squid.conf

Squid (squid.conf)

felicruel

Squid facíl e rapido.

Categoria: Segurança

Software: Squid

[ Hits: 15.593 ]

Por: Felipe Franco

0 0

Denuncie Favoritos Indicar

Conectiva 9.0...
Observações: Colocar esse arquivo no diretório /etc/squid com o seguinte comando:mcopy a:\squid.conf /etc/squid/squid.conf.Logo após copiar o arquivo devemos criar dentro um diretório chamado bloqueio dentro de /etc/squid ficando /etc/squid/bloqueio.Para fazer isso segue o comando:mkdir bloqueio. No novo diretório "/etc/squid/bloqueio" serão criado dois novos arquivos: touch /etc/squid/bloqueio/palavras.txt e touch /etc/squid/bloqueio/sites.txt. Para deixar o serviço do squid automático ao iniciar o linux para digitar ntsysv e ativar o Squid.Para deixar as mensagens de erro que aparecem no Browser em Português, basta inserir essa linha no squid.conf ====>error_directory /usr/share/squid/errors/Portuguese. Disponibilizo os arquivos "sites.txt" e "palavras.txt" por e-mail!

##################SqUiD#####################

http_port 3128

cache_dir ufs /var/cache/squid/ 2500 16 256   
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_log /var/log/squid/store.log
cache_swap_log /var/log/squid/swap.log

hierarchy_stoplist cgi-bin ?

cache_mem 256 MB   
cache_swap_low 90
cache_swap_high 95
maximum_object_size 10000 KB
minimum_object_size 0 KB
maximum_object_size_in_memory 4000 KB

dns_nameservers 200.202.193.69/200.202.193.66
debug_options ALL, 2

error_directory /usr/share/squid/errors/Portuguese


####################ACls#######################
acl all src 0.0.0.0/0.0.0.0
acl lab src 10.20.0.0/255.255.0.0
never_direct allow all
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21
acl Safe_ports port 22
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 1025 - 65535

acl Bloqueio url_regex "/etc/squid/bloqueio/sites.txt"
http_access deny Bloqueio
acl Bloqueio1 url_regex "/etc/squid/bloqueio/palavras.txt"
http_access deny Bloqueio1

http_access allow all
http_access allow lab
http_access allow manager localhost
acl CONNECT method CONNECT
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
icp_access allow all

visible_hostname SeuServer.Dominio

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

Comentários

[1] Comentário enviado por felicruel em 06/04/2006 - 10:55h

Tipo que meu squid.conf mudou.....segue o novo ae!

################## SQUID LAB ####################
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 256 MB
cache_dir ufs /swap/cache/squid 3900 16 256
cache_access_log /swap/log/access.log
cache_log /swap/log/cache.log
cache_store_log /swap/log/store.log

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl nucleo src 10.20.0.0/255.255.0.0

########### Acls Declaradas ##################
acl bloqueados url_regex -i "/etc/squid/bloqueado/sites.txt"
acl extensoes url_regex -i "/etc/squid/bloqueado/extensoes.txt"
acl bloqueado url_regex -i "/etc/squid/bloqueado/palavras.txt"
acl permit url_regex -i "/etc/squid/liberado/palavras.txt"
acl libera url_regex -i "/etc/squid/liberado/tudo.txt"

############## Laboratorios ##############
#acl LibLab01 src 10.20.1.1-10.20.1.36/24
#acl LibLab02 src 10.20.2.1-10.20.2.36/24
#acl LibLab03 src 10.20.3.1-10.20.3.36/24
#acl LibLab04 src 10.20.4.1-10.20.4.36/24
#acl LibLab06 src 10.20.6.1-10.20.6.36/24
acl Liball src 10.20.12.0-10.20.12.5/24

########## http_access Declaradas ##########
http_access allow Liball libera
http_access deny bloqueados
http_access deny extensoes
http_access deny bloqueado !permit

############# Laboratorios ##############
#http_access deny LibLab01
#http_access deny LibLab02
#http_access deny LibLab03
#http_access deny LibLab04
#http_access deny LibLab06
http_access allow nucleo

############# Acls Block MSN ###############
acl msnmessenger url_regex -i gateway.dll
http_access deny msnmessenger
acl msn req_mime_type -i ^application/x-msn-messenger$
http_access deny msn

########### Acl block URL ##############
acl blockext url_regex -i \.scr$ \.mp3$ \.mpeg$ \.wma$ \.mvv$ \.mpg$ \.avi$ \.pif$ \.bat$ \.wmv
http_access deny blockext

############## Acl TIME ###############
#acl coor src 10.20.0.1/255.255.0.0
#acl manha time SMTWHFA 09:44-09:50
#http_access deny coor manha

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/cache/squid

Explicações.......
O comando citado acima mcopy é para quem copiar esse conf para o disquete com o nome de squid.conf e queira passar para o diretório /etc/squid sem montar o floppy!
mcopy a:\squid.conf /etc/squid =).

Esse conf tem alguma diferenças como o controle de acesso por Laboratórios determinados por IP e bloqueio do msn!

Neste link tem uma lista de palavras e Sites Bloqueados!!!! =)
http://200.149.220.182/squid

0 0