Dejame hacerte una pregunta esto es todo el conf de tu squid??? te
pregunto por que no veo ninguna acl para la autenticacion y supongo que
tengas conexion directa
El 1/7/20 a las 10:58, Josvany Hernández Ortega escribió:
Estoy teniendo problemas con esto necesito que alguien me revise el
orden la las acl y la sintaxis de las mismas, por favor estoy
volviéndome loco con respecto a este tema. Aquí les dejo mis acl, Esto
es Squid 5.0.2. las cosas que están repetidas y comentadas he sido yo
tratando de dar pie con bolas.
#Squid ACL
acl localhost src 172.16.1.220/32
acl localnet src 172.16.0.0/22
acl SSL_ports port 443 # HTTPS
acl SSL_ports port 563 # SNEWS
acl SSL_ports port 873 # RSYNC
acl Safe_ports port 21 # FTP
acl Safe_ports port 22 # SSH
acl Safe_ports port 25 # SMTP
acl Safe_ports port 70 # GOPHER
acl Safe_ports port 80 # HTTP
acl Safe_ports port 110 # POP3
acl Safe_ports port 210 # WAIS
acl Safe_ports port 280 # HTTP-MGMT
acl Safe_ports port 443 # HTTPS
acl Safe_ports port 488 # GSS-HTTP
acl Safe_ports port 591 # FILEMAKER
acl Safe_ports port 631 # CUPS
acl Safe_ports port 777 # MULTILING HTTP
acl Safe_ports port 873 # RSYNC
acl Safe_ports port 901 # SWAT
acl Safe_ports port 5222 # JABBER
acl Safe_ports port 1025-65535 # UNREGISTERED PORTS
acl Safe_ports port 53 # DNS
acl Safe_ports port 7071 # Zimbra WebAdmin
acl Safe_ports port 9090 # Jabber Admin
acl Safe_ports port 123 # NTP
## Methods allowed
acl Safe_method method CONNECT GET HEAD POST
http_access deny !Safe_method
## Protocols allowed
#acl Safe_proto proto HTTP SSL
#http_access deny !Safe_proto
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Only allow cachemgr access from localhost
http_access allow localhost localnet
# Time limitations[from 830am to 430pm, weekly working time]
acl workingtime time MTWHF 08:30-16:30
acl not_work_domains dstdomain "/etc/squid/denied/not_allowed"
http_access deny workingtime not_work_domains !Nav_full !Rsocial
## Autenticacion
acl pc-int src "/etc/squid/pcinternet/pc"
acl cuba dstdomain .cu
http_access allow Squid_Login pc-int Nav_Int
http_access allow Squid_Login cuba localnet
# Only 20 connection threads per ip[EXAMPLE but works]
acl limitreq maxconn 20
http_access deny limitreq !Nav_full
# Denegar Videos
acl deny_rep_mime_flashvideo rep_mime_type video/flv
#EVITAR NAVEGACION POR IP
acl NAVEGACION_IP dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
# Limite en cantidad de veces q puede estar uno logueado
acl max-maq-por-usuario max_user_ip -s 1
#EVITAR BURLAS A GOOGLE
acl mocks_gl url_regex google.com[\.[A-Z][a-z]]/gwt
acl mocks_gl url_regex google.com.cu/gwt
acl mocks_gl url_regex google.com.cu/xhtml
acl mocks_gl url_regex google.com.cu/m
acl mocks_gl url_regex google.com.cu/pda
# Whitelisting sites
acl whitelist dstdomain "/etc/squid/allowed/whitelist"
# Allowing whitelisting
http_access allow whitelist
# Blacklisted stuff Porno
acl blacklist_domain_porn dstdomain "/etc/squid/porn/domains"
acl blacklist_urls_porn url_regex "/etc/squid/porn/regularexpressions"
# Politics related
acl blacklist_domain_politic dstdomain "/etc/squid/politic/domains"
# Chat
acl blacklist_domain_chat dstdomain "/etc/squid/chat/domains"
# Anonymous proxies
acl blacklist_domain_proxy dstdomain "/etc/squid/proxy/domains"
# Weird domains
acl blacklist_domain_suspect dstdomain "/etc/squid/suspect/domains"
# ADS
acl ads_url url_regex "/etc/squid/ads/regularexpressions"
acl ads_domain dstdomain "/etc/squid/ads/domains"
# Blacklisted Socialnet
acl blacklist_domain_socialnet dstdomain "/etc/squid/socialnet/domains"
acl blacklist_urls_socialnet url_regex "/etc/squid/socialnet/urls"
# Blacklisted Music
acl blacklist_domain_music dstdomain "/etc/squid/music/domains"
acl blacklist_urls_music url_regex "/etc/squid/music/urls"
# Blacklisted Webmail
acl blacklist_domain_webmail dstdomain "/etc/squid/webmail/domains"
acl blacklist_urls_webmail url_regex "/etc/squid/webmail/urls"
# Denying blacklisted
http_access deny max-maq-por-usuario
http_access deny mocks_gl
http_access deny NAVEGACION_IP !Nav_full
http_access deny blacklist_domain_porn
http_access deny blacklist_urls_porn
http_access deny blacklist_domain_politic
http_access deny blacklist_domain_chat !Nav_full
http_access deny blacklist_domain_proxy
http_access deny blacklist_domain_suspect
http_access deny ads_url
http_access deny ads_domain
http_access deny blacklist_domain_socialnet !Nav_full !Rsocial
http_access deny blacklist_urls_socialnet !Nav_full !Rsocial
http_access deny blacklist_domain_music !Nav_full
http_access deny blacklist_urls_music !Nav_full
http_access deny blacklist_domain_webmail !Nav_full
http_access deny blacklist_urls_webmail !Nav_full
http_reply_access deny deny_rep_mime_flashvideo !Nav_full
# Time limitations[from 830am to 430pm, weekly working time]
#acl workingtime time MTWHF 08:30-16:30
#acl not_work_domains dstdomain "/etc/squid/denied/not_allowed"
#http_access deny workingtime not_work_domains !Nav_full !Rsocial
#################################
#http_access allow Squid_Login pc-int Nav_Int
#http_access allow Squid_Login cuba localnet
#http_access deny !Squid_Login
#################################
# Denegar Todo
http_access deny all
icp_access deny all
========================
Josvany Hernández Ortega.
Administrador de Red.
Telf. +53 7 682 3279
Pizz. +53 7 682 9563 al 70
Ext. 108
josvan...@centis.edu.cu <mailto:josvan...@centis.edu.cu>
========================
_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
