Abaixo meu squid.conf

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
http_port 3128
cache_mem 64 MB
cache_swap_low 95
cache_swap_high 98
maximum_object_size 16384 KB
maximum_object_size_in_memory 20 KB
cache_access_log /var/log/squid/access.log
cache_dir ufs /var/cache/squid 300000 64 128
ftp_user Squid@
ftp_passive on
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern .  0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl rede_interna src 192.168.0.0/24
#delay_pools 1
#delay_class 1 1
#delay_parameters 1 43750/43750
#delay_access 1 allow rede_interna
acl hans src 192.168.0.26
acl luciano src 192.168.0.38
acl info src 192.168.0.2 192.168.0.240 192.168.0.24
acl gabriel src 192.168.0.33
acl joseantonio src 192.168.0.129
acl oficina src 192.168.0.16
acl blockedip src 192.168.0.3
acl almoco time MTWHF 12:00-13:00
acl msn url_regex gateway.dll
acl live url_regex login.live.com
acl msn2 url_regex loginnet.passport.com
acl arquivos url_regex .mp3 .wav .wmv .mpg .mpeg .avi .flv .scr .pif .vbs
acl prx url_regex proxy
acl meebo url_regex meebo.com
acl orkut url_regex
http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F
acl orkut2 url_regex https://www.orkut.com
acl playboy url_regex playboy.abril.com.br
acl sexy url_regex sexy.com.br
acl sexyuol url_regex uol.com.br/sexy
acl sexyclube url_regex sexyclube.com.br
acl sexyig url_regex sexyclube.ig.com.br
acl youtube url_regex youtube.com
acl chaterra url_regex chat.terra.com.br
acl parperfeito url_regex parperfeito.com.br
acl flogao url_regex flogao.com.br
acl gigafoto url_regex gigafoto.com.br
acl fotolog url_regex fotolog.net
acl fotolist url_regex fotolist.com.br
acl blogger url_regex blogger.com.br
acl mypage url_regex mypage.com.br
acl myflog url_regex myflog.com.br
acl images3 url_regex images3.orkut.com
acl chatuol url_regex tc.batepapo.uol.com.br
acl tufos url_regex tufos.com.br
acl sexo url_regex sexo.com.br
acl iporkut url_regex 72.14.209.87
acl blockproxy url_regex proxy
acl netip src 192.168.0.16 192.168.0.21 192.168.0.22 192.168.0.23
192.168.0.26 192.168.0.28 192.168.0.29 192.168.0.129 192.168.0.31
192.168.0.32 192.168.0.33 192.198.0.34 192.168.0.35 192.168.0.36
192.168.0.68 192.168.0.69 192.168.0.70 192.168.0.100 192.168.0.199
192.168.0.200 192.168.0.201 192.168.0.202 192.168.0.203 192.168.0.204
192.168.0.205 192.168.0.206 192.168.0.207 192.168.0.208 192.168.0.209
192.168.0.210 192.168.0.211 192.168.0.212 192.168.0.213 192.168.0.214
192.168.0.215 192.168.0.216 192.168.0.217 192.168.0.218 192.168.0.219
192.168.0.220 192.168.0.221 192.168.0.222 192.168.0.223 192.168.0.224
192.168.0.225 192.168.0.226 192.168.0.227 192.168.0.228 192.168.0.229
192.168.0.230 192.168.0.231 192.168.0.232 192.168.0.233 192.168.0.234
192.168.0.235 192.168.0.236 192.168.0.237 192.168.0.238 192.168.0.239
182.168.0.240 192.168.0.241 192.168.0.242 192.168.0.243 192.168.0.244
192.168.0.245 192.168.0.246 192.168.0.247 192.168.0.248 192.168.0.249
192.168.0.250 192.168.0.251 192.168.0.252 192.168.0.253
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http
acl emule1 port 49170
acl emule2 port 49200
acl emule3 port 25161
acl emule4 port 25170
acl gnutella1 port 6346
acl gnutella2 port 6349
acl torrent1 port 16093
acl torrent2 port 16000
acl CONNECT method CONNECT
acl blockedsites url_regex -i "/etc/squid/regras/block"
acl unblockedsites url_regex -i "/etc/squid/regras/permit"
acl lunchtimesites url_regex -i "/etc/squid/regras/almoco"
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny emule1
http_access deny emule2
http_access deny gnutella1
http_access deny gnutella2
http_access deny torrent1 !info
http_access deny torrent2 !info
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow info
http_access deny blockedsites !unblockedsites !luciano !info
http_access deny lunchtimesites !almoco !luciano !info !hans !gabriel
http_access allow netip
http_access deny youtube
http_access deny parperfeito
http_access deny flogao
http_access deny gigafoto
http_access deny fotolog
http_access deny blogger
http_access deny mypage
http_access deny myflog
http_access deny blockproxy
http_access deny images3
http_access deny playboy
http_access deny sexy
http_access deny sexyuol
http_access deny sexyclube
http_access deny sexyig
http_access deny chaterra
http_access deny chatuol
http_access deny tufos
http_access deny sexo
http_access deny prx
http_access deny orkut2
http_access deny iporkut
http_access deny meebo
http_access deny live !hans !info !luciano
http_access deny msn !hans !info !luciano
http_access deny msn2 !hans !info !luciano
#http_access deny arquivos !hans !info !luciano
http_access allow rede_interna !blockedip !joseantonio !oficina
http_access deny oficina
http_access deny joseantonio
http_access deny blockedip
http_access deny all
http_reply_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
visible_hostname proxy
logfile_rotate 7
#error_directory /usr/local/squid/share/errors/Portuguese
coredump_dir /var/cache/squid
#log_fqdn on


Lendo esse arquivo, achei algumas coisas estranhas, e mudei algumas
coisas...

Abaixo o squid.conf agora...

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
http_port 3128
cache_mem 64 MB
cache_swap_low 95
cache_swap_high 98
maximum_object_size 16384 KB
maximum_object_size_in_memory 20 KB
cache_access_log /var/log/squid/access.log
cache_dir ufs /var/cache/squid 300000 64 128
ftp_user Squid@
ftp_passive on
refresh_pattern ^ftp:  1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern .  0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl rede_interna src 192.168.0.0/24
#delay_pools 1
#delay_class 1 1
#delay_parameters 1 43750/43750
#delay_access 1 allow rede_interna
acl usuario1 src 192.168.0.26
acl usuario2 src 192.168.0.38
acl info src 192.168.0.240 192.168.0.24
acl usuario3 src 192.168.0.33
acl usuario4 src 192.168.0.129
acl usuario5 src 192.168.0.16
acl blockedip src 192.168.0.3
acl almoco time MTWHF 12:00-13:00
acl msn url_regex gateway.dll
acl live url_regex login.live.com
acl msn2 url_regex loginnet.passport.com
acl arquivos url_regex .mp3 .wav .wmv .mpg .mpeg .avi .flv .scr .pif .vbs
acl prx url_regex proxy
acl meebo url_regex meebo.com
acl orkut url_regex
http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F
acl orkut2 url_regex https://www.orkut.com
acl playboy url_regex playboy.abril.com.br
acl sexy url_regex sexy.com.br
acl sexyuol url_regex uol.com.br/sexy
acl sexyclube url_regex sexyclube.com.br
acl sexyig url_regex sexyclube.ig.com.br
acl youtube url_regex youtube.com
acl chaterra url_regex chat.terra.com.br
acl parperfeito url_regex parperfeito.com.br
acl flogao url_regex flogao.com.br
acl gigafoto url_regex gigafoto.com.br
acl fotolog url_regex fotolog.net
acl fotolist url_regex fotolist.com.br
acl blogger url_regex blogger.com.br
acl mypage url_regex mypage.com.br
acl myflog url_regex myflog.com.br
acl images3 url_regex images3.orkut.com
acl chatuol url_regex tc.batepapo.uol.com.br
acl tufos url_regex tufos.com.br
acl sexo url_regex sexo.com.br
acl iporkut url_regex 72.14.209.87
acl blockproxy url_regex proxy
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80  # http
acl Safe_ports port 21  # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70  # gopher
acl Safe_ports port 210  # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280  # http-mgmt
acl Safe_ports port 488  # gss-http
acl Safe_ports port 591  # filemaker
acl Safe_ports port 777  # multiling http
acl emule1 port 49170
acl emule2 port 49200
acl emule3 port 25161
acl emule4 port 25170
acl gnutella1 port 6346
acl gnutella2 port 6349
acl torrent1 port 16093
acl torrent2 port 16000
acl CONNECT method CONNECT
acl blockedsites url_regex -i "/etc/squid/regras/block"
acl unblockedsites url_regex -i "/etc/squid/regras/permit"
acl lunchtimesites url_regex -i "/etc/squid/regras/almoco"
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny emule1
http_access deny emule2
http_access deny gnutella1
http_access deny gnutella2
http_access deny torrent1 !info
http_access deny torrent2 !info
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow info
http_access deny blockedsites !unblockedsites !usuario2 !info
http_access deny lunchtimesites !almoco !usuario2 !info !usuario1 !usuario3
http_access deny youtube
http_access deny parperfeito
http_access deny flogao
http_access deny gigafoto
http_access deny fotolog
http_access deny blogger
http_access deny mypage
http_access deny myflog
http_access deny blockproxy
http_access deny images3
http_access deny playboy
http_access deny sexy
http_access deny sexyuol
http_access deny sexyclube
http_access deny sexyig
http_access deny chaterra
http_access deny chatuol
http_access deny tufos
http_access deny sexo
http_access deny prx
http_access deny orkut2
http_access deny iporkut
http_access deny meebo
http_access deny live !usuario1 !info !usuario2
http_access deny msn !usuario1 !info !usuario2
http_access deny msn2 !usuario1 !info !usuario2
#http_access deny arquivos !usuario1 !info !usuario2
http_access deny usuario5
http_access deny usuario4
http_access deny blockedip
http_access allow rede_interna !blockedip !usuario4 !usuario5
http_access deny all
http_reply_access allow all
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
visible_hostname proxy
logfile_rotate 7
#error_directory /usr/local/squid/share/errors/Portuguese
coredump_dir /var/cache/squid
#log_fqdn on


Dugestões de melhora?

PS: Pequei esse squid.conf pronto de um servidor rodando... esse servidor um
amigo meu instalou e pe passou pra ter como base, ams mexi praticamente nada
com o .conf... só criei algumas ACLs de usuários específicos...




Em 21/08/08, Marcelo Zola <[EMAIL PROTECTED]> escreveu:
>
>  A teoria esta certra, mas se puder mandar o .conf, talvez possamos ter
> uma visão melhor, pra te ajudar.
>
>
>
> Abs.
>
>
>  ------------------------------
>
> *De:* [email protected] [mailto:[EMAIL PROTECTED] *Em
> nome de *Leonardo souza
> *Enviada em:* quinta-feira, 21 de agosto de 2008 08:52
> *Para:* [email protected]
> *Assunto:* Re: [squid-br] Bloqueio nao tá funcionando...
>
>
>
> Thiago
>
>  No meu caso estou suando sem -i, nào sei ao certo qualquer seria a
> diferença
>
>
>
> acl url_proibidas url_regex "/etc/squid/url_proibidas"
>
>
>
> dentro do arquivo que está no meu, so tem palavras e o nível de acesso a
> esse arquivo é esta.
>
> -rw-r--r--
>
>
>
> verfica ai e manda uma resposta pra gente.
>
>
>
> LEonardo Souza
>
> 2008/8/21 Thiago Rocha <[EMAIL PROTECTED]>
>
> Bom dia a todos!
>
>
>
> Tenho um Fedora Core 3 com Squid 2.6 rodando aqui.
>
>
>
> Criei uma ACL chamada blockedsites, contendo em um arquivo os nomes que,
> caso apareçam no endereço do site, não deixe que o usuário abra.
>
>
>
>
>
> acl blockedsites url_regex -i "/etc/squid/regras/block"
>
>
>
> Esse arquivo block tem alguns termos, entre eles a palavra blog
>
>
>
> Com essa palavra blog, todos os sites que contiverem a palavra blog no
> endereço deveriam ser barrados, certo? (Claro, se usarmos um pouco abaixo no
> squid.conf a linha http_access deny blockedsites)
>
>
>
> Isso tá certo?
>
>
>
> Caso esteja, o que pode estar fazendo com que isso não aconteça?
>
> --
> []'s
> Thiago Rocha
> Jarinu - SP
>
>
>
> 
>
> No virus found in this incoming message.
> Checked by AVG.
> Version: 7.5.524 / Virus Database: 270.6.6/1623 - Release Date: 20/8/2008
> 08:12
>
> No virus found in this outgoing message.
> Checked by AVG.
> Version: 7.5.524 / Virus Database: 270.6.6/1623 - Release Date: 20/8/2008
> 08:12
>



-- 
[]'s
Thiago Rocha
Jarinu - SP

Responder a