cleberof
(usa Mandriva)
Enviado em 25/02/2021 - 14:41h
# arquivo que irá ficar usuario e senha do proxy + ncsa - modulo autenticador
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd_squid
auth_param basic children 5
auth_param basic realm ..:: Widex Proxy Web Server - Digite suas credenciais ::..
auth_param basic credentialsttl 2 hour
acl localnet src 192.168.0.0/24 # RFC1918 possible internal network
#acl ips.tvs src 192.168.0.131/255.255.255.255 # Sala Chefe
#acl ips.tvs src 192.168.0.132/255.255.255.255 # Sala Reuniao
#acl web.tvs url_regex -i "/etc/squid3/regras/perm.tvs"
#acl web.tvs.ssl url_regex -i "/etc/squid3/regras/perm.tvs.ssl"
# >>>>>>>>>> Autenticacao de Usuarios
acl aut.usuarios proxy_auth REQUIRED
acl users.completo proxy_auth rita lincoln cyber rtl marcos carla fono
acl users.contabilidade proxy_auth jackson
acl users.financeiro proxy_auth rita
acl users.fono proxy_auth patricinha fioroto
acl users.protese proxy_auth isabela
acl users.recepcao proxy_auth lais
acl users.tecnica proxy_auth muriel
acl users.cyber proxy_auth cyber Cyber
acl web.msn url_regex -i "/etc/squid3/regras/perm.msn"
acl web.geral url_regex -i "/etc/squid3/regras/perm.geral"
acl web.geral.ssl url_regex -i "/etc/squid3/regras/perm.geral.ssl"
#acl web.sites_bloqueados url_regex -i "/etc/squid3/regras/sites_bloqueados"
#acl web.sitelobe url_regex -i "/etc/squid3/regras/sitelibe"
acl web.contabilidade url_regex -i "/etc/squid3/regras/perm.contabilidade"
acl web.contabilidade.ssl url_regex -i "/etc/squid3/regras/perm.contabilidade.ssl"
#acl web.contabilidade url_regex -i "/etc/squid3/regras/sites_bloqueados"
acl web.financeiro url_regex -i "/etc/squid3/regras/perm.financeiro"
acl web.financeiro.ssl url_regex -i "/etc/squid3/regras/perm.financeiro.ssl"
acl web.fono url_regex -i "/etc/squid3/regras/perm.fono"
acl web.fono.ssl url_regex -i "/etc/squid3/regras/perm.fono.ssl"
acl web.protese url_regex -i "/etc/squid3/regras/perm.protese"
acl web.cyber url_regex -i "/etc/squid3/regras/perm.cyber"
#acl web.protese.ssl url_regex -i "/etc/squid3/regras/perm.protese.ssl"
acl web.tecnica url_regex -i "/etc/squid3/regras/perm.tecnica"
acl web.recepcao url_regex -i "/etc/squid3/regras/perm.recepcao"
acl web.recepcao.ssl url_regex -i "/etc/squid3/regras/perm.recepcao.ssl"
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow users.contabilidade users.financeiro users.fono users.protese users.cyber users.recepcao users.tecnica web.geral
miss_access allow users.contabilidade users.financeiro users.fono users.protese users.cyber users.recepcao users.tecnica web.geral
http_access allow users.contabilidade users.financeiro users.fono users.protese users.cyber users.recepcao users.tecnica web.geral.ssl SSL_ports
miss_access allow users.contabilidade users.financeiro users.fono users.protese users.cyber users.recepcao users.tecnica web.geral.ssl SSL_ports
acl download urlpath_regex -i "/etc/squid3/regras/download"
http_access deny download
acl sitesbloqueados url_regex -i "/etc/squid3/regras/sitesbloqueados"
http_access deny sitesbloqueados
acl sitesliberados url_regex -i "/etc/squid3/regras/sitesliberados"
http_access allow sitesliberados
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow users.completo
miss_access allow users.completo
http_access allow users.completo SSL_ports
miss_access allow users.completo SSL_ports
http_access allow users.completo web.msn
miss_access allow users.completo web.msn
http_access allow users.completo web.msn SSL_ports
miss_access allow users.completo web.msn SSL_ports
http_access allow users.completo Safe_ports
miss_access allow users.completo Safe_ports
http_access allow users.cyber web.cyber
miss_access allow users.cyber web.cyber
#http_access allow users.cyber !extensoes_bloqueadas
#miss_access allow users.cyber !extensoes_bloqueadas
#http_access allow users.cyber !extensoes_bloqueadas SSL_ports
#miss_access allow users.cyber !extensoes_bloqueadas SSL_ports
#http_access allow users.cyber web.cyber
#miss_access allow users.cyber web.cyber
http_access allow users.cyber web.cyber SSL_ports
miss_access allow users.cyber web.cyber SSL_ports
http_access allow users.contabilidade web.contabilidade
miss_access allow users.contabilidade web.contabilidade
http_access allow users.contabilidade web.contabilidade.ssl SSL_ports
miss_access allow users.contabilidade web.contabilidade.ssl SSL_ports
http_access allow users.financeiro web.financeiro
miss_access allow users.financeiro web.financeiro
http_access allow users.financeiro web.financeiro.ssl SSL_ports
miss_access allow users.financeiro web.financeiro.ssl SSL_ports
http_access allow users.fono web.fono
miss_access allow users.fono web.fono
http_access allow users.fono web.fono.ssl SSL_ports
miss_access allow users.fono web.fono.ssl SSL_ports
http_access allow users.tecnica web.tecnica
miss_access allow users.tecnica web.tecnica
http_access allow users.protese web.protese
miss_access allow users.protese web.protese
#http_access allow users.protese web.protese.ssl SSL_ports
#miss_access allow users.protese web.protese.ssl SSL_ports
http_access allow users.tecnica web.fono
miss_access allow users.tecnica web.fono
http_access allow users.recepcao web.recepcao
miss_access allow users.recepcao web.recepcao
http_access allow users.recepcao web.recepcao.ssl SSL_ports
miss_access allow users.recepcao web.recepcao.ssl SSL_ports
#http_access allow users.tecnica web.tecnica
#miss_access allow users.tecnica web.tecnica
#http_access allow users.tecnica web.tecnica.ssl SSL_ports
#miss_access allow users.tecnica web.tecnica.ssl SSL_ports
#comentario
http_access deny localnet
#http_access allow localhost
# And finally deny all other access to this proxy
http_access deny all
icp_access deny all
htcp_access deny all
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_mem 128 MB
maximum_object_size_in_memory 64 KB
cache_dir ufs /var/spool/squid3 10000 16 256
minimum_object_size 0 KB
maximum_object_size 102400 KB
access_log /var/log/squid3/access.log squid
#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.rpm?$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.cab$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.exe$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.exe?$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.deb$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.vpx$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.gz$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.vdf.gz$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.psf$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.idx$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.avc$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.avc.$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.krg$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
refresh_pattern -i \.stt$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
quick_abort_min -1 KB
acl cached dstdomain .google.com
acl cached dstdomain .java.com
acl cached dstdomain .sun.com
acl cached dstdomain .adobe.com
acl cached dstdomain .youtube.com
acl cached dstdomain .microsoft.
acl cached dstdomain .ubuntu.com
acl cached dstdomain .avast.com
acl cached dstdomain .windowsupdate.com
acl cached dstdomain .avira-update.com
acl cached dstdomain .kaspersky.com
acl cached dstdomain 72.246.64.130
acl cached dstdomain 38.117.98.196
acl cached dstdomain 208.43.71.133
cache allow cached
cache_mgr cleber.fortes@widexriopreto.com.br
cache_effective_user proxy
cache_effective_group proxy
visible_hostname gw.widex
icp_port 3130
error_directory /usr/share/squid-langpack/pt-br
dns_nameservers 8.8.8.8 8.8.4.4
coredump_dir /var/spool/squid3