Hola lista le adjunto la configuración de un squid que estoy montando
siguiendo las instrucciones de leslie pero no se que problema tengo que
cuando trato de conectarme a el para la navegación me devuelve que no
esta aceptando las conexiones y e revisado en internet y en la
configuración de otros squid y no se que es lo que me esta faltando o me
sobra.
Saludos
#-----------------------------------------------------------------------
# Squid4 config file for INUTIL proxy
# By: Koratsuki -> lesli...@nauta.cu, koratsuki.nijuu...@gmail.com
#-----------------------------------------------------------------------
# General stuff
#include "/etc/squid/squid-00-general.conf"
# Options file for Squid config
#include "/etc/squid/squid-01-options.conf"
# Users auth
#include "/etc/squid/squid-02-auth.conf"
# ACLs
#include "/etc/squid/squid-03-acls.conf"
# Delay Pools
#include "/etc/squid/squid-04-balance.conf"
# Hurry to restart
shutdown_lifetime 1 seconds
# DNSs for the proxy
dns_nameservers 200.55.128.3 200.55.128.4 10.50.0.2
dns_v4_first on
# Ports where this proy will listen connections
#http_port 0.0.0.0:3128
http_port 10.50.0.24:8080
# Hostname for the proxy
visible_hostname squid4.mz.unal.cu
# Contact Email
cache_mgr osmani.fons...@mz.unal.cu
# Domain to append
append_domain .mz.unal.cu
# FTP config
#ftp_user squ...@proxy.inutil.cu
#ftp_passive on
#ftp_sanitycheck on
# Directories for errors and icons
error_directory /usr/share/squid/errors/es-es
icon_directory /usr/share/squid/icons
# Path to Squid's icon configuration file.
mime_table /etc/squid/mime.conf
# Host file
hosts_file /etc/hosts
check_hostnames off
# Other stuff
pid_filename /var/run/squid.pid
coredump_dir /var/spool/squid
cache_effective_user proxy
cache_effective_group proxy
ipcache_size 10240
fqdncache_size 10240
ipcache_low 98
ipcache_high 99
# A list of ACL elements which, if matched, cause an ident
# (RFC 931) lookup to be performed for this request.
ident_lookup_access deny all
# Squid will send any non-hierarchical requests
# direct to origin servers.
nonhierarchical_direct on
# Don't show Squid version
httpd_suppress_version_string on
#Squid will keep open connections until a read or write
#on the socket returns an error.
half_closed_clients off
# Some security
forwarded_for off
via off
request_header_access From deny all
request_header_access Server deny all
request_header_access WWW-Authenticate deny all
request_header_access Link deny all
request_header_access Cache-Control deny all
request_header_access Proxy-Connection deny all
request_header_access X-Cache deny all
request_header_access X-Cache-Lookup deny all
request_header_access Via deny all
request_header_access X-Forwarded-For deny all
request_header_access Pragma deny all
request_header_access Keep-Alive deny all
#Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20%
4320
# Cache options
cache_mem 1024 MB
maximum_object_size 99 MB
maximum_object_size_in_memory 9072 KB
# Peer timeout
dead_peer_timeout 1.000000 seconds
# Cache dir options
cache_dir aufs /var/spool/squid 1000 16 256
coredump_dir /var/spool/squid
# Cache Swap
cache_swap_low 150
cache_swap_high 200
ipcache_size 90096
ipcache_low 98
ipcache_high 99
fqdncache_size 90096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
memory_pools off
memory_pools_limit 512 MB
#request_header_max_size 256KB
#request_body_max_size 0 KB
cache_effective_user proxy
cache_effective_group proxy
# Cache only mode
#offline_mode off
# Peer timeout
dead_peer_timeout 1.000000 seconds
# Cache dir options
cache_dir aufs /var/spool/squid 1000 16 256
coredump_dir /var/spool/squid
# Cache Swap
cache_swap_low 150
cache_swap_high 200
ipcache_size 90096
ipcache_low 98
ipcache_high 99
fqdncache_size 90096
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
memory_pools off
memory_pools_limit 512 MB
#request_header_max_size 256KBquick_abort_pct 100
read_ahead_gap 991 MB
negative_ttl 0 seconds
positive_dns_ttl 86400 seconds
negative_dns_ttl 1 seconds
range_offset_limit 0
# Changing User Agent, use it if needed
#request_header_access User-Agent deny all
#request_header_replace User-Agent Mozilla/5.0 (Linux x64; Intel; rv:49.0)
Gecko/20100101 Firefox/49.0
# Limit download to 8MB
#reply_body_max_size 9096 KB
# Logs
cache_log stdio:/var/log/squid/cache.log
access_log stdio:/var/log/squid/access.log
cache_store_log stdio:/var/log/squid/store.log
netdb_filename stdio:/var/spool/squid/netdb.state
logfile_rotate 30
# Debug log info
#debug_options ALL,2 28,4 82,4
# Debug standard
debug_options ALL,1
#request_body_max_size 0 KB
cache_effective_user proxy
cache_effective_group proxy
reload_into_ims on
quick_abort_min 0 KB
#Servidor Cache Padre Internacional
cache_host_domain 10.10.1.18 parent 8080 0 default
# Servidor Cache Padre Nacional.
cache_host_domain 10.50.0.1 parent 8080 0 default no-query
#CACHES POR DOMINIOS
cache_host_domain 10.10.1.18 .cubana.cu .google.com.cu !.cu
cache_host_domain 10.50.0.1 .cu
# NTLM + Kerberos + Groups
auth_param negotiate program /usr/lib/squid/negotiate_wrapper_auth --ntlm
/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp --kerberos
/usr/lib/squid/negotiate_kerberos_auth -r -s GSS_C_NO_NAME
auth_param negotiate children 200 startup=50 idle=10
auth_param negotiate keep_alive off
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 100 startup=10 idle=5
auth_param ntlm keep_alive off
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 10 startup=1 idle=1
auth_param basic realm MZ.UNAL.CU
auth_param basic credentialsttl 1 hours
external_acl_type kerberos_ldap_group ttl=300 %LOGIN
/usr/lib/squid/ext_kerberos_ldap_group_acl -a -g Intranet:Internet -D MZ.UNAL.CU
acl Nav_Nac external kerberos_ldap_group Intranet
acl Nav_Int external kerberos_ldap_group Internet
acl Squid_Login proxy_auth REQUIRED
#-----------------------------------------------------------------------
# Squid4 ACLs file for INUTIL proxy
#-----------------------------------------------------------------------
acl all src all
acl localhost src 127.0.0.1/32
acl localnet src 10.50.0.0/24
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
## Methods allowed
acl Safe_method method CONNECT GET HEAD POST
http_access deny !Safe_method
## Protocols allowed
acl Safe_proto proto HTTP SSL
http_access deny !Safe_proto
acl allowed_subnets src 10.50.19.0/24 192.168.50.0/24
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
#Nav_Int
http_reply_access allow Squid_Login Nav_Int
http_reply_access allow Squid_Login !Nav_Nac
http_access allow Squid_Login Nav_Int
http_access allow Squid_Login Safe_ports Nav_Int
http_access deny !Safe_ports Nav_Int
#Nav_Nac
acl Only_CU dstdomain .cu
http_access allow Squid_Login Nav_Nac Only_CU
# Only 10 connection threads per ip[EXAMPLE but works]
#acl limited_ips src "/etc/squid/limited/ips"
#acl limitreq maxconn 10
#http_access deny limited_ips limitreq
# Only 4 connections threads for video sites
acl file urlpath_regex -i \.avi.*$ \.asf.*.*$ \.asx.*$ \.mp4.*$ \.ogv.*$
\.ogg.*$ \.flv.*$ \.mov.*$
acl maxconfile maxconn 4
# Denying
http_access deny file maxconfile
http_access allow localnet
icp_access allow localnet
# Whitelisting sites
acl whitelist dstdomain "/etc/squid/allowed/whitelist"
# Allowing whitelisting
http_access allow whitelist
# Blacklisted stuff
# Porno
acl blacklist_domain_porn dstdomain "/etc/squid/porn/domains"
acl blacklist_urls_porn url_regex "/etc/squid/porn/regularexpressions"
# Politics related
acl blacklist_domain_politic dstdomain "/etc/squid/politic/domains"
# Chat
acl blacklist_domain_chat dstdomain "/etc/squid/chat/domains"
# Anonymous proxies
acl blacklist_domain_proxy dstdomain "/etc/squid/proxy/domains"
# Weird domains
acl blacklist_domain_suspect dstdomain "/etc/squid/suspect/domains"
# ADS
acl ads_url url_regex "/etc/squid/ads/regularexpressions"
acl ads_domain dstdomain "/etc/squid/ads/domains"
# Denying blacklisted
http_access deny Squid_Login blacklist_domain_porn
http_access deny Squid_Login blacklist_urls_porn
http_access deny Squid_Login blacklist_domain_politic
http_access deny Squid_Login blacklist_domain_chat
http_access deny Squid_Login blacklist_domain_proxy
http_access deny Squid_Login blacklist_domain_suspect
http_access deny Squid_Login ads_url
http_access deny Squid_Login ads_domain
# IP+MAC example
acl user1_mac arp 80:fa:5b:3d:97:e8 58:fb:84:3a:d9:fa
acl user1_ip src 10.50.19.2-10.50.19.15 192.168.50.105/32 192.168.50.106/32
192.168.50.252/32 192.168.50.27/32 10.50.19.5/32
http_access allow user1_mac user1_ip
http_access allow allowed_subnets
http_access deny all
icp_access deny all
_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
