Ajuda - Configurar Squid

ldaniloo
(usa Ubuntu)

Enviado em 27/04/2011 - 19:35h

Estou tendo um problema em configura meu squid

fiz de acordo o tutorial so quem quando coloquei logo ele funcionou perfeito bloqueando a principio acesso a determinados sites, so que agora de uma hora para outra paro de funciona

peço ajuda tambem pois alem de bloqueios de sites, gostaria tambem de bloqueia dowloand de extensões e acesso a msn como um farewall transparente, junto com o normal.

desde ja grato

segue o squid como configurei

squid.conf




# WELCOME TO SQUID 2.6.STABLE2
# ----------------------------

# NETWORK OPTIONS
# -----------------------------------------------------------------------------

# TAG: http_port

http_port 3128

# TAG: https_port

# TAG: ssl_unclean_shutdown

# TAG: ssl_engine

# TAG: sslproxy_client_certificate

# TAG: sslproxy_client_key

# TAG: sslproxy_version

# TAG: sslproxy_options


# TAG: sslproxy_cipher

# TAG: sslproxy_cafile

# TAG: sslproxy_capath

# TAG: sslproxy_flags

# TAG: sslpassword_program

# TAG: icp_port

# TAG: htcp_port

# TAG: mcast_groups

# TAG: udp_incoming_address

# TAG: udp_outgoing_address

# OPTIONS WHICH AFFECT THE NEIGHBOR SELECTION ALGORITHM
# -----------------------------------------------------------------------------

# TAG: cache_peer

# TAG: cache_peer_domain

# TAG: neighbor_type_domain

# TAG: icp_query_timeout (msec)

# TAG: maximum_icp_query_timeout (msec)

# TAG: mcast_icp_query_timeout (msec)

# TAG: dead_peer_timeout (seconds)

# TAG: hierarchy_stoplist

# TAG: cache

acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

# TAG: cache_vary

# TAG: broken_vary_encoding

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache


# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------



# TAG: cache_swap_low (percent, 0-100)

# TAG: cache_swap_high (percent, 0-100)

# TAG: maximum_object_size (bytes)

# TAG: minimum_object_size (bytes)

# TAG: maximum_object_size_in_memory (bytes)

# TAG: ipcache_size (number of entries)

# TAG: ipcache_low (percent)

# TAG: ipcache_high (percent)

# TAG: fqdncache_size (number of entries)

# TAG: cache_replacement_policy

# TAG: memory_replacement_policy

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

# TAG: cache_dir

# TAG: logformat

# TAG: access_log

access_log /var/log/squid/access.log squid

# TAG: cache_log

# TAG: cache_store_log

# TAG: cache_swap_log

# TAG: emulate_httpd_log on|off

# TAG: log_ip_on_direct on|off

# TAG: mime_table

# TAG: log_mime_hdrs on|off

# TAG: useragent_log

# TAG: referer_log

# TAG: pid_filename

# TAG: debug_options

# TAG: log_fqdn on|off

# TAG: client_netmask

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
# -----------------------------------------------------------------------------

# TAG: ftp_user

# TAG: ftp_list_width

# TAG: ftp_passive

# TAG: ftp_sanitycheck

# TAG: ftp_telnet_protocol

# TAG: check_hostnames


# TAG: allow_underscore

# TAG: cache_dns_program

# TAG: dns_children

# TAG: dns_retransmit_interval

# TAG: dns_timeout

# TAG: dns_defnames on|off

# TAG: dns_nameservers

# TAG: hosts_file

hosts_file /etc/hosts

# TAG: diskd_program

# TAG: unlinkd_program

# TAG: pinger_program

# TAG: url_rewrite_program

# TAG: url_rewrite_children

# TAG: url_rewrite_concurrency

# url_rewrite_concurrency 0

# TAG: url_rewrite_host_header


# TAG: url_rewrite_access


# TAG: location_rewrite_program

# TAG: location_rewrite_children

# TAG: location_rewrite_concurrency

# TAG: location_rewrite_access

# TAG: auth_param

auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive off


# TAG: authenticate_cache_garbage_interval

# TAG: authenticate_ttl

# TAG: authenticate_ip_ttl

# TAG: external_acl_type

# OPTIONS FOR TUNING THE CACHE
# -----------------------------------------------------------------------------

# TAG: wais_relay_host

# TAG: wais_relay_port

# TAG: request_header_max_size (KB)

# TAG: request_body_max_size (KB)

# TAG: refresh_pattern

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

# TAG: quick_abort_min (KB)

# TAG: quick_abort_max (KB)

# TAG: quick_abort_pct (percent)

# TAG: read_ahead_gap buffer-size

# TAG: negative_ttl time-units

# TAG: positive_dns_ttl time-units

# TAG: negative_dns_ttl time-units

# TAG: range_offset_limit (bytes)

# TAG: collapsed_forwarding (on|off)

# TAG: refresh_stale_hit (time)


# TIMEOUTS
# -----------------------------------------------------------------------------

# TAG: forward_timeout time-units

# TAG: connect_timeout time-units

# TAG: peer_connect_timeout time-units

# TAG: read_timeout time-units

# TAG: request_timeout

# TAG: persistent_request_timeout

# TAG: client_lifetime time-units

# TAG: half_closed_clients

# TAG: pconn_timeout

# TAG: ident_timeout

# TAG: shutdown_lifetime time-units

# ACCESS CONTROLS
# -----------------------------------------------------------------------------

# TAG: acl

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT

acl usuarios_lista_negra proxy_auth "/etc/squid/usuarios_lista_negra"
acl usuarios_lista_branca proxy_auth "/etc/squid/usuarios_lista_branca"
acl sites_lista_negra dstdomain "/etc/squid/sites_lista_negra"
acl sites_lista_branca dst "/etc/squid/sites_lista_branca"

# TAG: follow_x_forwarded_for

# TAG: acl_uses_indirect_client on|off

# TAG: delay_pool_uses_indirect_client on|off

# TAG: log_uses_indirect_client on|off

# TAG: http_access

http_access allow usuarios_lista_negra !sites_lista_negra
http_access allow usuarios_lista_branca sites_lista_branca
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all

# TAG: http_access2

# TAG: http_reply_access

http_reply_access allow all

# TAG: icp_access

icp_access allow all

# TAG: htcp_access

# TAG: htcp_clr_access

# TAG: miss_access

# TAG: cache_peer_access

# TAG: ident_lookup_access

# TAG: tcp_outgoing_tos

# TAG: tcp_outgoing_address

# TAG: reply_header_max_size (KB)

# TAG: reply_body_max_size bytes allow|deny acl acl...

# TAG: log_access allow|deny acl acl...

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

# TAG: cache_mgr

# TAG: mail_from

# TAG: mail_program

# TAG: cache_effective_user

# TAG: cache_effective_group

# TAG: httpd_suppress_version_string on|off

# TAG: visible_hostname

# TAG: unique_hostname

# TAG: hostname_aliases

# TAG: umask


# OPTIONS FOR THE CACHE REGISTRATION SERVICE
# -----------------------------------------------------------------------------

# TAG: announce_period

# TAG: announce_host

# TAG: announce_file

# TAG: announce_port

# HTTPD-ACCELERATOR OPTIONS
# -----------------------------------------------------------------------------

# TAG: httpd_accel_no_pmtu_disc on|off

# MISCELLANEOUS
# -----------------------------------------------------------------------------

# TAG: dns_testnames

# TAG: logfile_rotate

# TAG: append_domain

# TAG: tcp_recv_bufsize (bytes)

# TAG: error_map

# TAG: err_html_text

# TAG: deny_info

# TAG: memory_pools on|off

# TAG: memory_pools_limit (bytes)

# TAG: via on|off

# TAG: forwarded_for on|off

# TAG: log_icp_queries on|off

# TAG: icp_hit_stale on|off

# TAG: minimum_direct_hops

# TAG: minimum_direct_rtt

# TAG: cachemgr_passwd

# TAG: store_avg_object_size (kbytes)

# TAG: store_objects_per_bucket

# TAG: client_db on|off

# TAG: netdb_low

# TAG: netdb_high

# TAG: netdb_ping_period

# TAG: query_icmp on|off

# TAG: test_reachability on|off

# TAG: buffered_logs on|off

# TAG: reload_into_ims on|off

# TAG: always_direct


# TAG: never_direct

# TAG: header_access


# TAG: header_replace

# TAG: icon_directory

# TAG: global_internal_static

# TAG: short_icon_urls

# TAG: error_directory

# TAG: maximum_single_addr_tries

# TAG: retry_on_error

# TAG: snmp_port

# TAG: snmp_access

# TAG: snmp_incoming_address

# TAG: snmp_outgoing_address

# TAG: as_whois_server

# TAG: wccp_router

# TAG: wccp2_router

# TAG: wccp_version

# TAG: wccp2_rebuild_wait

# TAG: wccp2_return_method

# TAG: wccp2_service

# TAG: wccp2_service_info

# TAG: wccp_address

# TAG: wccp2_address

# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------

# TAG: delay_pools

# TAG: delay_class

# TAG: delay_access

# TAG: delay_parameters

# TAG: delay_initial_bucket_level (percent, 0-100)

# TAG: incoming_icp_average

# TAG: incoming_http_average

# TAG: incoming_dns_average

# TAG: min_icp_poll_cnt

# TAG: min_dns_poll_cnt

# TAG: min_http_poll_cnt

# TAG: max_open_disk_fds

# TAG: offline_mode

# TAG: uri_whitespace

# TAG: broken_posts

# TAG: mcast_miss_addr

# TAG: mcast_miss_ttl

# TAG: mcast_miss_port

# TAG: mcast_miss_encode_key

# TAG: nonhierarchical_direct

# TAG: prefer_direct

# TAG: strip_query_terms

# TAG: coredump_dir

# TAG: redirector_bypass

# TAG: ignore_unknown_nameservers

# TAG: digest_generation

# TAG: digest_bits_per_entry

# TAG: digest_rebuild_period (seconds)

# TAG: digest_rewrite_period (seconds)

# TAG: digest_swapout_chunk_size (bytes)

# TAG: digest_rebuild_chunk_percentage (percent, 0-100)

# TAG: chroot

# TAG: client_persistent_connections

# TAG: server_persistent_connections

# TAG: persistent_connection_after_error

# TAG: detect_broken_pconn

# TAG: balance_on_multiple_ip

# balance_on_multiple_ip on

# TAG: pipeline_prefetch

# TAG: extension_methods

# TAG: request_entities

# TAG: high_response_time_warning (msec)

# TAG: high_page_fault_warning

# TAG: high_memory_warning

# TAG: forward_log

# TAG: ie_refresh on|off

# TAG: vary_ignore_expire on|off

# TAG: sleep_after_fork (microseconds)

# TAG: minimum_expiry_time (seconds)

# TAG: relaxed_header_parser on|off|warn

ldaniloo
(usa Ubuntu)

Enviado em 28/04/2011 - 08:21h

Alguem me AJuda ae Por Favor

john_master12
(usa Ubuntu)

Enviado em 28/04/2011 - 08:31h

caraleo que squid.conf loca..
man nem precisa disso

faça dessa forma..

john_master12
(usa Ubuntu)

Enviado em 28/04/2011 - 08:42h

Vamo lah

root@proxy# vi /etc/squid/squid.conf
apafa tudo que você fez na sua squid.conf e coloca os dados abaixo

#_____________________Por Jonathan Rodrigues_______________
#_____________________john_master12@hotmail.com__________


http_port 3140 transparent # Aqui você coloca a porta que você quer usar no seu squid
visible_hostname proxycoesa #Aqui você coloca o nome do seu servidor
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache_mem 1024 MB

#____________Otimizacao do sistema_________________

maximum_object_size 64 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_access_log /var/log/squid/access.log
cache_dir ufs /var/spool/squid 2048 256 512
refresh_pattern ^ftp: 15 20% 4560
refresh_pattern ^gopher: 15 0% 4560
refresh_pattern . 15 20% 4560

#_______________ACLS Normais________________________
acl all src 192.168.0.0/255.255.255.0
acl liberado url_regex -i "/etc/squid/liberado"
acl bloqueado url_regex -i "/etc/squid/bloqueado"
#delay_pools 1
#delay_class 1 2
#delay_parameters 1 114688/114688 32768/32768
#delay_access 1 allow all
acl manager proto cache_object
acl localhost src 192.168.0.200/255.255.255.255
acl SSL_ports port 4433
acl SSL_ports port 873
acl Safe_ports port 110
acl Safe_ports port 25
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 631
acl Safe_ports port 873
acl Safe_ports port 901
acl purge method PURGE
acl CONNECT method CONNECT
no_cache deny QUERY
#_________________________Aplicacao da ACL______________
http_access allow manager localhost
http_access allow liberado
http_access deny bloqueado
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow purge localhost
http_access deny purge
http_access allow localhost
http_access allow all
http_reply_access allow all
#______________________Fim______________________________


depois vc aperta o esc e digita
:wq!
Para sair do editor vi
agora você tem que criar o arquivo liberado e bloqueado
usando o seguinte comando
root@proxy# vi /etc/squid/liberado
nesse arquivo você vai colocar tudo que quer liberar
depois de digitado salve e feche apertando o esc e digitando
:wq!
o mesmo procedimento você faz com o bloqueado só que vc escreve o que vc quer bloquear


de um restart no seu squid usando o comando
root@proxy# squid -k reconfigure
e é so correr para o abraço
depois de uma lida sobre squid para saber o que é cada coisa na linha de comando..

john_master12
(usa Ubuntu)

Enviado em 28/04/2011 - 08:46h

esqueci de dizer que se você quer que impasse download de videos musicas
e so colocar as extensões dentro do bloqueado
assim a pessoa não consegue fazer download