Mandrake 10 (squid.conf)
Meu primeiro server squid
Categoria: Segurança
Software: Mandrake 10
[ Hits: 8.022 ]
Por: Wellington Pinheiro Gomes
Depois de tanta luta, de tanto formata e instala, pra lá e pra cá, consegui colocar meu squid pra rodar sem probremas (hehehe... bem... pelo menos ainda não deu nenhum erro...). Aenho agora colocar a minha conf para vocês darem uma olhada e dizerem o que está faltando e se eu poderia melhorar em algo. Desde já um muito obrigado e espero que isto possa ajudar muitos outros.
# ----------------------------------------------------------------------------- # TAG: http_port #Coloquei desta forma pois tinha engraçadinho tentando sair sem passar pelo squid e deu certo. # http_port 3128 8080 http_port 192.168.0.1:3128 http_port 10.0.0.1:3128 http_port 192.168.0.254:3128 # TAG: https_port # # #Default: # dead_peer_timeout 10 seconds # TAG: hierarchy_stoplist hierarchy_stoplist cgi-bin ? # TAG: no_cache acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # OPTIONS WHICH AFFECT THE CACHE SIZE # ----------------------------------------------------------------------------- # TAG: cache_mem (bytes) # #Default: cache_mem 16 MB # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) # #Default: cache_swap_low 90 cache_swap_high 95 # TAG: maximum_object_size (bytes) # #Default: maximum_object_size 4096 KB # TAG: minimum_object_size (bytes) # #Default: # minimum_object_size 0 KB # TAG: maximum_object_size_in_memory (bytes) # #Default: maximum_object_size_in_memory 8 KB # LOGFILE PATHNAMES AND CACHE DIRECTORIES # ----------------------------------------------------------------------------- # TAG: cache_dir #Tentei colocar das 5 (cinco) ultimas formas porem meu squid ficou muito lento. Somente a primeira ficou legal: cache_dir ufs /var/spool/squid 2000 64 512 #cache_dir ufs /var/spool/squid/1 2900 128 512 #cache_dir ufs /var/spool/squid/2 2900 128 512 #cache_dir ufs /var/spool/squid/3 2900 128 512 #cache_dir ufs /var/spool/squid/4 2900 128 512 #cache_dir ufs /var/spool/squid/5 2900 128 512 # TAG: cache_access_log #Default: cache_access_log /var/log/squid/access.log # TAG: cache_log #Default: cache_log /var/log/squid/cache.log # TAG: cache_store_log #Default: cache_store_log /var/log/squid/store.log # TAG: auth_param #Recommended minimum configuration: #auth_param digest program <uncomment and complete this line> #auth_param digest children 5 #auth_param digest realm Squid proxy-caching web server #auth_param digest nonce_garbage_interval 5 minutes #auth_param digest nonce_max_duration 30 minutes #auth_param digest nonce_max_count 50 #auth_param ntlm program <uncomment and complete this line to activate> #auth_param ntlm children 5 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes #auth_param basic program <uncomment and complete this line> auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours # TAG: refresh_pattern #Suggested default: refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 ######################################## #Default: # connect_timeout 2 minutes ######################################## # ACCESS CONTROLS # ----------------------------------------------------------------------------- # TAG: acl #Recommended minimum configuration: #acl all src 0.0.0.0/0.0.0.0 #acl manager proto cache_object #acl localhost src 127.0.0.1/255.255.255.255 #acl to_localhost dst 127.0.0.0/8 #acl SSL_ports port 443 563 #acl Safe_ports port 80 # http #acl Safe_ports port 21 # ftp #acl Safe_ports port 443 563 # https, snews #acl Safe_ports port 70 # gopher #acl Safe_ports port 210 # wais #acl Safe_ports port 1025-65535 # unregistered ports #acl Safe_ports port 280 # http-mgmt #acl Safe_ports port 488 # gss-http #acl Safe_ports port 591 # filemaker #acl Safe_ports port 777 # multiling http #acl CONNECT method CONNECT ######################################################################### #acl fileupload req_mime_type -i ^multipart/form-data$ #acl javascript rep_mime_type -i ^application/x-javascript$ # #Recommended minimum configuration: acl all src 10.0.0.0/24 acl all src 192.168.0.0/24 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # TAG: http_access #Default: #http_access deny all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #http_access deny blockedsites !unblockedsites #http_access deny regras_wpg #http_access allow regras_liberado http_access allow all # TAG: http_reply_access #Default: # http_reply_access allow all ### AUTERADO DO DIA 03/10/2007 #http_reply_access allow all # TAG: icp_access # icp_access deny all icp_access allow all # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- # TAG: cache_effective_group # #Default: cache_effective_user squid cache_effective_group squid # TAG: visible_hostname #Default: visible_hostname ConetBrasil #ACELERADOR # ----------------------------------------------------------------------------- # TAG: httpd_accel_port #Default: httpd_accel_host virtual httpd_accel_port 80 # TAG: httpd_accel_single_host on|off #Default: httpd_accel_single_host on # TAG: httpd_accel_with_proxy on|off #Default: httpd_accel_with_proxy on # TAG: httpd_accel_uses_host_header on|off #Default: httpd_accel_uses_host_header on # TAG: error_directory #error_directory /usr/lib/squid/errors/English #Default: error_directory /usr/lib/squid/errors/Portuguese # coredump_dir none coredump_dir /var/spool/squid #coredump_dir /etc/squid/cache #### CONTROLE DE BANDA #### delay_pools 22 #REDE INTERNA acl eth0 src 192.168.0.1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_access 1 allow eth0 #REDE EXTERNA acl eth1 src 10.0.0.1 delay_class 2 2 Zdelay_parameters 2 -1/-1 -1/-1 delay_access 2 allow eth1 #ATENDIMENTO_01 acl BD_atend_01 src 192.168.0.3 delay_class 3 2 delay_parameters 3 20000/20000 20000/20000 delay_access 3 allow BD_atend_01 #ATENDIMENTO_02 acl BD_atend_02 src 192.168.0.8 delay_class 4 2 delay_parameters 4 20000/20000 20000/20000 delay_access 4 allow BD_atend_02 #ATENDIMENTO_03 acl BD_atend_03 src 192.168.0.9 delay_class 5 2 delay_parameters 5 20000/20000 20000/20000 delay_access 5 allow BD_atend_03 #ATENDIMENTO_04 acl BD_atend_04 src 192.168.0.6 delay_class 6 2 delay_parameters 6 15800/15800 15800/15800 delay_access 6 allow BD_atend_04 #ADMINISTRAÇÃO acl BD_ADM src 192.168.0.4 delay_class 7 2 delay_parameters 7 20800/20800 20800/20800 delay_access 7 allow BD_ADM #ESTOQUE acl BD_estoque src 192.168.0.7 delay_class 8 2 delay_parameters 8 20000/20000 20000/20000 delay_access 8 allow BD_estoque #SERVIDOR acl BD_server src 192.168.0.5 delay_class 9 2 delay_parameters 9 20000/20000 20000/20000 delay_access 9 allow BD_server #LAB_01 acl LAB_01 src 192.168.0.40 delay_class 10 2 delay_parameters 10 20000/20000 20000/20000 delay_access 10 allow LAB_01 #LAB_02 acl LAB_02 src 192.168.0.41 delay_class 11 2 delay_parameters 11 20000/20000 20000/20000 delay_access 11 allow LAB_02 #LAB_03 acl LAB_03 src 192.168.0.42 delay_class 12 2 delay_parameters 12 20000/20000 20000/20000 delay_access 12 allow LAB_03 #LAB_04 acl LAB_04 src 192.168.0.43 delay_class 13 2 delay_parameters 13 20000/20000 20000/20000 delay_access 13 allow LAB_04 #LAB_05 acl LAB_05 src 192.168.0.44 delay_class 14 2 delay_parameters 14 20000/20000 20000/20000 delay_access 14 allow LAB_05 #LAB_06 acl LAB_06 src 192.168.0.45 delay_class 15 2 delay_parameters 15 20000/20000 20000/20000 delay_access 15 allow LAB_06 ########### CLIENTES ############ #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_01 src 10.0.0.3 delay_class 16 2 delay_parameters 16 20000/20000 20000/20000 delay_access 16 allow CLIENTE_01 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_02 src 10.0.0.4 delay_class 17 2 delay_parameters 17 20000/20000 20000/20000 delay_access 17 allow CLIENTE_02 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_03 src 10.0.0.5 delay_class 17 2 delay_parameters 17 20000/20000 20000/20000 delay_access 17 allow CLIENTE_03 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_04 src 10.0.0.6 delay_class 18 2 delay_parameters 18 20000/20000 20000/20000 delay_access 18 allow CLIENTE_04 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_05 src 10.0.0.7 delay_class 19 2 delay_parameters 19 20000/20000 20000/20000 delay_access 19 allow CLIENTE_05 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_06 src 10.0.0.8 delay_class 20 2 delay_parameters 20 20000/20000 20000/20000 delay_access 20 allow CLIENTE_06 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_07 src 10.0.0.9 delay_class 21 2 delay_parameters 21 20000/20000 20000/20000 delay_access 21 allow CLIENTE_07 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_08 src 10.0.0.10 delay_class 22 2 delay_parameters 22 20000/20000 20000/20000 delay_access 22 allow CLIENTE_08 #Espero ter ajudado e espero tb ter ajuda de vcs ... T+
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Tem como instalar o gerenciador AMD Adrenalin no Ubuntu 24.04? (15)
Tenho dois Link's ( IP VÁLIDOS ), estou tentando fazer o failover... (0)
Pendrive não formata de jeito nenhum (4)