Squid 3.* (squid.conf)
Squid para empresas, firewall ou simplesmente proxy
Categoria: Segurança
Software: Squid 3.*
[ Hits: 8.626 ]
Por: jacktequila
Essa configuração do Squid pode ser melhorada ou até mesmo adaptada para suas necessidades. Contudo, está pré-configurado com uma gama de opções eficientes para o seu dia a dia.
http_port 192.168.1.254:3128 transparent hierarchy_stoplist cgi-bin ? icp_port 0 acl apache rep_header Server ^Apache broken_vary_encoding allow apache cache_mem 128 MB maximum_object_size_in_memory 64 KB cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF cache_swap_low 95 cache_swap_high 98 coredump_dir none memory_pools off dns_nameservers 127.0.0.1 refresh_pattern ^ftp: 144000 20% 1008000 refresh_pattern -i \.(gif|png|jpg|jpeg|ico|bmp)$ 260000 90% 260009 ignore-no-cache ignore-private ignore-reload override-lastmod override-expire reload-into-ims refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv|mpg|wma|ogg|wmv|asx|asf)$ 260000 90% 260009 override-expire refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff|pdf|uxx)$ 260000 90% 260009 override-expire refresh_pattern -i \.index.(html|htm|shtml|shtm)$ 1440 90% 40320 refresh_pattern -i \.(html|htm|css|js)$ 1440 90% 40320 refresh_pattern (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4 quick_abort_min 0 KB quick_abort_max 0 KB quick_abort_pct 100% log_icp_queries off client_db off buffered_logs on half_closed_clients off detect_broken_pconn on pipeline_prefetch on maximum_object_size 64 MB minimum_object_size 0 KB ipcache_size 2048 fqdncache_size 1024 log_fqdn off ipcache_low 95 ipcache_high 98 request_body_max_size 0 MB negative_ttl 2 minutes client_persistent_connections on server_persistent_connections on pipeline_prefetch on vary_ignore_expire on reload_into_ims on store_dir_select_algorithm round-robin nonhierarchical_direct off prefer_direct on ftp_passive on ftp_sanitycheck on ie_refresh on cache_dir diskd /cache0 10000 64 256 Q1=64 Q2=72 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log cache_store_log none # ACLS acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl minharede src 192.168.1.0/255.255.255.0 acl SSL_ports port 443 563 acl SSL_ports port 873 acl Safe_ports port 8080 # http-apache acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 2100 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8081 # radio acl Safe_ports port 631 # cups acl Safe_ports port 873 # rsync acl Safe_ports port 901 # SWAT acl purge method PURGE acl CONNECT method CONNECT ###ACL BANNER### acl banner url_regex -i "/etc/squid/bloqueio/logo.txt" http_access allow banner ###ACL TEMPO##### acl horario time MTWHF 18:00-23:59 acl terra src "/etc/squid/bloqueio/ip_negado" http_access deny terra horario deny_info http://192.168.1.254/imagens/hora.gif horario acl horario1 time MTWHF 00:00-05:59 acl terra1 src "/etc/squid/bloqueio/ip_negado" http_access deny terra1 horario1 deny_info http://192.168.1.254/imagens/hora.gif horario1 #Bloquear Fim de Semana (fds) acl fds time AS acl fds1 src "/etc/squid/bloqueio/ip_negado" http_access deny fds fds1 deny_info http://192.168.1.254/imagens/hora.gif fds ###SITENOCACHE### acl sitesnocache url_regex -i "/etc/squid/bloqueio/sitesnocache.txt" no_cache deny sitesnocache acl Conecta_Direto dstdomain -i "/etc/squid/bloqueio/sitesnocache.txt" always_direct allow Conecta_Direto ###IP FORA DO SQUID E SQUIDGUARD## acl ip src "/etc/squid/bloqueio/ip_liberado.txt" redirector_access deny ip acl ips src "/etc/squid/bloqueio/ip_liberado.txt" http_access allow ips !horario !horario1 !fds ###SITES FORA DO SQUID E SQUIDGUARD### acl liberado url_regex -i "/etc/squid/bloqueio/liberado.txt" http_access allow liberado ###SITES FORA DO SQUID E SQUIDGUARD## acl liberado url_regex -i "/etc/squid/bloqueio/liberado.txt" redirector_access deny liberado ###COLOCAR SOMENTE OS DOMAIN QUE NÂO FOR CACHEAR## acl url url_regex -i "/etc/squid/bloqueio/url.txt" redirector_access deny url ##EXECUTAVEIS## acl nofiles url_regex -i "/etc/squid/bloqueio/ext.txt" http_access deny nofiles !ips ###RADIO### acl streaming rep_mime_type -i "/etc/squid/bloqueio/mime" http_reply_access deny streaming !ips !liberado ###EXEC#### #http://www.ietf.org/rfc/rfc2183.txt acl blocked_contdisp rep_header Content-Disposition -i \.(exe|msi|scr|cab|chm|cpl|hlp|hta|ins|isp|jse|lnk|ocx|reg|sct|vbe|wsc|wsf|pif|sys|shs|rar|tar|7z|torrent)\??"$ http_reply_access deny blocked_contdisp !ips !liberado ##rede de controle## #acl redelocal src 192.168.1.0/24 http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny CONNECT !SSL_ports http_access deny !Safe_ports http_access allow localhost icp_access allow all zph_mode tos zph_local 0x10 zph_sibling 0x10 zph_parent 0x10 zph_option 1 forwarded_for off visible_hostname on strip_query_terms off cache_effective_user squid cache_effective_group squid cache_mgr admin@dominio.com visible_hostname Linux http_reply_access allow all http_access allow minharede http_access deny all http_reply_access allow all icp_access allow all
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Compartilhamento de Rede com samba em modo Público/Anônimo de forma simples, rápido e fácil
Cups: Mapear/listar todas as impressoras de outro Servidor CUPS de forma rápida e fácil
Criando uma VPC na AWS via CLI
Tem como instalar o gerenciador AMD Adrenalin no Ubuntu 24.04? (15)
Tenho dois Link's ( IP VÁLIDOS ), estou tentando fazer o failover... (0)
Pendrive não formata de jeito nenhum (4)