Página 5 de 10 PrimeiroPrimeiro 123456789 ... ÚltimoÚltimo
+ Responder ao Tópico



  1. Lá vai o squid.conf:

    ------------- Início do squid.conf ----------------------

    # NETWORK OPTIONS
    # -----------------------------------------------------------------------------
    # http_port 3128
    # ssl_unclean_shutdown off
    # icp_port 3130
    # htcp_port 4827
    # udp_incoming_address 0.0.0.0
    # udp_outgoing_address 255.255.255.255
    visible_hostname smart

    # OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
    # -----------------------------------------------------------------------------
    # icp_query_timeout 0
    # maximum_icp_query_timeout 2000
    # mcast_icp_query_timeout 2000
    # dead_peer_timeout 10 seconds
    hierarchy_stoplist cgi-bin \?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY


    # OPTIONS WHICH AFFECT THE CACHE SIZE
    # -----------------------------------------------------------------------------
    # cache_mem 8 MB
    # cache_swap_low 90
    # cache_swap_high 95
    # maximum_object_size 4096 KB
    # minimum_object_size 0 KB
    # maximum_object_size_in_memory 8 KB
    # ipcache_size 1024
    # ipcache_low 90
    # ipcache_high 95
    # fqdncache_size 1024
    # cache_replacement_policy lru
    # memory_replacement_policy lru


    # LOGFILE PATHNAMES AND CACHE DIRECTORIES
    # -----------------------------------------------------------------------------
    cache_dir ufs /var/squid/cache 100 16 256
    cache_access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log /var/squid/logs/store.log
    # emulate_httpd_log off
    # log_ip_on_direct on
    # mime_table /usr/local/squid/etc/mime.conf
    # log_mime_hdrs off
    pid_filename /var/squid/logs/squid.pid
    # debug_options ALL,1
    # log_fqdn off
    # client_netmask 255.255.255.255


    # OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
    # -----------------------------------------------------------------------------
    # ftp_user Squid@
    # ftp_list_width 32
    # ftp_passive on
    # ftp_sanitycheck on
    # cache_dns_program /usr/local/squid/libexec/dnsserver
    # dns_children 5
    # dns_retransmit_interval 5 seconds
    # dns_timeout 5 minutes
    # dns_defnames off
    # hosts_file /etc/hosts
    # diskd_program /usr/local/squid/libexec/diskd
    # unlinkd_program /usr/local/squid/libexec/unlinkd
    # pinger_program /usr/local/squid/libexec/pinger
    # redirect_children 5
    # redirect_rewrites_host_header on
    #auth_param digest program <uncomment and complete this line>
    #auth_param digest children 5
    #auth_param digest realm Squid proxy-caching web server
    #auth_param digest nonce_garbage_interval 5 minutes
    #auth_param digest nonce_max_duration 30 minutes
    #auth_param digest nonce_max_count 50
    #auth_param ntlm program <uncomment and complete this line to activate>
    #auth_param ntlm children 5
    #auth_param ntlm max_challenge_reuses 0
    #auth_param ntlm max_challenge_lifetime 2 minutes
    #auth_param basic program <uncomment and complete this line>
    auth_param basic children 5
    auth_param basic realm Squid proxy-caching web server
    auth_param basic credentialsttl 2 hours
    # authenticate_cache_garbage_interval 1 hour
    # authenticate_ttl 1 hour
    # authenticate_ip_ttl 0 seconds


    # OPTIONS FOR TUNING THE CACHE
    # -----------------------------------------------------------------------------
    # wais_relay_port 0
    # request_header_max_size 10 KB
    # request_body_max_size 0 KB
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    # quick_abort_min 16 KB
    # quick_abort_max 16 KB
    # quick_abort_pct 95
    # negative_ttl 5 minutes
    # positive_dns_ttl 6 hours
    # negative_dns_ttl 5 minutes
    # range_offset_limit 0 KB


    # TIMEOUTS
    # -----------------------------------------------------------------------------
    # connect_timeout 2 minutes
    # peer_connect_timeout 30 seconds
    # read_timeout 15 minutes
    # request_timeout 5 minutes
    # persistent_request_timeout 1 minute
    # client_lifetime 1 day
    # half_closed_clients on
    # pconn_timeout 120 seconds
    # ident_timeout 10 seconds
    # shutdown_lifetime 30 seconds


    # ACCESS CONTROLS
    # -----------------------------------------------------------------------------
    #Examples:
    #acl myexample dst_as 1241
    #acl password proxy_auth REQUIRED
    #acl fileupload req_mime_type -i ^multipart/form-data$
    #acl javascript rep_mime_type -i ^application/x-javascript$
    #
    #Recommended minimum configuration:
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 500 # smart
    acl Safe_ports port 2700 # porta de login 2700
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    #http_access deny to_localhost
    acl hotmail_domains dstdomain .hotmail.msn.com .hotmail.com .passport.net
    header_access Accept-Encoding deny hotmail_domains
    acl msnmessenger url_regex -i gateway.dll
    acl MSN req_mime_type -i ^application/x-msn-messenger$


    #
    # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
    #
    #acl our_networks src 192.168.1.0/24 192.168.2.0/24
    #http_access allow our_networks
    # http_reply_access allow all
    http_reply_access allow all
    # icp_access deny all
    icp_access allow all
    # miss_access allow all
    # ident_lookup_access deny all
    # reply_body_max_size 0 allow all


    # ADMINISTRATIVE PARAMETERS
    # -----------------------------------------------------------------------------
    # cache_mgr webmaster
    # cache_effective_user nobody


    # OPTIONS FOR THE CACHE REGISTRATION SERVICE
    # -----------------------------------------------------------------------------
    # announce_period 1 day
    # announce_host tracker.ircache.net
    # announce_port 3131


    # HTTPD-ACCELERATOR OPTIONS
    # -----------------------------------------------------------------------------
    # httpd_accel_port 80
    # httpd_accel_single_host off
    # httpd_accel_with_proxy off
    # httpd_accel_uses_host_header off
    httpd_accel_host virtual
    httpd_accel_port 80
    httpd_accel_with_proxy on
    httpd_accel_uses_host_header on


    # MISCELLANEOUS
    # -----------------------------------------------------------------------------
    # dns_testnames netscape.com internic.net nlanr.net microsoft.com
    # logfile_rotate 10
    # append_domain .yourdomain.com
    # tcp_recv_bufsize 0 bytes
    # memory_pools on
    # forwarded_for on
    # log_icp_queries on
    # icp_hit_stale off
    # minimum_direct_hops 4
    # minimum_direct_rtt 400
    # store_avg_object_size 13 KB
    # store_objects_per_bucket 20
    # client_db on
    # netdb_low 900
    # netdb_high 1000
    # netdb_ping_period 5 minutes
    # query_icmp off
    # test_reachability off
    # buffered_logs off
    # reload_into_ims off
    # icon_directory /usr/local/squid/share/icons
    # error_directory /usr/local/squid/share/errors/English
    # minimum_retry_timeout 5 seconds
    # maximum_single_addr_tries 3
    # snmp_port 3401
    #
    #Example:
    # snmp_access allow snmppublic localhost
    # snmp_access deny all
    #
    #Default:
    # snmp_access deny all
    # snmp_incoming_address 0.0.0.0
    # snmp_outgoing_address 255.255.255.255
    # as_whois_server whois.ra.net
    # as_whois_server whois.ra.net
    # wccp_router 0.0.0.0
    # wccp_version 4
    # wccp_incoming_address 0.0.0.0
    # wccp_outgoing_address 255.255.255.255


    # DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
    # -----------------------------------------------------------------------------
    # delay_pools 0
    #
    #Example:
    # delay_access 1 allow some_big_clients
    # delay_access 1 deny all
    # delay_access 2 allow lotsa_little_clients
    # delay_access 2 deny all
    #
    #Default:
    # none

    #delay_parameters 1 -1/-1 8000/8000
    #delay_parameters 2 32000/32000 8000/8000 600/8000
    # delay_initial_bucket_level 50
    # incoming_icp_average 6
    # incoming_http_average 4
    # incoming_dns_average 4
    # min_icp_poll_cnt 8
    # min_dns_poll_cnt 8
    # min_http_poll_cnt 8
    # max_open_disk_fds 0
    # offline_mode off
    # uri_whitespace strip
    # acl buggy_server url_regex ^http://....
    # broken_posts allow buggy_server
    # mcast_miss_addr 255.255.255.255
    # mcast_miss_ttl 16
    # mcast_miss_encode_key XXXXXXXXXXXXXXXX
    # nonhierarchical_direct on
    # prefer_direct off
    # strip_query_terms on
    # coredump_dir none
    coredump_dir /usr/local/squid/var/cache
    # redirector_bypass off
    # ignore_unknown_nameservers on
    # digest_generation on
    # digest_bits_per_entry 5
    # digest_rebuild_period 1 hour
    # digest_rewrite_period 1 hour
    # digest_swapout_chunk_size 4096 bytes
    # digest_rebuild_chunk_percentage 10
    # client_persistent_connections on
    # server_persistent_connections on
    # pipeline_prefetch off
    # request_entities off
    # high_response_time_warning 0
    # high_page_fault_warning 0
    # high_memory_warning 0
    # store_dir_select_algorithm least-load
    # ie_refresh off
    # vary_ignore_expire off
    # sleep_after_fork 0


    acl login2700 url_regex -i url.de.login
    http_access allow login2700

    # CONFIGURACOES DE AUTENTICACAO DO USUARIO (DINAMICA)
    # -----------------------------------------------------------------------------

    acl liberados src "/usr/local/squid/etc/ips.liberados"
    http_access allow liberados



    http_access deny msnmessenger
    http_access deny MSN
    http_access deny all


    ------------- Fim do squid.conf ----------------------

  2. Opa ja veio.. e é só colocar o squid conf e editaro proxy para mandar as requisições da porta 80 para 3128?/



  3. eh pela tua conf vc ta usando proxy transparente sim, mas cade a autenticacao?

    #acl password proxy_auth REQUIRED
    #auth_param basic program <uncomment and complete this line>

  4. Calma galera ainda to fazendo os posts!!!

    Completando o post anterior com a regra do iptables pro proxy transparente e com a paradinha do Conectividade Social, do jeitinho que está no meu sistema:

    iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -s 0/0 -d ! 200.201.0.0/16 -j REDIRECT --to 3128



  5. deve ser isso --> acl login2700 url_regex -i url.de.login
    http_access allow login2700






Tópicos Similares

  1. Duvida Squid!
    Por magnusrk8 no fórum Servidores de Rede
    Respostas: 5
    Último Post: 09-09-2005, 09:41
  2. Duvida Squid/Bloquear Blogger
    Por Jeff no fórum Servidores de Rede
    Respostas: 4
    Último Post: 26-08-2005, 19:59
  3. duvida squid
    Por brunico no fórum Servidores de Rede
    Respostas: 2
    Último Post: 29-03-2004, 15:25
  4. duvidas squid/2 link em 1 servidor/Controle de banda
    Por virtual no fórum Servidores de Rede
    Respostas: 2
    Último Post: 06-02-2004, 00:07
  5. Duvida SQUID
    Por Vaza no fórum Servidores de Rede
    Respostas: 3
    Último Post: 15-01-2004, 12:18

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L