+ Responder ao Tópico



  1. #1

    Angry Problema no proxy transparente squid....

    Estou com um problema no meu proxy transparete (squid), alguns sites não estão abrindo, só abrem se eu colocar o endereço e a porta do proxy no navegador, ai ele funciona 100nte%.. sem a configuração ele acessa 70% dos sites.....

    Antes que me pergutem..... Já instalei uma versão mais recente do squid, já mudei varias vezes o dns e até agora nada....





    Abraços,



    Diego Araújo

  2. #2

    Padrão squid.conf

    Cara,

    posta seu squid.conf primeiro ai...

  3. #3

    Padrão

    Lembrando que esse conf abaixo, vinha funcionando há dois anos aqui na empresa.

    http_port 10.10.10.10:3128 transparent
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    no_cache deny QUERY
    cache_mem 356 MB
    cache_swap_low 80
    cache_swap_high 90
    maximum_object_size 8192 KB
    maximum_object_size_in_memory 512 KB
    ipcache_size 1024
    ipcache_low 90
    ipcache_high 95
    fqdncache_size 1024
    cache_replacement_policy lru
    memory_replacement_policy lru
    cache_dir diskd /usr/local/squid/cache 3000 16 256 Q1=64 Q2=72
    cache_access_log /usr/local/squid/var/logs/access.log
    cache_store_log none
    dns_nameservers 200.175.182.139 200.175.5.139
    auth_param basic children 5
    auth_param basic realm Login Avil Boa Viagem
    auth_param basic program /usr/local/squid/libexec/ncsa_auth /usr/local/squid/politicas/passwd
    auth_param basic credentialsttl 2 hours
    auth_param basic casesensitive off
    emulate_httpd_log on
    mime_table /usr/local/squid/etc/mime.conf
    pid_filename /usr/local/squid/var/logs/squid.pid
    ftp_passive on
    unlinkd_program /usr/local/squid/libexec/unlinkd
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl pass proxy_auth REQUIRED
    acl malware url_regex -i "/usr/local/squid/politicas/malware"
    acl dominios dstdomain "/usr/local/squid/politicas/dominios"
    acl atualiza dstdomain "/usr/local/squid/politicas/sitesatualiza"
    acl dominios_almoco dstdomain "/usr/local/squid/politicas/dominios_almoco"
    acl usuario proxy_auth "/usr/local/squid/politicas/allow_user"
    acl down_allow url_regex "/usr/local/squid/politicas/ext_allow"
    acl diretoria arp "/usr/local/squid/politicas/diretoria"
    acl ext_deny url_regex "/usr/local/squid/politicas/ext_deny"
    #acl BLOCKTALK url_regex -i mail.google.com/mail/channel/bind
    acl BLOCKTALK url_regex -i "/usr/local/squid/politicas/block_gtalk"
    acl expediente time MTWHFA 07:00-21:30
    acl almoco time MTWHFA 12:00-14:00
    #acl msnregex url_regex loginnet.passport.com login.live.com config.messenger.msn.com omega.contacts.msn.com
    #acl msndll url_regex -i gateway.dll sqmserver.dll
    #acl msnapp req_mime_type -i ^application/x-msn-messenger$
     
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl to_localhost dst 127.0.0.0/8
    acl SSL_ports port 443 563
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 563 # https, snews
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    #http_access deny msnregex
    #http_access deny msndll
    #http_access deny msnapp
    http_access deny malware
    http_access deny BLOCKTALK all
    http_access allow atualiza
    http_access allow diretoria
    http_access allow down_allow
    http_access allow dominios expediente !ext_deny
    http_access allow dominios_almoco almoco !ext_deny
    http_access allow usuario
    http_access allow pass
    http_access allow manager localhost
    http_access deny manager
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access deny all
    http_reply_access allow all
    visible_hostname PROXY
    unique_hostname PROXY
    append_domain .avlbv.homeip.net
    acl local-servers dstdomain avlbv.homeip.net
    always_direct allow local-servers
    icp_access allow all
    coredump_dir /usr/local/squid/cache
    header_access via deny all
    header_access X-Forwarded-For deny all