #8

    Padrão

    descobrir...era uma droga de acl que estava descomentada mas já achei...agora como faço para deixar mais organizado no quesito sequência?as acls de autenticação de cada usuário vem antes das gerais como bloqueio de portas, sites bloqueados e etc..

    e outra coisa..estou achando o tempo de resposta do squid meio demorado, como faço para saber se ele está pegando as páginas do cache? como identifico isso pelo log?

  9. #9

    Padrão

    Que bom que resolveu seu problema, em relação a organizaçao tente tirar o que vc nao usa esse squid.conf seu ta gigante.Exemplo ao inves de fazer exemplo 10 acls de autenticação para usuarios que tem os mesmos privilegios crie uma so ligando pra um arquivo contendo os nomes da contas .

    acl users proxy_auth "/etc/squid/users"
    http_access allow users

    E quanto a navegaçao lenta se realmente seu pc tem 512 de ram seu "cache_mem" esta muito alto assim ele vai trabalhar chutado.Vc tem que fazer o calculo em cima do tamanho do seu cache , pois o squid come muita memoria e ai ele ta sobrecarregado.
    Infelizmente com uma memoria de 512 vc nao pode usar muito desse HD de 80.

  10. #10

    Padrão

    o pior que tenho que colocar por usuário a pedido da diretoria cada um tem sua acl podendo acessar só as páginas que libero.

    dei uma alterada no squid.conf para ver se fica mais organizado colocando só o que uso e as acls allow coladas com seus bloqueios abaixo..não testei ainda pois estou ausente...terça feira tento isso localmente para testar cada regra:



    #NOME DO SERVIDOR#####################################################
    visible_hostname DebianLinux
    ######################################################################
    #IP+PORTA USADA ####################################################
    http_port 10.0.1.254:3128
    ######################################################################
    icp_port 0
    ######################################################################
    #CACHE USADO-METADE DA RAM)###########################################
    cache_mem 256 MB
    ######################################################################
    #Cache Swap###########################################################
    cache_swap_low 80
    cache_swap_high 90
    ######################################################################
    maximum_object_size 4096 KB
    ######################################################################
    #minimum_object_size 0 KB
    ######################################################################
    #DIRETORIOS DO CACHE MULTIPLOS########################################
    cache_dir diskd /var/cachesquid1 2900 128 512 Q1=64 Q2=72
    cache_dir diskd /var/cachesquid2 2900 128 512 Q1=64 Q2=72
    cache_dir diskd /var/cachesquid3 2900 128 512 Q1=64 Q2=72
    cache_dir diskd /var/cachesquid4 2900 128 512 Q1=64 Q2=72
    cache_dir diskd /var/cachesquid5 2900 128 512 Q1=64 Q2=72
    #####################################################################
    #LOGS################################################################
    cache_access_log /var/log/squid/access.log
    cache_log /var/log/squid/cache.log
    cache_store_log none
    #####################################################################
    #REGRA AUTENTICACAO
    auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
    auth_param basic children 3
    authenticate_ttl 10 minutes
    authenticate_ip_ttl 0
    ####################################################################
    request_body_max_size 0 MB
    ####################################################################
    #ACL's########################################################
    #SITES QUE NÃO PRECISAM DE AUTENTICACAO COM SENHA
    acl NO_AUTH url_regex -i '/etc/squid/no_auth_url'
    http_access allow NO_AUTH
    #################################################
    #SITES BLOQUEADOS PARA QUALQUER USUARIO
    acl BLOCK url_regex -i '/etc/squid/bloqueados'
    http_access deny BLOCK
    #################################################
    #MSN SÓ PARA USUARIOS DESSA ACL##################
    acl bloqueiamsn url_regex -i "/etc/squid/bloqueiamsn"
    acl g_liberado proxy_auth alisson neide ademario luiz.roma marinalvaxp natasha fernando rmartins inspetor
    http_access deny bloqueiamsn !g_liberado
    #################################################
    ##### BLOQUEIO DE DOWNLOAD DAS EXTENSOES ABAIXO##
    acl EXTENSOES url_regex -i \.arj \.mp3 \.bat \.pif \.scr \.src \.wma \.avi \.wmv \.pps \.ppt
    http_access deny EXTENSOES
    #################################################

  11. #11

    Padrão

    continuação:

    #REGRAS GERAIS###################################
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl SSL_ports port 443 4243 563
    acl Safe_ports port 80 21 443 563 70 210 1025-65535
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost
    no_cache deny NO_CACHE
    #SITES QUE NÃO ENTRAM NO CACHE###################
    acl NO_CACHE url_regex -i '/etc/squid/no_cache_url'
    #################################################
    #AUTENTICAÇÕES POR USUARIO#######################
    #USER:Fernando
    acl u_fernando proxy_auth fernando
    #Natasha
    acl u_natasha proxy_auth natasha
    #USER:Ademario
    acl u_ademario proxy_auth ademario
    #USER:Alex
    acl u_alexsandro.silva proxy_auth alexsandro.silva
    #USER: alisson
    acl u_alisson proxy_auth alisson
    #USER: Misterlan
    acl u_misterlan proxy_auth misterlan
    #USER: neide
    acl u_neide proxy_auth neide
    #USER: hiltevan
    acl u_hiltevan proxy_auth hiltevan
    #USER: Haila
    acl u_haila proxy_auth haila
    #USER: Georgy
    acl u_georgy proxy_auth georgy
    #USER: roze
    acl u_roze proxy_auth roze
    #acl u_georgy proxy_auth georgy
    #USER: edno
    acl u_edno proxy_auth edno
    #USER: saul
    acl u_saul proxy_auth saul
    #USER:diego
    acl u_diego proxy_auth diego
    #USER: Luiz Roma
    acl u_luiz.roma proxy_auth luiz.roma
    #USER: Neomar
    acl u_neomar proxy_auth neomar
    #USER: Mariana
    acl u_mariana proxy_auth mariana
    #USER: Marinalva
    acl u_marinalvaxp proxy_auth marinalvaxp
    #User: inspetor
    acl u_inspetor proxy_auth inspetor
    #User: teste
    acl u_teste proxy_auth teste
    #User: teste
    acl u_rmartins proxy_auth rmartins


    #ACLS DE AUTENTICAO(O QUE PODE E O QUE NÃO PODE ACESSAR)##########
    #USER: inspetor
    acl u_inspetor_url_allow url_regex -i "/etc/squid/u_inspetor_allow"
    http_access allow u_inspetor u_inspetor_url_allow
    acl u_inspetor_url_deny url_regex -i "/etc/squid/u_inspetor_deny"
    http_access deny u_inspetor u_inspetor_url_deny
    ##################################################################
    #USER: ADEMARIO
    acl u_ademario_url_allow url_regex -i "/etc/squid/u_ademario_allow"
    http_access allow u_ademario u_ademario_url_allow
    ###################################################################
    #USER: ALEX
    acl u_alexsandro.silva_url_allow url_regex -i "/etc/squid/u_alex_allow"
    http_access allow u_alexsandro.silva u_alexsandro.silva_url_allow
    acl u_alexsandro.silva_url_deny url_regex -i "/etc/squid/u_alex_deny"
    http_access deny u_alexsandro.silva u_alexsandro.silva_url_deny
    ######################################################################
    #USER:ALISSON
    acl u_alisson_url_allow url_regex -i "/etc/squid/u_alisson_allow"
    http_access allow u_alisson u_alisson_url_allow
    acl u_alisson_url_deny url_regex -i "/etc/squid/u_alisson_deny"
    http_access deny u_alisson u_alisson_url_deny
    #####################################################################
    #USERIEGO
    acl u_diego_url_allow url_regex -i "/etc/squid/u_diego_allow"
    http_access allow u_diego u_diego_url_allow
    acl u_diego_url_deny url_regex -i "/etc/squid/u_diego_deny"
    http_access deny u_diego u_diego_url_deny
    #####################################################################
    #USER: EDNO
    acl u_edno_url_allow url_regex -i "/etc/squid/u_edno_allow"
    http_access allow u_edno u_edno_url_allow
    acl u_edno_url_deny url_regex -i "/etc/squid/u_edno_deny"
    http_access deny u_edno u_edno_url_deny
    ######################################################################
    #USER:GEORGY
    acl u_georgy_url_allow url_regex -i "/etc/squid/u_georgy_allow"
    http_access allow u_georgy u_georgy_url_allow
    #acl u_georgy_url_deny url_regex -i "/etc/squid/u_georgy_deny"
    #http_access deny u_georgy u_georgy_url_deny
    ######################################################################
    #USER:MISTERLAN
    acl u_misterlan_url_allow url_regex -i "/etc/squid/u_misterlan_allow"
    http_access allow u_misterlan u_misterlan_url_allow
    acl u_misterlan_url_deny url_regex -i "/etc/squid/u_misterlan_deny"
    http_access deny u_misterlan u_misterlan_url_deny
    #####################################################################
    #USER:NATASHA
    acl u_natasha_url_allow url_regex -i "/etc/squid/u_natasha_allow"
    http_access allow u_natasha u_natasha_url_allow
    acl u_natasha_url_deny url_regex -i "/etc/squid/u_natasha_deny"
    http_access deny u_natasha u_natasha_url_deny
    #####################################################################
    #USER:LUIZ ROMA
    acl u_luiz.roma_url_allow url_regex -i "/etc/squid/u_luiz.roma_allow"
    http_access allow u_luiz.roma u_luiz.roma_url_allow
    acl u_luiz.roma_url_deny url_regex -i "/etc/squid/u_luiz.roma_deny"
    http_access deny u_luiz.roma u_luiz.roma_url_deny
    #####################################################################
    #USER:MARIANA
    acl u_mariana_url_allow url_regex -i "/etc/squid/u_mariana_allow"
    http_access allow u_mariana u_mariana_url_allow
    acl u_mariana_url_deny url_regex -i "/etc/squid/u_mariana_deny"
    http_access deny u_mariana u_mariana_url_deny
    #####################################################################
    #USER:ROSE
    acl u_rose_url_allow url_regex -i "/etc/squid/u_rose_allow"
    http_access allow u_roze u_rose_url_allow
    #acl u_rose_url_deny url_regex -i "/etc/squid/u_rose_deny"
    #http_access deny u_roze u_rose_url_deny
    #####################################################################
    #USER: SAUL
    acl u_saul_url_allow url_regex -i "/etc/squid/u_saul_allow"
    http_access allow u_saul u_saul_url_allow
    acl u_saul_url_deny url_regex -i "/etc/squid/u_saul_deny"
    http_access deny u_saul u_saul_url_deny
    #####################################################################
    #USER:HAILA
    acl u_haila_url_allow url_regex -i "/etc/squid/u_haila_allow"
    http_access allow u_haila u_haila_url_allow
    acl u_haila_url_deny url_regex -i "/etc/squid/u_haila_deny"
    http_access deny u_haila u_haila_url_deny
    #####################################################################
    #USER:HILTEVAN
    acl u_hiltevan_url_allow url_regex -i "/etc/squid/u_hiltevan_allow"
    http_access allow u_hiltevan u_hiltevan_url_allow
    acl u_hiltevan_url_deny url_regex -i "/etc/squid/u_hiltevan_deny"
    http_access deny u_hiltevan u_hiltevan_url_deny
    #####################################################################
    #USER:NEIDE
    acl u_neide_url_allow url_regex -i "/etc/squid/u_neide_allow"
    http_access allow u_neide u_neide_url_allow
    acl u_neide_url_deny url_regex -i "/etc/squid/u_neide_deny"
    http_access deny u_neide u_neide_url_deny
    #####################################################################
    #USER:ROGERIO
    acl u_rmartins_url_allow url_regex -i "/etc/squid/u_rogerio_allow"
    http_access allow u_rmartins u_neide_url_allow
    acl u_rmartins_url_deny url_regex -i "/etc/squid/u_rogerio_deny"
    http_access deny u_rmartins u_rmartins_url_deny
    #####################################################################
    #USER:NEOMAR
    acl u_neomar_url_allow url_regex -i "/etc/squid/u_neomar_allow"
    http_access allow u_neomar u_neomar_url_allow
    acl u_neomar_url_deny url_regex -i "/etc/squid/u_neomar_deny"
    http_access deny u_neomar u_neomar_url_deny
    #####################################################################
    #USER:MARINALVA######################################################
    acl u_marinalvaxp_url_allow url_regex -i "/etc/squid/u_marinalvaxp_allow"
    http_access allow u_marinalvaxp u_marinalvaxp_url_allow
    #acl u_marinalvaxp_url_deny url_regex -i "/etc/squid/u_marinalvaxp_deny"
    #http_access deny u_marinalvaxp u_marinalvaxp_url_deny
    #####################################################################
    #LIBERAR AUTENTICACAO################################################
    acl autenticados proxy_auth REQUIRED
    http_access allow autenticados
    #####################################################################
    #BLOQUEIA TUDO#######################################################
    http_access deny all
    #####################################################################
    icp_access allow all
    miss_access allow all
    cache_mgr root
    memory_pools on
    #####################################################################