On 05/30/2012 02:15 PM, Daniel wrote: > Así? Ya corregí pero aun así Deja pasar todo. >>>>> acl manager proto cache_object >>>>> acl localhost src 127.0.0.1/32 ::1 >>>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >>>>> acl localnet src 10.1.0.0/17 >>>>> acl google src 74.125.0.0/16 >>>>> acl youtube srcdomain .youtube.com >>>>> acl youtube_2 srcdom_regex -i \.youtube\.com >>>>> http_access allow manager localhost >>>>> http_access deny manager >>>>> http_access allow localnet >>>>> http_access allow localhost >>>>> http_port 10.1.50.252:8080 intercept >>> http_access deny google >>> http_access deny youtube >>> http_access deny youtube_2 >>> visible_hostname proxy.lsvp
ok, si ese es el orden, entonces no está bien, porque estás poniendo el allow localnet delante de los deny, y siempre se irán por el allow entonces saludos epe > > Daniel Ortiz Gutierrez > > El 30/05/2012, a las 13:03, Ernesto Pérez Estévez<cen...@ecualinux.com> > escribió: > >> On 05/30/2012 12:55 PM, Daniel wrote: >>>>> acl manager proto cache_object >>>>> acl localhost src 127.0.0.1/32 ::1 >>>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >>>>> acl localnet src 10.1.0.0/17 >>>>> acl google src 74.125.0.0/16 >>>>> acl youtube srcdomain .youtube.com >>>>> acl youtube_2 srcdom_regex -i \.youtube\.com >>>>> http_access allow manager localhost >>>>> http_access deny manager >>>>> http_access allow localnet >>>>> http_access allow localhost >>>>> http_port 10.1.50.252:8080 intercept >>> http_access deny google >>> http_access deny youtube >>> http_access deny youtube_2 >>> visible_hostname proxy.lsvp >>> >>> Perdón no puse el archivo de configuración completo. >> ahora dudo de la posición del http_access (porque tú usas http_port >> aquí, parámetro que no comprendo) >> >> >>> >>> Daniel Ortiz Gutierrez >>> >>> El 30/05/2012, a las 12:33, Ernesto Pérez Estévez<cen...@ecualinux.com> >>> escribió: >>> >>>> On 05/30/2012 12:09 PM, Daniel wrote: >>>>> Saludos >>>>> >>>>> Instale Squid 3.1 en un centos 6.2 minimo, con un "yum install squid" >>>>> este es el archivo de configuracion, >>>>> >>>>> acl manager proto cache_object >>>>> acl localhost src 127.0.0.1/32 ::1 >>>>> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1 >>>>> acl localnet src 10.1.0.0/17 >>>>> >>>>> acl google src 74.125.0.0/16 >>>>> acl youtube srcdomain .youtube.com >>>>> acl youtube_2 srcdom_regex -i \.youtube\.com >>>>> >>>> quizá leí muy rápido, pero veo la ACL definida mas no el http_access >>>> para denegar o permitir lo que machee con esa acl >>>> >>>>> >>>>> http_access allow manager localhost >>>>> http_access deny manager >>>>> http_access allow localnet >>>>> http_access allow localhost >>>>> http_port 10.1.50.252:8080 intercept >>>>> >>>>> acl google src 74.125.0.0/16 >>>>> acl youtube srcdomain .youtube.com >>>>> acl youtube_2 srcdom_regex -i \.youtube\.com >>>>> >>>>> >>>>> >>>>> >>>>> el problema es que no me respeta ninguna ACL, todo lo deja pasar lo e >>>>> intentado con otras direcciones para ver si es problema de https pero >>>>> incluso cuando pongo >>>>> >>>>> acl all src all >>>>> http_access all deny >>>>> >>>>> me sigue dejando navegar sin problemas, mis reglas de iptables son: >>>>> >>>>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 >>>>> -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT >>>>> >>>>> el puerto 443 esta abierto por que no me estoy metiendo con https, por >>>>> el momento. >>>>> >>>>> Saludos y espero alguien me pueda ayudar. >>>>> _______________________________________________ >>>>> CentOS-es mailing list >>>>> CentOS-es@centos.org >>>>> http://lists.centos.org/mailman/listinfo/centos-es >>>>> >>>> >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> _______________________________________________ >>>> CentOS-es mailing list >>>> CentOS-es@centos.org >>>> http://lists.centos.org/mailman/listinfo/centos-es >>> _______________________________________________ >>> CentOS-es mailing list >>> CentOS-es@centos.org >>> http://lists.centos.org/mailman/listinfo/centos-es >>> >> >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> _______________________________________________ >> CentOS-es mailing list >> CentOS-es@centos.org >> http://lists.centos.org/mailman/listinfo/centos-es > _______________________________________________ > CentOS-es mailing list > CentOS-es@centos.org > http://lists.centos.org/mailman/listinfo/centos-es > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
