Página 1 de 2 12 ÚltimoÚltimo
+ Responder ao Tópico



  1. #1
    rcar
    Boa tarde pessoal,


    Pessoal alguns dias atrás postei meu firewall aqui e me disseram que teria que escreve-lo novamente. Seguindo as sugestões escrevi outro. Agora descobri que é o meu squid que está barrando o acesso ao Ftp e Email porta 25 e 110. O que devo fazer para consertar esse erro. Se precisar posto o meu squi aqui.

    Valew pessoal

  2. #2
    hellmans
    posta ai, eh uma regra dele



  3. E controlado ou com autenticaçao seu squid ???

  4. #4
    rcar
    ta meio bagunçado mas e esse aí...
    aceito sugestões para dar uma melhorada nele....

    Obrigado..


    # WELCOME TO SQUID 2
    # ------------------
    #
    # This is the default Squid configuration file. You may wish
    # to look at the Squid home page (http://www.squid-cache.org/)
    # for the FAQ and other documentation.
    #
    # The default Squid config file shows what the defaults for
    # various options happen to be. If you don't need to change the
    # default, you shouldn't uncomment the line. Doing so may cause
    # run-time problems. In some cases "none" refers to no default
    # setting at all, while in other cases it refers to a valid
    # option - the comments for that keyword indicate if this is the
    # case.
    #


    # NETWORK OPTIONS
    # -----------------------------------------------------------------------------

    # TAG: http_port
    # Usage: port
    #
    # hostnameort
    # 1.2.3.4ort
    #
    # The socket addresses where Squid will listen for HTTP client
    # requests. You may specify multiple socket addresses.
    # There are three forms: port alone, hostname with port, and
    # IP address with port. If you specify a hostname or IP
    # address, then Squid binds the socket to that specific
    # address. This replaces the old 'tcp_incoming_address'
    # option. Most likely, you do not need to bind to a specific
    # address, so you can use the port number alone.
    #
    # The default port number is 3128.
    #
    # If you are running Squid in accelerator mode, then you
    # probably want to listen on port 80 also, or instead.
    #
    # The -a command line option will override the *first* port
    # number listed here. That option will NOT override an IP
    # address, however.
    #
    # You may specify multiple socket addresses on multiple lines.
    #
    #Default:
    http_port 3128

    # TAG: icp_port
    # The port number where Squid sends and receives ICP queries to
    # and from neighbor caches. Default is 3130. To disable use
    # "0". May be overridden with -u on the command line.
    #
    #Default:
    icp_port 3130

    # TAG: htcp_port
    # Note: This option is only available if Squid is rebuilt with the
    # --enable-htcp option
    #
    # The port number where Squid sends and receives HTCP queries to
    # and from neighbor caches. Default is 4827. To disable use
    # "0".
    #
    # To enable this option, you must use --enable-htcp with the
    # configure script.
    #
    #Default:
    # htcp_port 4827

    # TAG: mcast_groups
    # This tag specifies a list of multicast groups which your server
    # should join to receive multicasted ICP queries.
    #
    # NOTE! Be very careful what you put here! Be sure you
    # understand the difference between an ICP _query_ and an ICP
    # _reply_. This option is to be set only if you want to RECEIVE
    # multicast queries. Do NOT set this option to SEND multicast
    # ICP (use cache_peer for that). ICP replies are always sent via
    # unicast, so this option does not affect whether or not you will
    # receive replies from multicast group members.
    #
    # You must be very careful to NOT use a multicast address which
    # is already in use by another group of caches.
    #
    # If you are unsure about multicast, please read the Multicast
    # chapter in the Squid FAQ (http://www.squid-cache.org/FAQ/).
    #
    # Usage: mcast_groups 239.128.16.128 224.0.1.20
    #
    # By default, Squid doesn't listen on any multicast groups.
    #
    #Default:
    # none

    # TAG: tcp_outgoing_address
    # TAG: udp_incoming_address
    # TAG: udp_outgoing_address
    # Usage: tcp_incoming_address 10.20.30.40
    # udp_outgoing_address fully.qualified.domain.name
    #
    # tcp_outgoing_address is used for connections made to remote
    # servers and other caches.
    # udp_incoming_address is used for the ICP socket receiving packets
    # from other caches.
    # udp_outgoing_address is used for ICP packets sent out to other
    # caches.
    #
    # The default behavior is to not bind to any specific address.
    #
    # A *_incoming_address value of 0.0.0.0 indicates that Squid should
    # listen on all available interfaces.
    #
    # If udp_outgoing_address is set to 255.255.255.255 (the default)
    # then it will use the same socket as udp_incoming_address. Only
    # change this if you want to have ICP queries sent using another
    # address than where this Squid listens for ICP queries from other
    # caches.
    #
    # NOTE, udp_incoming_address and udp_outgoing_address can not
    # have the same value since they both use port 3130.
    #
    # NOTE, tcp_incoming_address has been removed. You can now
    # specify IP addresses on the 'http_port' line.
    #
    #Default:
    # tcp_outgoing_address 255.255.255.255
    # udp_incoming_address 0.0.0.0
    # udp_outgoing_address 255.255.255.255


    # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
    # -----------------------------------------------------------------------------

    # TAG: cache_peer
    # To specify other caches in a hierarchy, use the format:
    #
    # cache_peer hostname type http_port icp_port
    #
    # For example,
    #
    # # proxy icp
    # # hostname type port port options
    # # -------------------- -------- ----- ----- -----------
    # cache_peer parent.foo.net parent 3128 3130 [proxy-only]
    # cache_peer sib1.foo.net sibling 3128 3130 [proxy-only]
    # cache_peer sib2.foo.net sibling 3128 3130 [proxy-only]
    #
    # type: either 'parent', 'sibling', or 'multicast'.
    #
    # proxy_port: The port number where the cache listens for proxy
    # requests.
    #
    # icp_port: Used for querying neighbor caches about
    # objects. To have a non-ICP neighbor
    # specify '7' for the ICP port and make sure the
    # neighbor machine has the UDP echo port
    # enabled in its /etc/inetd.conf file.
    #
    # options: proxy-only
    # weight=n
    # ttl=n
    # no-query
    # default
    # round-robin
    # multicast-responder
    # closest-only
    # no-digest
    # no-netdb-exchange
    # no-delay
    # login=userassword
    # connect-timeout=nn
    # digest-url=url
    # allow-miss
    #
    # use 'proxy-only' to specify that objects fetched
    # from this cache should not be saved locally.
    #
    # use 'weight=n' to specify a weighted parent.
    # The weight must be an integer. The default weight
    # is 1, larger weights are favored more.
    #
    # use 'ttl=n' to specify a IP multicast TTL to use
    # when sending an ICP queries to this address.
    # Only useful when sending to a multicast group.
    # Because we don't accept ICP replies from random
    # hosts, you must configure other group members as
    # peers with the 'multicast-responder' option below.
    #
    # use 'no-query' to NOT send ICP queries to this
    # neighbor.
    #
    # use 'default' if this is a parent cache which can
    # be used as a "last-resort." You should probably
    # only use 'default' in situations where you cannot
    # use ICP with your parent cache(s).
    #
    # use 'round-robin' to define a set of parents which
    # should be used in a round-robin fashion in the
    # absence of any ICP queries.
    #
    # 'multicast-responder' indicates that the named peer
    # is a member of a multicast group. ICP queries will
    # not be sent directly to the peer, but ICP replies
    # will be accepted from it.
    #
    # 'closest-only' indicates that, for ICP_OP_MISS
    # replies, we'll only forward CLOSEST_PARENT_MISSes
    # and never FIRST_PARENT_MISSes.
    #
    # use 'no-digest' to NOT request cache digests from
    # this neighbor.
    #
    # 'no-netdb-exchange' disables requesting ICMP
    # RTT database (NetDB) from the neighbor.
    #
    # use 'no-delay' to prevent access to this neighbor
    # from influencing the delay pools.
    #
    # use 'login=userassword' if this is a personal/workgroup
    # proxy and your parent requires proxy authentication.
    #
    # use 'connect-timeout=nn' to specify a peer
    # specific connect timeout (also see the
    # peer_connect_timeout directive)
    #
    # use 'digest-url=url' to tell Squid to fetch the cache
    # digest (if digests are enabled) for this host from
    # the specified URL rather than the Squid default
    # location.
    #
    # use 'allow-miss' to disable Squid's use of only-if-cached
    # when forwarding requests to siblings. This is primarily
    # useful when icp_hit_stale is used by the sibling. To
    # extensive use of this option may result in forwarding
    # loops, and you should avoid having two-way peerings
    # with this option. (for example to deny peer usage on
    # requests from peer by denying cache_peer_access if the
    # source is a peer)
    #
    # NOTE: non-ICP neighbors must be specified as 'parent'.
    #
    #Default:
    # none

    # TAG: cache_peer_domain
    # Use to limit the domains for which a neighbor cache will be
    # queried. Usage:
    #
    # cache_peer_domain cache-host domain [domain ...]
    # cache_peer_domain cache-host !domain
    #
    # For example, specifying
    #
    # cache_peer_domain parent.foo.net .edu
    #
    # has the effect such that UDP query packets are sent to
    # 'bigserver' only when the requested object exists on a
    # server in the .edu domain. Prefixing the domainname
    # with '!' means that the cache will be queried for objects
    # NOT in that domain.
    #
    # NOTE: * Any number of domains may be given for a cache-host,
    # either on the same or separate lines.
    # * When multiple domains are given for a particular
    # cache-host, the first matched domain is applied.
    # * Cache hosts with no domain restrictions are queried
    # for all requests.
    # * There are no defaults.
    # * There is also a 'cache_peer_access' tag in the ACL
    # section.
    #
    #Default:
    # none

    # TAG: neighbor_type_domain
    # usage: neighbor_type_domain parent|sibling domain domain ...
    #
    # Modifying the neighbor type for specific domains is now
    # possible. You can treat some domains differently than the the
    # default neighbor type specified on the 'cache_peer' line.
    # Normally it should only be necessary to list domains which
    # should be treated differently because the default neighbor type
    # applies for hostnames which do not match domains listed here.
    #
    #EXAMPLE:
    # cache_peer parent cache.foo.org 3128 3130
    # neighbor_type_domain cache.foo.org sibling .com .net
    # neighbor_type_domain cache.foo.org sibling .au .de
    #
    #Default:
    # none

    # TAG: icp_query_timeout (msec)
    # Normally Squid will automatically determine an optimal ICP
    # query timeout value based on the round-trip-time of recent ICP
    # queries. If you want to override the value determined by
    # Squid, set this 'icp_query_timeout' to a non-zero value. This
    # value is specified in MILLISECONDS, so, to use a 2-second
    # timeout (the old default), you would write:
    #
    # icp_query_timeout 2000
    #
    #Default:
    # icp_query_timeout 0

    # TAG: maximum_icp_query_timeout (msec)
    # Normally the ICP query timeout is determined dynamically. But
    # sometimes it can lead to very large values (say 5 seconds).
    # Use this option to put an upper limit on the dynamic timeout
    # value. Do NOT use this option to always use a fixed (instead
    # of a dynamic) timeout value. To set a fixed timeout see the
    # 'icp_query_timeout' directive.
    #
    #Default:
    # maximum_icp_query_timeout 2000

    # TAG: mcast_icp_query_timeout (msec)
    # For Multicast peers, Squid regularly sends out ICP "probes" to
    # count how many other peers are listening on the given multicast
    # address. This value specifies how long Squid should wait to
    # count all the replies. The default is 2000 msec, or 2
    # seconds.
    #
    #Default:
    # mcast_icp_query_timeout 2000

    # TAG: dead_peer_timeout (seconds)
    # This controls how long Squid waits to declare a peer cache
    # as "dead." If there are no ICP replies received in this
    # amount of time, Squid will declare the peer dead and not
    # expect to receive any further ICP replies. However, it
    # continues to send ICP queries, and will mark the peer as
    # alive upon receipt of the first subsequent ICP reply.
    #
    # This timeout also affects when Squid expects to receive ICP
    # replies from peers. If more than 'dead_peer' seconds have
    # passed since the last ICP reply was received, Squid will not
    # expect to receive an ICP reply on the next query. Thus, if
    # your time between requests is greater than this timeout, you
    # will see a lot of requests sent DIRECT to origin servers
    # instead of to your parents.
    #
    #Default:
    # dead_peer_timeout 10 seconds

    # TAG: hierarchy_stoplist
    # A list of words which, if found in a URL, cause the object to
    # be handled directly by this cache. In other words, use this
    # to not query neighbor caches for certain objects. You may
    # list this option multiple times.
    #
    #We recommend you to use at least the following line.
    hierarchy_stoplist cgi-bin ?

    # TAG: no_cache
    # A list of ACL elements which, if matched, cause the reply to
    # immediately removed from the cache. In other words, use this
    # to force certain objects to never be cached.
    #
    # You must use the word 'DENY' to indicate the ACL names which should
    # NOT be cached.
    #
    #We recommend you to use the following two lines.
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY


    # OPTIONS WHICH AFFECT THE CACHE SIZE
    # -----------------------------------------------------------------------------

    # TAG: cache_mem (bytes)
    # NOTE: THIS PARAMETER DOES NOT SPECIFY THE MAXIMUM PROCESS SIZE.
    # IT ONLY PLACES A LIMIT ON HOW MUCH ADDITIONAL MEMORY SQUID WILL
    # USE AS A MEMORY CACHE OF OBJECTS. SQUID USES MEMORY FOR OTHER
    # THINGS AS WELL. SEE THE SQUID FAQ SECTION 8 FOR DETAILS.
    #
    # 'cache_mem' specifies the ideal amount of memory to be used
    # for:
    # * In-Transit objects
    # * Hot Objects
    # * Negative-Cached objects
    #
    # Data for these objects are stored in 4 KB blocks. This
    # parameter specifies the ideal upper limit on the total size of
    # 4 KB blocks allocated. In-Transit objects take the highest
    # priority.
    #
    # In-transit objects have priority over the others. When
    # additional space is needed for incoming data, negative-cached
    # and hot objects will be released. In other words, the
    # negative-cached and hot objects will fill up any unused space
    # not needed for in-transit objects.
    #
    # If circumstances require, this limit will be exceeded.
    # Specifically, if your incoming request rate requires more than
    # 'cache_mem' of memory to hold in-transit objects, Squid will
    # exceed this limit to satisfy the new requests. When the load
    # decreases, blocks will be freed until the high-water mark is
    # reached. Thereafter, blocks will be used to store hot
    # objects.
    #
    #Default:
    cache_mem 16 MB

    # TAG: cache_swap_low (percent, 0-100)
    # TAG: cache_swap_high (percent, 0-100)
    #
    # The low- and high-water marks for cache object replacement.
    # Replacement begins when the swap (disk) usage is above the
    # low-water mark and attempts to maintain utilization near the
    # low-water mark. As swap utilization gets close to high-water
    # mark object eviction becomes more aggressive. If utilization is
    # close to the low-water mark less replacement is done each time.
    #
    # Defaults are 90% and 95%. If you have a large cache, 5% could be
    # hundreds of MB. If this is the case you may wish to set these
    # numbers closer together.
    #
    #Default:
    cache_swap_low 120
    cache_swap_high 125

    # TAG: maximum_object_size (bytes)
    # Objects larger than this size will NOT be saved on disk. The
    # value is specified in kilobytes, and the default is 4MB. If
    # you wish to get a high BYTES hit ratio, you should probably
    # increase this (one 32 MB object hit counts for 3200 10KB
    # hits). If you wish to increase speed more than your want to
    # save bandwidth you should leave this low.
    #
    # NOTE: if using the LFUDA replacement policy you should increase
    # this value to maximize the byte hit rate improvement of LFUDA!
    # See replacement_policy below for a discussion of this policy.
    #
    #Default:
    # maximum_object_size 4096 KB

    # TAG: minimum_object_size (bytes)
    # Objects smaller than this size will NOT be saved on disk. The
    # value is specified in kilobytes, and the default is 0 KB, which
    # means there is no minimum.
    #
    #Default:
    # minimum_object_size 0 KB

    # TAG: maximum_object_size_in_memory (bytes)
    # Objects greater than this size will not be attempted to kept in
    # the memory cache. This should be set high enough to keep objects
    # accessed frequently in memory to improve performance whilst low
    # enough to keep larger objects from hoarding cache_mem .
    #
    #Default:
    # maximum_object_size_in_memory 8 KB

    # TAG: ipcache_size (number of entries)
    # TAG: ipcache_low (percent)
    # TAG: ipcache_high (percent)
    # The size, low-, and high-water marks for the IP cache.
    #
    #Default:
    ipcache_size 1024
    ipcache_low 90
    ipcache_high 95

    # TAG: fqdncache_size (number of entries)
    # Maximum number of FQDN cache entries.
    #
    #Default:
    # fqdncache_size 1024

    # TAG: cache_replacement_policy
    # The cache replacement policy parameter determines which
    # objects are evicted (replaced) when disk space is needed.
    #
    # lru : Squid's original list based LRU policy
    # heap GDSF : Greedy-Dual Size Frequency
    # heap LFUDA: Least Frequently Used with Dynamic Aging
    # heap LRU : LRU policy implemented using a heap
    #
    # Applies to any cache_dir lines listed below this.
    #
    # The LRU policies keeps recently referenced objects.
    #
    # The heap GDSF policy optimizes object hit rate by keeping smaller
    # popular objects in cache so it has a better chance of getting a
    # hit. It achieves a lower byte hit rate than LFUDA though since
    # it evicts larger (possibly popular) objects.
    #
    # The heap LFUDA policy keeps popular objects in cache regardless of
    # their size and thus optimizes byte hit rate at the expense of
    # hit rate since one large, popular object will prevent many
    # smaller, slightly less popular objects from being cached.
    #
    # Both policies utilize a dynamic aging mechanism that prevents
    # cache pollution that can otherwise occur with frequency-based
    # replacement policies.
    #
    # NOTE: if using the LFUDA replacement policy you should increase
    # the value of maximum_object_size above its default of 4096 KB to
    # to maximize the potential byte hit rate improvement of LFUDA.
    #
    # For more information about the GDSF and LFUDA cache replacement
    # policies see http://www.hpl.hp.com/techreports/1999/HPL-1999-69.html
    # and http://fog.hpl.external.hp.com/techr...PL-98-173.html.
    #
    #Default:
    # cache_replacement_policy lru

    # TAG: memory_replacement_policy
    # The memory replacement policy parameter determines which
    # objects are purged from memory when memory space is needed.
    #
    # See cache_replacement_policy for details.
    #
    #Default:
    # memory_replacement_policy lru


    # LOGFILE PATHNAMES AND CACHE DIRECTORIES
    # -----------------------------------------------------------------------------

    # TAG: cache_dir
    # Usage:
    #
    # cache_dir Type Directory-Name Fs-specific-data [options]
    #
    # You can specify multiple cache_dir lines to spread the
    # cache among different disk partitions.
    #
    # Type specifies the kind of storage system to use. Most
    # everyone will want to use "ufs" as the type. If you are using
    # Async I/O (--enable async-io) on Linux or Solaris, then you may
    # want to try "aufs" as the type. Async IO support may be
    # buggy, however, so beware.
    #
    # 'Directory' is a top-level directory where cache swap
    # files will be stored. If you want to use an entire disk
    # for caching, then this can be the mount-point directory.
    # The directory must exist and be writable by the Squid
    # process. Squid will NOT create this directory for you.
    #
    # The ufs store type:
    #
    # "ufs" is the old well-known Squid storage format that has always
    # been there.
    #
    # cache_dir ufs Directory-Name Mbytes L1 L2 [options]
    #
    # 'Mbytes' is the amount of disk space (MB) to use under this
    # directory. The default is 100 MB. Change this to suit your
    # configuration.
    #
    # 'Level-1' is the number of first-level subdirectories which
    # will be created under the 'Directory'. The default is 16.
    #
    # 'Level-2' is the number of second-level subdirectories which
    # will be created under each first-level directory. The default
    # is 256.
    #
    # The aufs store type:
    #
    # "aufs" uses the same storage format as "ufs", utilizing
    # POSIX-threads to avoid blocking the main Squid process on
    # disk-I/O. This was formerly known in Squid as async-io.
    #
    # cache_dir aufs Directory-Name Mbytes L1 L2 [options]
    #
    # see argument descriptions under ufs above
    #
    # The diskd store type:
    #
    # "diskd" uses the same storage format as "ufs", utilizing a
    # separate process to avoid blocking the main Squid process on
    # disk-I/O.
    #
    # cache_dir diskd Directory-Name Mbytes L1 L2 [options] [Q1=n] [Q2=n]
    #
    # see argument descriptions under ufs above
    #
    # Q1 specifies the number of unacknowledged I/O requests when Squid
    # stops opening new files. If this many messages are in the queues,
    # Squid won't open new files. Default is 64
    #
    # Q2 specifies the number of unacknowledged messages when Squid
    # starts blocking. If this many messages are in the queues,
    # Squid blocks until it recevies some replies. Default is 72
    #
    # Common options:
    #
    # read-only, this cache_dir is read only.
    #
    # max-size=n, refers to the max object size this storedir supports.
    # It is used to initially choose the storedir to dump the object.
    # Note: To make optimal use of the max-size limits you should order
    # the cache_dir lines with the smallest max-size value first and the
    # ones with no max-size specification last.
    #
    #Default:
    cache_dir ufs /var/spool/squid 100 16 256

    # TAG: cache_access_log
    # Logs the client request activity. Contains an entry for
    # every HTTP and ICP queries received.
    #
    #Default:
    cache_access_log /var/log/squid/access.log

    # TAG: cache_log
    # Cache logging file. This is where general information about
    # your cache's behavior goes. You can increase the amount of data
    # logged to this file with the "debug_options" tag below.
    #
    #Default:
    cache_log /var/log/squid/cache.log

    # TAG: cache_store_log
    # Logs the activities of the storage manager. Shows which
    # objects are ejected from the cache, and which objects are
    # saved and for how long. To disable, enter "none". There are
    # not really utilities to analyze this data, so you can safely
    # disable it.
    #
    #Default:
    cache_store_log /var/log/squid/store.log

    # TAG: cache_swap_log
    # Location for the cache "swap.log." This log file holds the
    # metadata of objects saved on disk. It is used to rebuild the
    # cache during startup. Normally this file resides in each
    # 'cache_dir' directory, but you may specify an alternate
    # pathname here. Note you must give a full filename, not just
    # a directory. Since this is the index for the whole object
    # list you CANNOT periodically rotate it!
    #
    # If %s can be used in the file name then it will be replaced with a
    # a representation of the cache_dir name where each / is replaced
    # with '.'. This is needed to allow adding/removing cache_dir
    #
    # lines when cache_swap_log is being used.
    #
    # If have more than one 'cache_dir', and %s is not used in the name
    # then these swap logs will have names such as:
    #
    # cache_swap_log.00
    # cache_swap_log.01
    # cache_swap_log.02
    #
    # The numbered extension (which is added automatically)
    # corresponds to the order of the 'cache_dir' lines in this
    # configuration file. If you change the order of the 'cache_dir'
    # lines in this file, then these log files will NOT correspond to
    # the correct 'cache_dir' entry (unless you manually rename
    # them). We recommend that you do NOT use this option. It is
    # better to keep these log files in each 'cache_dir' directory.
    #
    #Default:
    # none

    # TAG: emulate_httpd_log on|off
    # The Cache can emulate the log file format which many 'httpd'
    # programs use. To disable/enable this emulation, set
    # emulate_httpd_log to 'off' or 'on'. The default
    # is to use the native log format since it includes useful
    # information that Squid-specific log analyzers use.
    #
    #Default:
    # emulate_httpd_log off

    # TAG: log_ip_on_direct on|off
    # Log the destination IP address in the hierarchy log tag when going
    # direct. Earlier Squid versions logged the hostname here. If you
    # prefer the old way set this to off.
    #
    #Default:
    # log_ip_on_direct on

    # TAG: mime_table
    # Pathname to Squid's MIME table. You shouldn't need to change
    # this, but the default file contains examples and formatting
    # information if you do.
    #
    #Default:
    # mime_table /etc/squid/mime.conf

    # TAG: log_mime_hdrs on|off
    # The Cache can record both the request and the response MIME
    # headers for each HTTP transaction. The headers are encoded
    # safely and will appear as two bracketed fields at the end of
    # the access log (for either the native or httpd-emulated log
    # formats). To enable this logging set log_mime_hdrs to 'on'.
    #
    #Default:
    # log_mime_hdrs off

    # TAG: useragent_log
    # Note: This option is only available if Squid is rebuilt with the
    # --enable-useragent-log option
    #
    # Squid will write the User-Agent field from HTTP requests
    # to the filename specified here. By default useragent_log
    # is disabled.
    #
    #Default:
    # none

    # TAG: referer_log
    # Note: This option is only available if Squid is rebuilt with the
    # --enable-referer-log option
    #
    # Squid will write the Referer field from HTTP requests to the
    # filename specified here. By default referer_log is disabled.
    #
    #Default:
    # none

    # TAG: pid_filename
    # A filename to write the process-id to. To disable, enter "none".
    #
    #Default:
    pid_filename /var/run/squid.pid

    # TAG: debug_options
    # Logging options are set as section,level where each source file
    # is assigned a unique section. Lower levels result in less
    # output, Full debugging (level 9) can result in a very large
    # log file, so be careful. The magic word "ALL" sets debugging
    # levels for all sections. We recommend normally running with
    # "ALL,1".
    #
    #Default:
    debug_options ALL,1

    # TAG: log_fqdn on|off
    # Turn this on if you wish to log fully qualified domain names
    # in the access.log. To do this Squid does a DNS lookup of all
    # IP's connecting to it. This can (in some situations) increase
    # latency, which makes your cache seem slower for interactive
    # browsing.
    #
    #Default:
    # log_fqdn off

    # TAG: client_netmask
    # A netmask for client addresses in logfiles and cachemgr output.
    # Change this to protect the privacy of your cache clients.
    # A netmask of 255.255.255.0 will log all IP's in that range with
    # the last digit set to '0'.
    #
    #Default:
    # client_netmask 255.255.255.255


    # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
    # -----------------------------------------------------------------------------

    # TAG: ftp_user
    # If you want the anonymous login password to be more informative
    # (and enable the use of picky ftp servers), set this to something
    # reasonable for your domain, like wwwuser@somewhere.net
    #
    # The reason why this is domainless by default is that the
    # request can be made on the behalf of a user in any domain,
    # depending on how the cache is used.
    # Some ftp server also validate that the email address is valid
    # (for example perl.com).
    #
    #Default:
    ftp_user Squid

    # TAG: ftp_list_width
    # Sets the width of ftp listings. This should be set to fit in
    # the width of a standard browser. Setting this too small
    # can cut off long filenames when browsing ftp sites.
    #
    #Default:
    #ftp_li st_width 32

    # TAG: ftp_passive
    # If your firewall does not allow Squid to use passive
    # connections, then turn off this option.
    #
    #Default:
    ftp_passive on

    # TAG: ftp_sanitycheck
    # For security and data integrity reasons Squid by default performs
    # sanity checks of the addresses of FTP data connections ensure the
    # data connection is to the requested server. If you need to allow
    # FTP connections to servers using another IP address for the data
    # connection then turn this off.
    #
    #Default:
    #
    #ftp_sanitycheck on
    ftp_sanitycheck off

    # TAG: cache_dns_program
    # Note: This option is only available if Squid is rebuilt with the
    # --disable-internal-dns option
    #
    # Specify the location of the executable for dnslookup process.
    #
    #Default:
    # cache_dns_program /usr/lib/squid/

    # TAG: dns_children
    # Note: This option is only available if Squid is rebuilt with the
    # --disable-internal-dns option
    #
    # The number of processes spawn to service DNS name lookups.
    # For heavily loaded caches on large servers, you should
    # probably increase this value to at least 10. The maximum
    # is 32. The default is 5.
    #
    # You must have at least one dnsserver process.
    #
    #Default:
    # dns_children 5

    # TAG: dns_retransmit_interval
    # Initial retransmit interval for DNS queries. The interval is
    # doubled each time all configured DNS servers have been tried.
    #
    #
    #Default:
    # dns_retransmit_interval 5 seconds

    # TAG: dns_timeout
    # DNS Query timeout. If no response is received to a DNS query
    # within this time then all DNS servers for the queried domain
    # is assumed to be unavailable.
    #
    #Default:
    # dns_timeout 5 minutes

    # TAG: dns_defnames on|off
    # Note: This option is only available if Squid is rebuilt with the
    # --disable-internal-dns option
    #
    # Normally the 'dnsserver' disables the RES_DEFNAMES resolver
    # option (see res_init(3)). This prevents caches in a hierarchy
    # from interpreting single-component hostnames locally. To allow
    # dnsserver to handle single-component names, enable this
    # option.
    #
    #Default:
    # dns_defnames off

    # TAG: dns_nameservers
    # Use this if you want to specify a list of DNS name servers
    # (IP addresses) to use instead of those given in your
    # /etc/resolv.conf file.
    #
    # Example: dns_nameservers 10.0.0.1 192.172.0.4
    #
    #Default:
    # none

    # TAG: diskd_program
    # Specify the location of the diskd executable.
    # Note that this is only useful if you have compiled in
    # diskd as one of the store io modules.
    #
    #Default:
    # diskd_program /usr/lib/squid/diskd

    # TAG: unlinkd_program
    # Specify the location of the executable for file deletion process.
    #
    #Default:
    # unlinkd_program /usr/lib/squid/unlinkd

    # TAG: pinger_program
    # Note: This option is only available if Squid is rebuilt with the
    # --enable-icmp option
    #
    # Specify the location of the executable for the pinger process.
    # This is only useful if you configured Squid (during compilation)
    # with the '--enable-icmp' option.
    #
    #Default:
    # pinger_program /usr/lib/squid/

    # TAG: redirect_program
    # Specify the location of the executable for the URL redirector.
    # Since they can perform almost any function there isn't one included.
    # See the Release-Notes for information on how to write one.
    # By default, a redirector is not used.
    #
    #Default:
    # none

    # TAG: redirect_children
    # The number of redirector processes to spawn. If you start
    # too few Squid will have to wait for them to process a backlog of
    # URLs, slowing it down. If you start too many they will use RAM
    # and other system resources.
    #
    #Default:
    # redirect_children 5

    # TAG: redirect_rewrites_host_header
    # By default Squid rewrites any Host: header in redirected
    # requests. If you are running a accelerator then this may
    # not be a wanted effect of a redirector.
    #
    #Default:
    # redirect_rewrites_host_header on

    # TAG: redirector_access
    # If defined, this access list specifies which requests are
    # sent to the redirector processes. By default all requests
    # are sentSSS.
    #
    #Default:
    # none

    # TAG: authenticate_program
    # Specify the command for the external authenticator. Such a
    # program reads a line containing "username password" and replies
    # "OK" or "ERR" in an endless loop. If you use an authenticator,
    # make sure you have 1 acl of type proxy_auth. By default, the
    # authenticator_program is not used.
    #
    # If you want to use the traditional proxy authentication,
    # jump over to the ../auth_modules/NCSA directory and
    # type:
    # % make
    # % make install
    #
    # Then, set this line to something like
    #
    # authenticate_program /usr/bin/ncsa_auth /usr/etc/passwd
    #
    #Default:
    #auth_param basic program /usr/sbin/ncsa_auth /etc/squid/passwd


    # TAG: authenticate_children
    # The number of authenticator processes to spawn (default 5). If you
    # start too few Squid will have to wait for them to process a backlog
    # of usercode/password verifications, slowing it down. When password
    # verifications are done via a (slow) network you are likely to need
    # lots of authenticator processes.
    #
    #Default:
    authenticate_children 5

    # TAG: authenticate_ttl
    # The time a checked username/password combination remains cached.
    # If a wrong password is given for a cached user, the user gets
    # removed from the username/password cache forcing a revalidation.
    #
    #Default:
    authenticate_ttl 2 hour

    # TAG: authenticate_ip_ttl
    # With this option you control how long a proxy authentication
    # will be bound to a specific IP address. If a request using
    # the same user name is received during this time then access
    # will be denied and both users are required to reauthenticate
    # them selves. The idea behind this is to make it annoying
    # for people to share their password to their friends, but
    # yet allow a dialup user to reconnect on a different dialup
    # port.
    #
    # The default is 0 to disable the check. Recommended value
    # if you have dialup users are no more than 60 seconds to allow
    # the user to redial without hassle. If all your users are
    # stationary then higher values may be used.
    #
    # See also authenticate_ip_ttl_is_strict
    #
    #Default:
    # authenticate_ip_ttl 0 seconds

    # TAG: authenticate_ip_ttl_is_strict
    # This option makes authenticate_ip_ttl a bit stricted. With this
    # enabled authenticate_ip_ttl will deny all access from other IP
    # addresses until the TTL has expired, and the IP address "owning"
    # the userid will not be forced to reauthenticate.
    #
    #Default:
    # authenticate_ip_ttl_is_strict on


    # OPTIONS FOR TUNING THE CACHE
    # -----------------------------------------------------------------------------

    # TAG: wais_relay_host
    # TAG: wais_relay_port
    # Relay WAIS request to host (1st arg) at port (2 arg).
    #
    #Default:
    # wais_relay_port 0

    # TAG: request_header_max_size (KB)
    # This specifies the maximum size for HTTP headers in a request.
    # Request headers are usually relatively small (about 512 bytes).
    # Placing a limit on the request header size will catch certain
    # bugs (for example with persistent connections) and possibly
    # buffer-overflow or denial-of-service attacks.
    #
    #Default:
    # request_header_max_size 10 KB

    # TAG: request_body_max_size (KB)
    # This specifies the maximum size for an HTTP request body.
    # In other words, the maximum size of a PUT/POST request.
    # A user who attempts to send a request with a body larger
    # than this limit receives an "Invalid Request" error message.
    # If you set this parameter to a zero, there will be no limit
    # imposed.
    #
    #Default:
    # request_body_max_size 1 MB

    # TAG: reply_body_max_size (KB)
    # This option specifies the maximum size of a reply body. It
    # can be used to prevent users from downloading very large files,
    # such as MP3's and movies. The reply size is checked twice.
    # First when we get the reply headers, we check the
    # content-length value. If the content length value exists and
    # is larger than this parameter, the request is denied and the
    # user receives an error message that says "the request or reply
    # is too large." If there is no content-length, and the reply
    # size exceeds this limit, the client's connection is just closed
    # and they will receive a partial reply.
    #
    # NOTE: downstream caches probably can not detect a partial reply
    # if there is no content-length header, so they will cache
    # partial responses and give them out as hits. You should NOT
    # use this option if you have downstream caches.
    #
    # If you set this parameter to zero (the default), there will be
    # no limit imposed.
    #
    #Default:
    # reply_body_max_size 0

    # TAG: refresh_pattern
    # usage: refresh_pattern [-i] regex min percent max [options]
    #
    # By default, regular expressions are CASE-SENSITIVE. To make
    # them case-insensitive, use the -i option.
    #
    # 'Min' is the time (in minutes) an object without an explicit
    # expiry time should be considered fresh. The recommended
    # value is 0, any higher values may cause dynamic applications
    # to be erroneously cached unless the application designer
    # has taken the appropriate actions.
    #
    # 'Percent' is a percentage of the objects age (time since last
    # modification age) an object without explicit expiry time
    # will be considered fresh.
    #
    # 'Max' is an upper limit on how long objects without an explicit
    # expiry time will be considered fresh.
    #
    # options: overrsde-expire
    # override-lastmod
    # reload-into-ims
    # ignore-reload
    #
    # override-expire enforces min age even if the server
    # sent a Expires: header. Doing this VIOLATES the HTTP
    # standard. Enabling this feature could make you liable
    # for problems which it causes.
    #
    # override-lastmod enforces min age even on objects
    # that was modified recently.
    #
    # reload-into-ims changes client no-cache or ``reload''
    # to If-Modified-Since requests. Doing this VIOLATES the
    # HTTP standard. Enabling this feature could make you
    # liable for problems which it causes.
    #
    # ignore-reload ignores a client no-cache or ``reload''
    # header. Doing this VIOLATES the HTTP standard. Enabling
    # this feature could make you liable for problems which
    # it causes.
    #
    # Please see the file doc/Release-Notes-1.1.txt for a full
    # description of Squid's refresh algorithm. Basically a
    # cached object is: (the order is changed from 1.1.X)
    #
    # FRESH if expires < now, else STALE
    # STALE if age > max
    # FRESH if lm-factor < percent, else STALE
    # FRESH if age < min
    # else STALE
    #
    # The refresh_pattern lines are checked in the order listed here.
    # The first entry which matches is used. If none of the entries
    # match, then the default will be used.
    #
    # Note, you must uncomment all the default lines if you want
    # to change one. The default setting is only active if none is
    # used.
    #
    #Default:
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320

    # TAG: reference_age
    # As a part of normal operation, Squid performs Least Recently
    # Used removal of cached objects. The LRU age for removal is
    # computed dynamically, based on the amount of disk space in
    # use. The dynamic value can be seen in the Cache Manager 'info'
    # output.
    #
    # The 'reference_age' parameter defines the maximum LRU age. For
    # example, setting reference_age to '1 week' will cause objects
    # to be removed if they have not been accessed for a week or
    # more. The default value is one year.
    #
    # Specify a number here, followed by units of time. For example:
    # 1 week
    # 3.5 days
    # 4 months
    # 2.2 hours
    #
    # NOTE: this parameter is not used when using the enhanced
    # replacement policies, GDSH or LFUDA.
    #
    #Default:
    # reference_age 1 year

    # TAG: quick_abort_min (KB)
    # TAG: quick_abort_max (KB)
    # TAG: quick_abort_pct (percent)
    # The cache can be configured to continue downloading aborted
    # requests. This may be undesirable on slow (e.g. SLIP) links
    # and/or very busy caches. Impatient users may tie up file
    # descriptors and bandwidth by repeatedly requesting and
    # immediately aborting downloads.
    #
    # When the user aborts a request, Squid will check the
    # quick_abort values to the amount of data transfered until
    # then.
    #
    # If the transfer has less than 'quick_abort_min' KB remaining,
    # it will finish the retrieval. Setting 'quick_abort_min' to -1
    # will disable the quick_abort feature.
    #
    # If the transfer has more than 'quick_abort_max' KB remaining,
    # it will abort the retrieval.
    #
    # If more than 'quick_abort_pct' of the transfer has completed,
    # it will finish the retrieval.
    #
    #Default:
    # quick_abort_min 16 KB
    # quick_abort_max 16 KB
    # quick_abort_pct 95

    # TAG: negative_ttl time-units
    # Time-to-Live (TTL) for failed requests. Certain types of
    # failures (such as "connection refused" and "404 Not Found") are
    # negatively-cached for a configurable amount of time. The
    # default is 5 minutes. Note that this is different from
    # negative caching of DNS lookups.
    #
    #Default:
    # negative_ttl 5 minutes

    # TAG: positive_dns_ttl time-units
    # Time-to-Live (TTL) for positive caching of successful DNS lookups.
    # Default is 6 hours (360 minutes). If you want to minimize the
    # use of Squid's ipcache, set this to 1, not 0.
    #
    #Default:
    # positive_dns_ttl 6 hours

    # TAG: negative_dns_ttl time-units
    # Time-to-Live (TTL) for negative caching of failed DNS lookups.
    #
    #Default:
    # negative_dns_ttl 5 minutes

    # TAG: range_offset_limit (bytes)
    # Sets a upper limit on how far into the the file a Range request
    # may be to cause Squid to prefetch the whole file. If beyond this
    # limit then Squid forwards the Range request as it is and the result
    # is NOT cached.
    #
    # This is to stop a far ahead range request (lets say start at 17MB)
    # from making Squid fetch the whole object up to that point before
    # sending anything to the client.
    #
    # A value of -1 causes Squid to always fetch the object from the
    # beginning so that it may cache the result. (2.0 style)
    #
    # A value of 0 causes Squid to never fetch more than the
    # client requested. (default)
    #
    #Default:
    # range_offset_limit 0 KB


    # TIMEOUTS
    # -----------------------------------------------------------------------------

    # TAG: connect_timeout time-units
    # Some systems (notably Linux) can not be relied upon to properly
    # time out connect(2) requests. Therefore the Squid process
    # enforces its own timeout on server connections. This parameter
    # specifies how long to wait for the connect to complete. The
    # default is two minutes (120 seconds).
    #
    #Default:
    # connect_timeout 2 minutes

    # TAG: peer_connect_timeout time-units
    # This parameter specifies how long to wait for a pending TCP
    # connection to a peer cache. The default is 30 seconds. You
    # may also set different timeout values for individual neighbors
    # with the 'connect-timeout' option on a 'cache_peer' line.
    #
    #Default:
    # peer_connect_timeout 30 seconds

    # TAG: siteselect_timeout time-units
    # For URN to multiple URL's URL selection
    #
    #Default:
    # siteselect_timeout 4 seconds

    # TAG: read_timeout time-units
    # The read_timeout is applied on server-side connections. After
    # each successful read(), the timeout will be extended by this
    # amount. If no data is read again after this amount of time,
    # the request is aborted and logged with ERR_READ_TIMEOUT. The
    # default is 15 minutes.
    #
    #Default:
    # read_timeout 15 minutes

    # TAG: request_timeout
    # How long to wait for an HTTP request after connection
    # establishment. For persistent connections, wait this long
    # after the previous request completes.
    #
    #Default:
    # request_timeout 30 seconds

    # TAG: client_lifetime time-units
    # The maximum amount of time that a client (browser) is allowed to
    # remain connected to the cache process. This protects the Cache
    # from having a lot of sockets (and hence file descriptors) tied up
    # in a CLOSE_WAIT state from remote clients that go away without
    # properly shutting down (either because of a network failure or
    # because of a poor client implementation). The default is one
    # day, 1440 minutes.
    #
    # NOTE: The default value is intended to be much larger than any
    # client would ever need to be connected to your cache. You
    # should probably change client_lifetime only as a last resort.
    # If you seem to have many client connections tying up
    # filedescriptors, we recommend first tuning the read_timeout,
    # request_timeout, pconn_timeout and quick_abort values.
    #
    #Default:
    # client_lifetime 1 day

    # TAG: half_closed_clients
    # Some clients may shutdown the sending side of their TCP
    # connections, while leaving their receiving sides open. Sometimes,
    # Squid can not tell the difference between a half-closed and a
    # fully-closed TCP connection. By default, half-closed client
    # connections are kept open until a read(2) or write(2) on the
    # socket returns an error. Change this option to 'off' and Squid
    # will immediately close client connections when read(2) returns
    # "no more data to read."
    #
    #Default:
    # half_closed_clients on

    # TAG: pconn_timeout
    # Timeout for idle persistent connections to servers and other
    # proxies.
    #
    #Default:
    # pconn_timeout 120 seconds

    # TAG: ident_timeout
    # Maximum time to wait for IDENT requests. If this is too high,
    # and you enabled 'ident_lookup', then you might be susceptible
    # to denial-of-service by having many ident requests going at
    # once.
    #
    # Only src type ACL checks are fully supported. A src_domain
    # ACL might work at times, but it will not always provide
    # the correct result.
    #
    # This option may be disabled by using --disable-ident with
    # the configure script.
    #
    #Default:
    # ident_timeout 10 seconds

    # TAG: shutdown_lifetime time-units
    # When SIGTERM or SIGHUP is received, the cache is put into
    # "shutdown pending" mode until all active sockets are closed.
    # This value is the lifetime to set for all open descriptors
    # during shutdown mode. Any active clients after this many
    # seconds will receive a 'timeout' message.
    #
    #Default:
    # shutdown_lifetime 30 seconds


    # ACCESS CONTROLS
    # -----------------------------------------------------------------------------

    # TAG: acl
    # Defining an Access List
    #
    # acl aclname acltype string1 ...
    # acl aclname acltype "file" ...
    #
    # when using "file", the file should contain one item per line
    #
    # acltype is one of src dst srcdomain dstdomain url_pattern
    # urlpath_pattern time port proto method browser user
    #
    # By default, regular expressions are CASE-SENSITIVE. To make
    # them case-insensitive, use the -i option.
    #
    # acl aclname src ip-address/netmask ... (clients IP address)
    # acl aclname src addr1-addr2/netmask ... (range of addresses)
    # acl aclname dst ip-address/netmask ... (URL host's IP address)
    # acl aclname myip ip-address/netmask ... (local socket IP address)
    #
    # acl aclname srcdomain .foo.com ... # reverse lookup, client IP
    # acl aclname dstdomain .foo.com ... # Destination server from URL
    # acl aclname srcdom_regex [-i] xxx ... # regex matching client name
    # acl aclname dstdom_regex [-i] xxx ... # regex matching server
    # # For dstdomain and dstdom_regex a reverse lookup is tried if a IP
    # # based URL is used. The name "none" is used if the reverse lookup
    # # fails.
    #
    # acl aclname time [day-abbrevs] [h1:m1-h2:m2]
    # day-abbrevs:
    # S - Sunday
    # M - Monday
    # T - Tuesday
    # W - Wednesday
    # H - Thursday
    # F - Friday
    # A - Saturday
    # h1:m1 must be less than h2:m2
    # acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL
    # acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path
    # acl aclname port 80 70 21 ...
    # acl aclname port 0-1024 ... # ranges allowed
    # acl aclname myport 3128 ... # (local socket TCP port)
    # acl aclname proto HTTP FTP ...
    # acl aclname method GET POST ...
    # acl aclname browser [-i] regexp
    # # pattern match on User-Agent header
    # acl aclname ident username ...
    # acl aclname ident_regex [-i] pattern ...
    # # string match on ident output.
    # # use REQUIRED to accept any non-null ident.
    # acl aclname src_as number ...
    # acl aclname dst_as number ...
    # # Except for access control, AS numbers can be used for
    # # routing of requests to specific caches. Here's an
    # # example for routing all requests for AS#1241 and only
    # # those to mycache.mydomain.net:
    # # acl asexample dst_as 1241
    # # cache_peer_access mycache.mydomain.net allow asexample
    # # cache_peer_access mycache_mydomain.net deny all
    #
    # acl aclname proxy_auth username ...
    # acl aclname proxy_auth_regex [-i] pattern ...
    # # list of valid usernames
    # # use REQUIRED to accept any valid username.
    # #
    # # NOTE: when a Proxy-Authentication header is sent but it is not
    # # needed during ACL checking the username is NOT logged
    # # in access.log.
    # #
    # # NOTE: proxy_auth requires a EXTERNAL authentication program
    # # to check username/password combinations (see
    # # authenticate_program).
    # #
    # # WARNING: proxy_auth can't be used in a transparent proxy. It
    # # collides with any authentication done by origin servers. It may
    # # seem like it works at first, but it doesn't.
    #
    # acl aclname snmp_community string ...
    # # A community string to limit access to your SNMP Agent
    # # Example:
    # #
    # # acl snmppublic snmp_community public
    #
    # acl aclname maxconn number
    # # This will be matched when the client's IP address has
    # # more than <number> HTTP connections established.
    #
    # acl req_mime_type mime-type1 ...
    # # regex match agains the mime type of the request generated
    # # by the client. Can be used to detect file upload or some
    # # types HTTP tunelling requests.
    # # NOTE: This does NOT match the reply. You cannot use this
    # # to match the returned file type.
    #
    #Examples:
    #acl myexample dst_as 1241
    #acl password proxy_auth REQUIRED
    #acl fileupload req_mime_type -i ^multipart/form-data$
    #Recommended minimum configuration:
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl net1 src 192.168.0.0/255.255.255.0
    #acl netpc src 200.242.133.0/255.255.255.0
    #acl net2 src 10.0.0.0/255.0.0.0
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 20 21 # ftpdata,ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl bloqueados url_regex "/var/spool/squid/bloqueados"
    acl noporn url_regex "/var/spool/squid/noporn.txt"
    acl lista url_regex -i "/var/spool/squid/lista"

    #acl auth proxy_auth REQUIRED
    # TAG: http_access
    # Allowing or Denying access based on defined access lists
    #
    # Access to the HTTP port:
    # http_access allow|deny [!]aclname ...
    #
    # NOTE on default values:
    #
    # If there are no "access" lines present, the default is to deny
    # the request.
    #
    # If none of the "access" lines cause a match, the default is the
    # opposite of the last line in the list. If the last line was
    # deny, then the default is allow. Conversely, if the last line
    # is allow, the default will be deny. For these reasons, it is a
    # good idea to have an "deny all" or "allow all" entry at the end
    # of your access lists to avoid potential confusion.
    #
    #Default:
    # http_access deny all
    #
    #Recommended minimum configuration:
    #
    # Only allow cachemgr access from localhost
    http_access deny bloqueados all
    acl ourallowedhosts src 192.168.0.0/255.255.255.0
    #acl ourallowedhosts1 src 200.242.133.128/255.255.255.192
    acl ourallowedhosts2 src 10.0.0.0/255.0.0.0
    acl connections maxconn 5
    http_access allow manager localhost
    http_access allow net1
    #http_access allow net2
    #http_access allow netpc
    http_access allow noporn all
    http_access deny manager
    # Deny requests to unknown ports
    http_access deny !Safe_ports
    # Deny CONNECT to other than SSL ports
    #http_access deny CONNECT !SSL_ports
    #
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    #
    # And finally deny all other access to this proxy
    http_access deny connections
    http_access allow ourallowedhosts
    #http_access allow ourallowedhosts1
    http_access allow ourallowedhosts2
    #http_access allow localhost
    http_access deny lista
    http_access deny all

    # TAG: icp_access
    # Allowing or Denying access to the ICP port based on defined
    # access lists:
    #
    # icp_access allow|deny [!]aclname ...
    #
    # See http_access for details
    #
    #Default:
    # icp_access deny all
    #
    #Allow ICP queries from eveyone
    #icp_access allow all

    # TAG: miss_access
    # Use to force your neighbors to use you as a sibling instead of
    # a parent. For example:
    #
    # acl localclients src 172.16.0.0/16
    # miss_access allow localclients
    # miss_access deny !localclients
    #
    # This means that only your local clients are allowed to fetch
    # MISSES and all other clients can only fetch HITS.
    #
    # By default, allow all clients who passed the http_access rules
    # to fetch MISSES from us.
    #
    #Default setting:
    miss_access allow all

    # TAG: cache_peer_access
    # Similar to 'cache_peer_domain' but provides more flexibility by
    # using ACL elements.
    #
    # cache_peer_access cache-host allow|deny [!]aclname ...
    #
    # The syntax is identical to 'http_access' and the other lists of
    # ACL elements. See the comments for 'http_access' below, or
    # the Squid FAQ (http://www.squid-cache.org/FAQ/FAQ-10.html).
    #
    #Default:
    # none

    # TAG: proxy_auth_realm
    # Specifies the realm name which is to be reported to the client for
    # proxy authentication (part of the text the user will see when
    # prompted their username and password).
    #
    #Default:
    # proxy_auth_realm Squid proxy-caching web server

    # TAG: ident_lookup_access
    # A list of ACL elements which, if matched, cause an ident
    # (RFC 931) lookup to be performed for this request. For
    # example, you might choose to always perform ident lookups
    # for your main multi-user Unix boxes, but not for your Macs
    # and PCs. By default, ident lookups are not performed for
    # any requests.
    #
    # To enable ident lookups for specific client addresses, you
    # can follow this example:
    #
    # acl ident_aware_hosts src 198.168.1.0/255.255.255.0
    # ident_lookup_access allow ident_aware_hosts
    # ident_lookup_access deny all
    #
    # This option may be disabled by using --disable-ident with
    # the configure script.
    #
    #Default:
    # ident_lookup_access deny all

    # ADMINISTRATIVE PARAMETERS
    # -----------------------------------------------------------------------------

    # TAG: cache_mgr
    # Email-address of local cache manager who will receive
    # mail if the cache dies. The default is "webmaster."
    #cache_mgr root
    #
    #Default:
    # cache_mgr root

    # TAG: cache_effective_user
    # TAG: cache_effective_group
    #
    # If the cache is run as root, it will change its effective/real
    # UID/GID to the UID/GID specified below. The default is to
    # change to UID to squid and GID to squid.
    #
    # If Squid is not started as root, the default is to keep the
    # current UID/GID. Note that if Squid is not started as root then
    # you cannot set http_port to a value lower than 1024.
    #
    #cache_effective_user squid
    #cache_effective_group squid
    #
    #Default:
    cache_effective_user squid squid
    cache_effective_group squid

    # TAG: visible_hostname
    # If you want to present a special hostname in error messages, etc,
    # then define this. Otherwise, the return value of gethostname()
    # will be used. If you have multiple caches in a cluster and
    # get errors about IP-forwarding you must set them to have individual
    # names with this setting.
    #
    #Default:
    # none

    # TAG: unique_hostname
    # If you want to have multiple machines with the same
    # 'visible_hostname' then you must give each machine a different
    # 'unique_hostname' so that forwarding loops can be detected.
    #
    #Default:
    # none

    # TAG: hostname_aliases
    # A list of other DNS names that your cache has.
    #
    #Default:
    # none


    # OPTIONS FOR THE CACHE REGISTRATION SERVICE
    # -----------------------------------------------------------------------------
    #
    # This section contains parameters for the (optional) cache
    # announcement service. This service is provided to help
    # cache administrators locate one another in order to join or
    # create cache hierarchies.
    #
    # An 'announcement' message is sent (via UDP) to the registration
    # service by Squid. By default, the announcement message is NOT
    # SENT unless you enable it with 'announce_period' below.



  5. #5
    rcar
    nenhuma sugestão pessoal? Sei que tá meio esquisito mas to precisando de ajuda...






Tópicos Similares

  1. Squid Barrando o Squid
    Por gilmarcabral no fórum Servidores de Rede
    Respostas: 3
    Último Post: 20-09-2005, 16:32
  2. Problemas para acessar ftp e email
    Por rcar no fórum Servidores de Rede
    Respostas: 9
    Último Post: 02-06-2005, 17:08
  3. Servidor de FTP, disparar email ao enviar arquivo???como faz
    Por fabianotecnico no fórum Servidores de Rede
    Respostas: 0
    Último Post: 20-05-2005, 09:54
  4. SQUID não acessa FTP
    Por Sirius® no fórum Servidores de Rede
    Respostas: 3
    Último Post: 23-02-2005, 10:52
  5. Squid barrando ftp user
    Por Leonel no fórum Servidores de Rede
    Respostas: 0
    Último Post: 06-01-2004, 19:15

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L