Mandrake 10 (squid.conf)

Meu primeiro server squid

Categoria: Segurança

Software: Mandrake 10

[ Hits: 7.999 ]

Por: Wellington Pinheiro Gomes


Depois de tanta luta, de tanto formata e instala, pra lá e pra cá, consegui colocar meu squid pra rodar sem probremas (hehehe... bem... pelo menos ainda não deu nenhum erro...). Aenho agora colocar a minha conf para vocês darem uma olhada e dizerem o que está faltando e se eu poderia melhorar em algo. Desde já um muito obrigado e espero que isto possa ajudar muitos outros.


# -----------------------------------------------------------------------------

#  TAG: http_port
#Coloquei desta forma pois tinha engraçadinho tentando sair sem passar pelo squid e deu certo.
# http_port 3128 8080
 http_port 192.168.0.1:3128
 http_port 10.0.0.1:3128
 http_port 192.168.0.254:3128

#  TAG: https_port
#
#
#Default:
# dead_peer_timeout 10 seconds

#  TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?

#  TAG: no_cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

#  TAG: cache_mem   (bytes)
#
#Default:
 cache_mem 16 MB

#  TAG: cache_swap_low   (percent, 0-100)
#  TAG: cache_swap_high   (percent, 0-100)
#
#Default:
 cache_swap_low 90
 cache_swap_high 95

#  TAG: maximum_object_size   (bytes)
#
#Default:
 maximum_object_size 4096 KB

#  TAG: minimum_object_size   (bytes)
#
#Default:
# minimum_object_size 0 KB

#  TAG: maximum_object_size_in_memory   (bytes)
#
#Default:
 maximum_object_size_in_memory 8 KB

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

#  TAG: cache_dir
#Tentei colocar das 5 (cinco) ultimas formas porem meu squid ficou muito lento. Somente a primeira ficou legal:
 cache_dir ufs /var/spool/squid 2000 64  512
#cache_dir ufs /var/spool/squid/1 2900 128 512
#cache_dir ufs /var/spool/squid/2 2900 128 512
#cache_dir ufs /var/spool/squid/3 2900 128 512
#cache_dir ufs /var/spool/squid/4 2900 128 512
#cache_dir ufs /var/spool/squid/5 2900 128 512


#  TAG: cache_access_log
#Default:
 cache_access_log /var/log/squid/access.log

#  TAG: cache_log
#Default:
 cache_log /var/log/squid/cache.log

#  TAG: cache_store_log
#Default:
 cache_store_log /var/log/squid/store.log

#  TAG: auth_param
#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

#  TAG: refresh_pattern
#Suggested default:
refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320
########################################
#Default:
# connect_timeout 2 minutes
########################################
# ACCESS CONTROLS
# -----------------------------------------------------------------------------

#  TAG: acl
#Recommended minimum configuration:
#acl all src 0.0.0.0/0.0.0.0
#acl manager proto cache_object
#acl localhost src 127.0.0.1/255.255.255.255
#acl to_localhost dst 127.0.0.0/8
#acl SSL_ports port 443 563
#acl Safe_ports port 80      # http
#acl Safe_ports port 21      # ftp
#acl Safe_ports port 443 563   # https, snews
#acl Safe_ports port 70      # gopher
#acl Safe_ports port 210      # wais
#acl Safe_ports port 1025-65535   # unregistered ports
#acl Safe_ports port 280      # http-mgmt
#acl Safe_ports port 488      # gss-http
#acl Safe_ports port 591      # filemaker
#acl Safe_ports port 777      # multiling http
#acl CONNECT method CONNECT
#########################################################################
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 10.0.0.0/24
acl all src 192.168.0.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT



#  TAG: http_access
#Default:
#http_access deny all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny blockedsites !unblockedsites
#http_access deny regras_wpg
#http_access allow regras_liberado 
http_access allow all

#  TAG: http_reply_access
#Default:
# http_reply_access allow all

### AUTERADO DO DIA 03/10/2007
#http_reply_access allow all

#  TAG: icp_access
# icp_access deny all
icp_access allow all

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

#  TAG: cache_effective_group
#
#Default:
 cache_effective_user squid
 cache_effective_group squid

#  TAG: visible_hostname
#Default:
visible_hostname ConetBrasil

#ACELERADOR
# -----------------------------------------------------------------------------

# TAG: httpd_accel_port
#Default:
 httpd_accel_host virtual
 httpd_accel_port 80

#  TAG: httpd_accel_single_host   on|off
#Default:
 httpd_accel_single_host on

#  TAG: httpd_accel_with_proxy   on|off
#Default:
 httpd_accel_with_proxy on

#  TAG: httpd_accel_uses_host_header   on|off
#Default:
 httpd_accel_uses_host_header on

#  TAG: error_directory
#error_directory /usr/lib/squid/errors/English
#Default:
 error_directory /usr/lib/squid/errors/Portuguese

# coredump_dir none
coredump_dir /var/spool/squid
#coredump_dir /etc/squid/cache


#### CONTROLE DE BANDA #### 
delay_pools 22

#REDE INTERNA
acl eth0 src 192.168.0.1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow eth0

#REDE EXTERNA
acl eth1 src 10.0.0.1
delay_class 2 2
Zdelay_parameters 2 -1/-1 -1/-1
delay_access 2 allow eth1

#ATENDIMENTO_01
acl BD_atend_01 src 192.168.0.3
delay_class 3 2
delay_parameters 3 20000/20000 20000/20000
delay_access 3 allow BD_atend_01

#ATENDIMENTO_02
acl BD_atend_02 src 192.168.0.8
delay_class 4 2
delay_parameters 4 20000/20000 20000/20000
delay_access 4 allow BD_atend_02

#ATENDIMENTO_03
acl BD_atend_03 src 192.168.0.9
delay_class 5 2
delay_parameters 5 20000/20000 20000/20000
delay_access 5 allow BD_atend_03

#ATENDIMENTO_04
acl BD_atend_04 src 192.168.0.6
delay_class 6 2
delay_parameters 6 15800/15800 15800/15800
delay_access 6 allow BD_atend_04

#ADMINISTRAÇÃO
acl BD_ADM src 192.168.0.4
delay_class 7 2
delay_parameters 7 20800/20800 20800/20800
delay_access 7 allow BD_ADM

#ESTOQUE
acl BD_estoque src 192.168.0.7
delay_class 8 2
delay_parameters 8 20000/20000 20000/20000
delay_access 8 allow BD_estoque

#SERVIDOR
acl BD_server src 192.168.0.5
delay_class 9 2
delay_parameters 9 20000/20000 20000/20000
delay_access 9 allow BD_server

#LAB_01
acl LAB_01 src 192.168.0.40
delay_class 10 2
delay_parameters 10 20000/20000 20000/20000
delay_access 10 allow LAB_01

#LAB_02
acl LAB_02 src 192.168.0.41
delay_class 11 2
delay_parameters 11 20000/20000 20000/20000
delay_access 11 allow LAB_02

#LAB_03
acl LAB_03 src 192.168.0.42
delay_class 12 2
delay_parameters 12 20000/20000 20000/20000
delay_access 12 allow LAB_03

#LAB_04
acl LAB_04 src 192.168.0.43
delay_class 13 2
delay_parameters 13 20000/20000 20000/20000
delay_access 13 allow LAB_04

#LAB_05
acl LAB_05 src 192.168.0.44
delay_class 14 2
delay_parameters 14 20000/20000 20000/20000
delay_access 14 allow LAB_05

#LAB_06
acl LAB_06 src 192.168.0.45
delay_class 15 2
delay_parameters 15 20000/20000 20000/20000
delay_access 15 allow LAB_06

########### CLIENTES ############

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_01 src 10.0.0.3
delay_class 16 2
delay_parameters 16 20000/20000 20000/20000
delay_access 16 allow CLIENTE_01

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_02 src 10.0.0.4
delay_class 17 2
delay_parameters 17 20000/20000 20000/20000
delay_access 17 allow CLIENTE_02

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_03 src 10.0.0.5
delay_class 17 2
delay_parameters 17 20000/20000 20000/20000
delay_access 17 allow CLIENTE_03

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_04 src 10.0.0.6
delay_class 18 2
delay_parameters 18 20000/20000 20000/20000
delay_access 18 allow CLIENTE_04

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_05 src 10.0.0.7
delay_class 19 2
delay_parameters 19 20000/20000 20000/20000
delay_access 19 allow CLIENTE_05

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_06 src 10.0.0.8
delay_class 20 2
delay_parameters 20 20000/20000 20000/20000
delay_access 20 allow CLIENTE_06

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_07 src 10.0.0.9
delay_class 21 2
delay_parameters 21 20000/20000 20000/20000
delay_access 21 allow CLIENTE_07

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_08 src 10.0.0.10
delay_class 22 2
delay_parameters 22 20000/20000 20000/20000
delay_access 22 allow CLIENTE_08


#Espero ter ajudado e espero tb ter ajuda de vcs ... T+
  


Comentários
[1] Comentário enviado por matheus.silva em 05/02/2008 - 13:06h

A questão de sair sem passar pelo squid era só vc ter fechado a saida pela porta 80 no firewall... dai você força o uso do proxy..
tive que fazer isso no meu serviço hehehe

[2] Comentário enviado por wellingtonpg em 18/02/2008 - 22:28h

Pois é eu acabei fazendo isto tb ficou bem bacana.
Eu já resumi o meu squid bastante e alem de fazer cache e controle de banda eu coloquei ele até pra fazer cobranças ou cortar quando os clientes não pagarem na data "X" e em breve estarei postando ele tambêm.


Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts