Estoy teniendo problemas con esto necesito que alguien me revise el orden la las acl y la sintaxis de las mismas, por favor estoy volviéndome loco con respecto a este tema. Aquí les dejo mis acl, Esto es Squid 5.0.2. las cosas que están repetidas y comentadas he sido yo tratando de dar pie con bolas.
#Squid ACL acl localhost src 172.16.1.220/32 acl localnet src 172.16.0.0/22 acl SSL_ports port 443 # HTTPS acl SSL_ports port 563 # SNEWS acl SSL_ports port 873 # RSYNC acl Safe_ports port 21 # FTP acl Safe_ports port 22 # SSH acl Safe_ports port 25 # SMTP acl Safe_ports port 70 # GOPHER acl Safe_ports port 80 # HTTP acl Safe_ports port 110 # POP3 acl Safe_ports port 210 # WAIS acl Safe_ports port 280 # HTTP-MGMT acl Safe_ports port 443 # HTTPS acl Safe_ports port 488 # GSS-HTTP acl Safe_ports port 591 # FILEMAKER acl Safe_ports port 631 # CUPS acl Safe_ports port 777 # MULTILING HTTP acl Safe_ports port 873 # RSYNC acl Safe_ports port 901 # SWAT acl Safe_ports port 5222 # JABBER acl Safe_ports port 1025-65535 # UNREGISTERED PORTS acl Safe_ports port 53 # DNS acl Safe_ports port 7071 # Zimbra WebAdmin acl Safe_ports port 9090 # Jabber Admin acl Safe_ports port 123 # NTP ## Methods allowed acl Safe_method method CONNECT GET HEAD POST http_access deny !Safe_method ## Protocols allowed #acl Safe_proto proto HTTP SSL #http_access deny !Safe_proto # Deny requests to certain unsafe ports http_access deny !Safe_ports # Only allow cachemgr access from localhost http_access allow localhost localnet # Time limitations[from 830am to 430pm, weekly working time] acl workingtime time MTWHF 08:30-16:30 acl not_work_domains dstdomain "/etc/squid/denied/not_allowed" http_access deny workingtime not_work_domains !Nav_full !Rsocial ## Autenticacion acl pc-int src "/etc/squid/pcinternet/pc" acl cuba dstdomain .cu http_access allow Squid_Login pc-int Nav_Int http_access allow Squid_Login cuba localnet # Only 20 connection threads per ip[EXAMPLE but works] acl limitreq maxconn 20 http_access deny limitreq !Nav_full # Denegar Videos acl deny_rep_mime_flashvideo rep_mime_type video/flv #EVITAR NAVEGACION POR IP acl NAVEGACION_IP dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ # Limite en cantidad de veces q puede estar uno logueado acl max-maq-por-usuario max_user_ip -s 1 #EVITAR BURLAS A GOOGLE acl mocks_gl url_regex google.com[\.[A-Z][a-z]]/gwt acl mocks_gl url_regex google.com.cu/gwt acl mocks_gl url_regex google.com.cu/xhtml acl mocks_gl url_regex google.com.cu/m acl mocks_gl url_regex google.com.cu/pda # Whitelisting sites acl whitelist dstdomain "/etc/squid/allowed/whitelist" # Allowing whitelisting http_access allow whitelist # Blacklisted stuff Porno acl blacklist_domain_porn dstdomain "/etc/squid/porn/domains" acl blacklist_urls_porn url_regex "/etc/squid/porn/regularexpressions" # Politics related acl blacklist_domain_politic dstdomain "/etc/squid/politic/domains" # Chat acl blacklist_domain_chat dstdomain "/etc/squid/chat/domains" # Anonymous proxies acl blacklist_domain_proxy dstdomain "/etc/squid/proxy/domains" # Weird domains acl blacklist_domain_suspect dstdomain "/etc/squid/suspect/domains" # ADS acl ads_url url_regex "/etc/squid/ads/regularexpressions" acl ads_domain dstdomain "/etc/squid/ads/domains" # Blacklisted Socialnet acl blacklist_domain_socialnet dstdomain "/etc/squid/socialnet/domains" acl blacklist_urls_socialnet url_regex "/etc/squid/socialnet/urls" # Blacklisted Music acl blacklist_domain_music dstdomain "/etc/squid/music/domains" acl blacklist_urls_music url_regex "/etc/squid/music/urls" # Blacklisted Webmail acl blacklist_domain_webmail dstdomain "/etc/squid/webmail/domains" acl blacklist_urls_webmail url_regex "/etc/squid/webmail/urls" # Denying blacklisted http_access deny max-maq-por-usuario http_access deny mocks_gl http_access deny NAVEGACION_IP !Nav_full http_access deny blacklist_domain_porn http_access deny blacklist_urls_porn http_access deny blacklist_domain_politic http_access deny blacklist_domain_chat !Nav_full http_access deny blacklist_domain_proxy http_access deny blacklist_domain_suspect http_access deny ads_url http_access deny ads_domain http_access deny blacklist_domain_socialnet !Nav_full !Rsocial http_access deny blacklist_urls_socialnet !Nav_full !Rsocial http_access deny blacklist_domain_music !Nav_full http_access deny blacklist_urls_music !Nav_full http_access deny blacklist_domain_webmail !Nav_full http_access deny blacklist_urls_webmail !Nav_full http_reply_access deny deny_rep_mime_flashvideo !Nav_full # Time limitations[from 830am to 430pm, weekly working time] #acl workingtime time MTWHF 08:30-16:30 #acl not_work_domains dstdomain "/etc/squid/denied/not_allowed" #http_access deny workingtime not_work_domains !Nav_full !Rsocial ################################# #http_access allow Squid_Login pc-int Nav_Int #http_access allow Squid_Login cuba localnet #http_access deny !Squid_Login ################################# # Denegar Todo http_access deny all icp_access deny all ======================== Josvany Hernández Ortega. Administrador de Red. Telf. +53 7 682 3279 Pizz. +53 7 682 9563 al 70 Ext. 108 <mailto:josvan...@centis.edu.cu> josvan...@centis.edu.cu ========================
_______________________________________________ Gutl-l mailing list -- gutl-l@listas.jovenclub.cu To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
