Abaixo meu squid.conf hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? http_port 3128 cache_mem 64 MB cache_swap_low 95 cache_swap_high 98 maximum_object_size 16384 KB maximum_object_size_in_memory 20 KB cache_access_log /var/log/squid/access.log cache_dir ufs /var/cache/squid 300000 64 128 ftp_user Squid@ ftp_passive on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl rede_interna src 192.168.0.0/24 #delay_pools 1 #delay_class 1 1 #delay_parameters 1 43750/43750 #delay_access 1 allow rede_interna acl hans src 192.168.0.26 acl luciano src 192.168.0.38 acl info src 192.168.0.2 192.168.0.240 192.168.0.24 acl gabriel src 192.168.0.33 acl joseantonio src 192.168.0.129 acl oficina src 192.168.0.16 acl blockedip src 192.168.0.3 acl almoco time MTWHF 12:00-13:00 acl msn url_regex gateway.dll acl live url_regex login.live.com acl msn2 url_regex loginnet.passport.com acl arquivos url_regex .mp3 .wav .wmv .mpg .mpeg .avi .flv .scr .pif .vbs acl prx url_regex proxy acl meebo url_regex meebo.com acl orkut url_regex http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F acl orkut2 url_regex https://www.orkut.com acl playboy url_regex playboy.abril.com.br acl sexy url_regex sexy.com.br acl sexyuol url_regex uol.com.br/sexy acl sexyclube url_regex sexyclube.com.br acl sexyig url_regex sexyclube.ig.com.br acl youtube url_regex youtube.com acl chaterra url_regex chat.terra.com.br acl parperfeito url_regex parperfeito.com.br acl flogao url_regex flogao.com.br acl gigafoto url_regex gigafoto.com.br acl fotolog url_regex fotolog.net acl fotolist url_regex fotolist.com.br acl blogger url_regex blogger.com.br acl mypage url_regex mypage.com.br acl myflog url_regex myflog.com.br acl images3 url_regex images3.orkut.com acl chatuol url_regex tc.batepapo.uol.com.br acl tufos url_regex tufos.com.br acl sexo url_regex sexo.com.br acl iporkut url_regex 72.14.209.87 acl blockproxy url_regex proxy acl netip src 192.168.0.16 192.168.0.21 192.168.0.22 192.168.0.23 192.168.0.26 192.168.0.28 192.168.0.29 192.168.0.129 192.168.0.31 192.168.0.32 192.168.0.33 192.198.0.34 192.168.0.35 192.168.0.36 192.168.0.68 192.168.0.69 192.168.0.70 192.168.0.100 192.168.0.199 192.168.0.200 192.168.0.201 192.168.0.202 192.168.0.203 192.168.0.204 192.168.0.205 192.168.0.206 192.168.0.207 192.168.0.208 192.168.0.209 192.168.0.210 192.168.0.211 192.168.0.212 192.168.0.213 192.168.0.214 192.168.0.215 192.168.0.216 192.168.0.217 192.168.0.218 192.168.0.219 192.168.0.220 192.168.0.221 192.168.0.222 192.168.0.223 192.168.0.224 192.168.0.225 192.168.0.226 192.168.0.227 192.168.0.228 192.168.0.229 192.168.0.230 192.168.0.231 192.168.0.232 192.168.0.233 192.168.0.234 192.168.0.235 192.168.0.236 192.168.0.237 192.168.0.238 192.168.0.239 182.168.0.240 192.168.0.241 192.168.0.242 192.168.0.243 192.168.0.244 192.168.0.245 192.168.0.246 192.168.0.247 192.168.0.248 192.168.0.249 192.168.0.250 192.168.0.251 192.168.0.252 192.168.0.253 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl emule1 port 49170 acl emule2 port 49200 acl emule3 port 25161 acl emule4 port 25170 acl gnutella1 port 6346 acl gnutella2 port 6349 acl torrent1 port 16093 acl torrent2 port 16000 acl CONNECT method CONNECT acl blockedsites url_regex -i "/etc/squid/regras/block" acl unblockedsites url_regex -i "/etc/squid/regras/permit" acl lunchtimesites url_regex -i "/etc/squid/regras/almoco" http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny emule1 http_access deny emule2 http_access deny gnutella1 http_access deny gnutella2 http_access deny torrent1 !info http_access deny torrent2 !info http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow info http_access deny blockedsites !unblockedsites !luciano !info http_access deny lunchtimesites !almoco !luciano !info !hans !gabriel http_access allow netip http_access deny youtube http_access deny parperfeito http_access deny flogao http_access deny gigafoto http_access deny fotolog http_access deny blogger http_access deny mypage http_access deny myflog http_access deny blockproxy http_access deny images3 http_access deny playboy http_access deny sexy http_access deny sexyuol http_access deny sexyclube http_access deny sexyig http_access deny chaterra http_access deny chatuol http_access deny tufos http_access deny sexo http_access deny prx http_access deny orkut2 http_access deny iporkut http_access deny meebo http_access deny live !hans !info !luciano http_access deny msn !hans !info !luciano http_access deny msn2 !hans !info !luciano #http_access deny arquivos !hans !info !luciano http_access allow rede_interna !blockedip !joseantonio !oficina http_access deny oficina http_access deny joseantonio http_access deny blockedip http_access deny all http_reply_access allow all httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on icp_access allow all visible_hostname proxy logfile_rotate 7 #error_directory /usr/local/squid/share/errors/Portuguese coredump_dir /var/cache/squid #log_fqdn on
Lendo esse arquivo, achei algumas coisas estranhas, e mudei algumas coisas... Abaixo o squid.conf agora... hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? http_port 3128 cache_mem 64 MB cache_swap_low 95 cache_swap_high 98 maximum_object_size 16384 KB maximum_object_size_in_memory 20 KB cache_access_log /var/log/squid/access.log cache_dir ufs /var/cache/squid 300000 64 128 ftp_user Squid@ ftp_passive on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 acl all src 0.0.0.0/0.0.0.0 acl rede_interna src 192.168.0.0/24 #delay_pools 1 #delay_class 1 1 #delay_parameters 1 43750/43750 #delay_access 1 allow rede_interna acl usuario1 src 192.168.0.26 acl usuario2 src 192.168.0.38 acl info src 192.168.0.240 192.168.0.24 acl usuario3 src 192.168.0.33 acl usuario4 src 192.168.0.129 acl usuario5 src 192.168.0.16 acl blockedip src 192.168.0.3 acl almoco time MTWHF 12:00-13:00 acl msn url_regex gateway.dll acl live url_regex login.live.com acl msn2 url_regex loginnet.passport.com acl arquivos url_regex .mp3 .wav .wmv .mpg .mpeg .avi .flv .scr .pif .vbs acl prx url_regex proxy acl meebo url_regex meebo.com acl orkut url_regex http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F acl orkut2 url_regex https://www.orkut.com acl playboy url_regex playboy.abril.com.br acl sexy url_regex sexy.com.br acl sexyuol url_regex uol.com.br/sexy acl sexyclube url_regex sexyclube.com.br acl sexyig url_regex sexyclube.ig.com.br acl youtube url_regex youtube.com acl chaterra url_regex chat.terra.com.br acl parperfeito url_regex parperfeito.com.br acl flogao url_regex flogao.com.br acl gigafoto url_regex gigafoto.com.br acl fotolog url_regex fotolog.net acl fotolist url_regex fotolist.com.br acl blogger url_regex blogger.com.br acl mypage url_regex mypage.com.br acl myflog url_regex myflog.com.br acl images3 url_regex images3.orkut.com acl chatuol url_regex tc.batepapo.uol.com.br acl tufos url_regex tufos.com.br acl sexo url_regex sexo.com.br acl iporkut url_regex 72.14.209.87 acl blockproxy url_regex proxy acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl emule1 port 49170 acl emule2 port 49200 acl emule3 port 25161 acl emule4 port 25170 acl gnutella1 port 6346 acl gnutella2 port 6349 acl torrent1 port 16093 acl torrent2 port 16000 acl CONNECT method CONNECT acl blockedsites url_regex -i "/etc/squid/regras/block" acl unblockedsites url_regex -i "/etc/squid/regras/permit" acl lunchtimesites url_regex -i "/etc/squid/regras/almoco" http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny emule1 http_access deny emule2 http_access deny gnutella1 http_access deny gnutella2 http_access deny torrent1 !info http_access deny torrent2 !info http_access deny CONNECT !SSL_ports http_access allow localhost http_access allow info http_access deny blockedsites !unblockedsites !usuario2 !info http_access deny lunchtimesites !almoco !usuario2 !info !usuario1 !usuario3 http_access deny youtube http_access deny parperfeito http_access deny flogao http_access deny gigafoto http_access deny fotolog http_access deny blogger http_access deny mypage http_access deny myflog http_access deny blockproxy http_access deny images3 http_access deny playboy http_access deny sexy http_access deny sexyuol http_access deny sexyclube http_access deny sexyig http_access deny chaterra http_access deny chatuol http_access deny tufos http_access deny sexo http_access deny prx http_access deny orkut2 http_access deny iporkut http_access deny meebo http_access deny live !usuario1 !info !usuario2 http_access deny msn !usuario1 !info !usuario2 http_access deny msn2 !usuario1 !info !usuario2 #http_access deny arquivos !usuario1 !info !usuario2 http_access deny usuario5 http_access deny usuario4 http_access deny blockedip http_access allow rede_interna !blockedip !usuario4 !usuario5 http_access deny all http_reply_access allow all httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on icp_access allow all visible_hostname proxy logfile_rotate 7 #error_directory /usr/local/squid/share/errors/Portuguese coredump_dir /var/cache/squid #log_fqdn on Dugestões de melhora? PS: Pequei esse squid.conf pronto de um servidor rodando... esse servidor um amigo meu instalou e pe passou pra ter como base, ams mexi praticamente nada com o .conf... só criei algumas ACLs de usuários específicos... Em 21/08/08, Marcelo Zola <[EMAIL PROTECTED]> escreveu: > > A teoria esta certra, mas se puder mandar o .conf, talvez possamos ter > uma visão melhor, pra te ajudar. > > > > Abs. > > > ------------------------------ > > *De:* [email protected] [mailto:[EMAIL PROTECTED] *Em > nome de *Leonardo souza > *Enviada em:* quinta-feira, 21 de agosto de 2008 08:52 > *Para:* [email protected] > *Assunto:* Re: [squid-br] Bloqueio nao tá funcionando... > > > > Thiago > > No meu caso estou suando sem -i, nào sei ao certo qualquer seria a > diferença > > > > acl url_proibidas url_regex "/etc/squid/url_proibidas" > > > > dentro do arquivo que está no meu, so tem palavras e o nível de acesso a > esse arquivo é esta. > > -rw-r--r-- > > > > verfica ai e manda uma resposta pra gente. > > > > LEonardo Souza > > 2008/8/21 Thiago Rocha <[EMAIL PROTECTED]> > > Bom dia a todos! > > > > Tenho um Fedora Core 3 com Squid 2.6 rodando aqui. > > > > Criei uma ACL chamada blockedsites, contendo em um arquivo os nomes que, > caso apareçam no endereço do site, não deixe que o usuário abra. > > > > > > acl blockedsites url_regex -i "/etc/squid/regras/block" > > > > Esse arquivo block tem alguns termos, entre eles a palavra blog > > > > Com essa palavra blog, todos os sites que contiverem a palavra blog no > endereço deveriam ser barrados, certo? (Claro, se usarmos um pouco abaixo no > squid.conf a linha http_access deny blockedsites) > > > > Isso tá certo? > > > > Caso esteja, o que pode estar fazendo com que isso não aconteça? > > -- > []'s > Thiago Rocha > Jarinu - SP > > > > > > No virus found in this incoming message. > Checked by AVG. > Version: 7.5.524 / Virus Database: 270.6.6/1623 - Release Date: 20/8/2008 > 08:12 > > No virus found in this outgoing message. > Checked by AVG. > Version: 7.5.524 / Virus Database: 270.6.6/1623 - Release Date: 20/8/2008 > 08:12 > -- []'s Thiago Rocha Jarinu - SP
