+ Responder ao Tópico



  1. #1
    tchetche
    Visitante

    Padrão Squid - Liberar Usuario FULL ( Squid.conf incluso )

    Segue

    # -----------------------------------------------------------------------------
    acl password proxy_auth REQUIRED

    #Recommended minimum configuration:
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl downloadsp urlpath_regex -i "/etc/squid/listas/downloadsp"
    acl downloadsb urlpath_regex -i "/etc/squid/listas/downloadsb"
    acl dominiosp dstdomain "/etc/squid/listas/dominiosp"
    acl dominiosb dstdomain "/etc/squid/listas/dominiosb"
    acl sitesp url_regex "/etc/squid/listas/sitesp"
    acl sitesb url_regex "/etc/squid/listas/sitesb"
    acl palavrasp url_regex "/etc/squid/listas/palavrasp"
    acl palavrasb url_regex "/etc/squid/listas/palavrasb"

    http_access deny downloadsb !downloadsp
    http_access deny dominiosb !dominiosp
    http_access deny sitesb !sitesp
    http_access deny palavrasb !palavrasp
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow password
    #http_access allow all
    http_reply_access allow all


    opa o squid ta funfando blz! bloqueado palavras, sites e afins! e com autenticacao por user!

    Mas como eu faço para um ou uns usuarios X nao passem pelos bloqueios?

    acl liberado url_regex "/etc/squid/listas/liberado"

    http_access allow liberado

    testei e nao funfo!
    obrigado

  2. #2

    Padrão Re: Squid - Liberar Usuario FULL ( Squid.conf incluso )

    Faz assim:

    acl password proxy_auth REQUIRED

    #Recommended minimum configuration:
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    acl viadagem proxy_auth viado1 viado2 viado3
    acl downloadsp urlpath_regex -i "/etc/squid/listas/downloadsp"
    acl downloadsb urlpath_regex -i "/etc/squid/listas/downloadsb"
    acl dominiosp dstdomain "/etc/squid/listas/dominiosp"
    acl dominiosb dstdomain "/etc/squid/listas/dominiosb"
    acl sitesp url_regex -i "/etc/squid/listas/sitesp"
    acl sitesb url_regex -i "/etc/squid/listas/sitesb"
    acl palavrasp url_regex -i "/etc/squid/listas/palavrasp"
    acl palavrasb url_regex -i "/etc/squid/listas/palavrasb"
    http_access allow viadagem
    http_access deny downloadsb !downloadsp
    http_access deny dominiosb !dominiosp
    http_access deny sitesb !sitesp
    http_access deny palavrasb !palavrasp
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow password
    #http_access allow all
    http_reply_access allow all


    Deve funcionar.

    Dà uma organizada melhor nessas ACL's também...