Bom dia, irei dar uma sugestão. Você poderia por esses sites todos dentro
de um so arquivo, e fazer a acl, Outra sugestão para um filtro de conteúdo
é o dansguardian, estou usando ele e olha so tem me dado alegria. Espero
ter ajudado.

Att,
Maiquel

2008/8/21 Thiago Rocha <[EMAIL PROTECTED]>

>   Abaixo meu squid.conf
>
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> http_port 3128
> cache_mem 64 MB
> cache_swap_low 95
> cache_swap_high 98
> maximum_object_size 16384 KB
> maximum_object_size_in_memory 20 KB
> cache_access_log /var/log/squid/access.log
> cache_dir ufs /var/cache/squid 300000 64 128
> ftp_user Squid@
> ftp_passive on
> refresh_pattern ^ftp:  1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern .  0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl rede_interna src 192.168.0.0/24
> #delay_pools 1
> #delay_class 1 1
> #delay_parameters 1 43750/43750
> #delay_access 1 allow rede_interna
> acl hans src 192.168.0.26
> acl luciano src 192.168.0.38
> acl info src 192.168.0.2 192.168.0.240 192.168.0.24
> acl gabriel src 192.168.0.33
> acl joseantonio src 192.168.0.129
> acl oficina src 192.168.0.16
> acl blockedip src 192.168.0.3
> acl almoco time MTWHF 12:00-13:00
> acl msn url_regex gateway.dll
> acl live url_regex login.live.com
> acl msn2 url_regex loginnet.passport.com
> acl arquivos url_regex .mp3 .wav .wmv .mpg .mpeg .avi .flv .scr .pif .vbs
> acl prx url_regex proxy
> acl meebo url_regex meebo.com
> acl orkut url_regex
> http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F
> acl orkut2 url_regex https://www.orkut.com
> acl playboy url_regex playboy.abril.com.br
> acl sexy url_regex sexy.com.br
> acl sexyuol url_regex uol.com.br/sexy
> acl sexyclube url_regex sexyclube.com.br
> acl sexyig url_regex sexyclube.ig.com.br
> acl youtube url_regex youtube.com
> acl chaterra url_regex chat.terra.com.br
> acl parperfeito url_regex parperfeito.com.br
> acl flogao url_regex flogao.com.br
> acl gigafoto url_regex gigafoto.com.br
> acl fotolog url_regex fotolog.net
> acl fotolist url_regex fotolist.com.br
> acl blogger url_regex blogger.com.br
> acl mypage url_regex mypage.com.br
> acl myflog url_regex myflog.com.br
> acl images3 url_regex images3.orkut.com
> acl chatuol url_regex tc.batepapo.uol.com.br
> acl tufos url_regex tufos.com.br
> acl sexo url_regex sexo.com.br
> acl iporkut url_regex 72.14.209.87
> acl blockproxy url_regex proxy
> acl netip src 192.168.0.16 192.168.0.21 192.168.0.22 192.168.0.23
> 192.168.0.26 192.168.0.28 192.168.0.29 192.168.0.129 192.168.0.31
> 192.168.0.32 192.168.0.33 192.198.0.34 192.168.0.35 192.168.0.36
> 192.168.0.68 192.168.0.69 192.168.0.70 192.168.0.100 192.168.0.199
> 192.168.0.200 192.168.0.201 192.168.0.202 192.168.0.203 192.168.0.204
> 192.168.0.205 192.168.0.206 192.168.0.207 192.168.0.208 192.168.0.209
> 192.168.0.210 192.168.0.211 192.168.0.212 192.168.0.213 192.168.0.214
> 192.168.0.215 192.168.0.216 192.168.0.217 192.168.0.218 192.168.0.219
> 192.168.0.220 192.168.0.221 192.168.0.222 192.168.0.223 192.168.0.224
> 192.168.0.225 192.168.0.226 192.168.0.227 192.168.0.228 192.168.0.229
> 192.168.0.230 192.168.0.231 192.168.0.232 192.168.0.233 192.168.0.234
> 192.168.0.235 192.168.0.236 192.168.0.237 192.168.0.238 192.168.0.239
> 182.168.0.240 192.168.0.241 192.168.0.242 192.168.0.243 192.168.0.244
> 192.168.0.245 192.168.0.246 192.168.0.247 192.168.0.248 192.168.0.249
> 192.168.0.250 192.168.0.251 192.168.0.252 192.168.0.253
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80  # http
> acl Safe_ports port 21  # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70  # gopher
> acl Safe_ports port 210  # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280  # http-mgmt
> acl Safe_ports port 488  # gss-http
> acl Safe_ports port 591  # filemaker
> acl Safe_ports port 777  # multiling http
> acl emule1 port 49170
> acl emule2 port 49200
> acl emule3 port 25161
> acl emule4 port 25170
> acl gnutella1 port 6346
> acl gnutella2 port 6349
> acl torrent1 port 16093
> acl torrent2 port 16000
> acl CONNECT method CONNECT
> acl blockedsites url_regex -i "/etc/squid/regras/block"
> acl unblockedsites url_regex -i "/etc/squid/regras/permit"
> acl lunchtimesites url_regex -i "/etc/squid/regras/almoco"
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny emule1
> http_access deny emule2
> http_access deny gnutella1
> http_access deny gnutella2
> http_access deny torrent1 !info
> http_access deny torrent2 !info
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow info
> http_access deny blockedsites !unblockedsites !luciano !info
> http_access deny lunchtimesites !almoco !luciano !info !hans !gabriel
> http_access allow netip
> http_access deny youtube
> http_access deny parperfeito
> http_access deny flogao
> http_access deny gigafoto
> http_access deny fotolog
> http_access deny blogger
> http_access deny mypage
> http_access deny myflog
> http_access deny blockproxy
> http_access deny images3
> http_access deny playboy
> http_access deny sexy
> http_access deny sexyuol
> http_access deny sexyclube
> http_access deny sexyig
> http_access deny chaterra
> http_access deny chatuol
> http_access deny tufos
> http_access deny sexo
> http_access deny prx
> http_access deny orkut2
> http_access deny iporkut
> http_access deny meebo
> http_access deny live !hans !info !luciano
> http_access deny msn !hans !info !luciano
> http_access deny msn2 !hans !info !luciano
> #http_access deny arquivos !hans !info !luciano
> http_access allow rede_interna !blockedip !joseantonio !oficina
> http_access deny oficina
> http_access deny joseantonio
> http_access deny blockedip
> http_access deny all
> http_reply_access allow all
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> icp_access allow all
> visible_hostname proxy
> logfile_rotate 7
> #error_directory /usr/local/squid/share/errors/Portuguese
> coredump_dir /var/cache/squid
> #log_fqdn on
>
>
> Lendo esse arquivo, achei algumas coisas estranhas, e mudei algumas
> coisas...
>
> Abaixo o squid.conf agora...
>
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> http_port 3128
> cache_mem 64 MB
> cache_swap_low 95
> cache_swap_high 98
> maximum_object_size 16384 KB
> maximum_object_size_in_memory 20 KB
> cache_access_log /var/log/squid/access.log
> cache_dir ufs /var/cache/squid 300000 64 128
> ftp_user Squid@
> ftp_passive on
> refresh_pattern ^ftp:  1440 20% 10080
> refresh_pattern ^gopher: 1440 0% 1440
> refresh_pattern .  0 20% 4320
> acl all src 0.0.0.0/0.0.0.0
> acl rede_interna src 192.168.0.0/24
> #delay_pools 1
> #delay_class 1 1
> #delay_parameters 1 43750/43750
> #delay_access 1 allow rede_interna
> acl usuario1 src 192.168.0.26
> acl usuario2 src 192.168.0.38
> acl info src 192.168.0.240 192.168.0.24
> acl usuario3 src 192.168.0.33
> acl usuario4 src 192.168.0.129
> acl usuario5 src 192.168.0.16
> acl blockedip src 192.168.0.3
> acl almoco time MTWHF 12:00-13:00
> acl msn url_regex gateway.dll
> acl live url_regex login.live.com
> acl msn2 url_regex loginnet.passport.com
> acl arquivos url_regex .mp3 .wav .wmv .mpg .mpeg .avi .flv .scr .pif .vbs
> acl prx url_regex proxy
> acl meebo url_regex meebo.com
> acl orkut url_regex
> http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F
> acl orkut2 url_regex https://www.orkut.com
> acl playboy url_regex playboy.abril.com.br
> acl sexy url_regex sexy.com.br
> acl sexyuol url_regex uol.com.br/sexy
> acl sexyclube url_regex sexyclube.com.br
> acl sexyig url_regex sexyclube.ig.com.br
> acl youtube url_regex youtube.com
> acl chaterra url_regex chat.terra.com.br
> acl parperfeito url_regex parperfeito.com.br
> acl flogao url_regex flogao.com.br
> acl gigafoto url_regex gigafoto.com.br
> acl fotolog url_regex fotolog.net
> acl fotolist url_regex fotolist.com.br
> acl blogger url_regex blogger.com.br
> acl mypage url_regex mypage.com.br
> acl myflog url_regex myflog.com.br
> acl images3 url_regex images3.orkut.com
> acl chatuol url_regex tc.batepapo.uol.com.br
> acl tufos url_regex tufos.com.br
> acl sexo url_regex sexo.com.br
> acl iporkut url_regex 72.14.209.87
> acl blockproxy url_regex proxy
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl Safe_ports port 80  # http
> acl Safe_ports port 21  # ftp
> acl Safe_ports port 443 563 # https, snews
> acl Safe_ports port 70  # gopher
> acl Safe_ports port 210  # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280  # http-mgmt
> acl Safe_ports port 488  # gss-http
> acl Safe_ports port 591  # filemaker
> acl Safe_ports port 777  # multiling http
> acl emule1 port 49170
> acl emule2 port 49200
> acl emule3 port 25161
> acl emule4 port 25170
> acl gnutella1 port 6346
> acl gnutella2 port 6349
> acl torrent1 port 16093
> acl torrent2 port 16000
> acl CONNECT method CONNECT
> acl blockedsites url_regex -i "/etc/squid/regras/block"
> acl unblockedsites url_regex -i "/etc/squid/regras/permit"
> acl lunchtimesites url_regex -i "/etc/squid/regras/almoco"
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny emule1
> http_access deny emule2
> http_access deny gnutella1
> http_access deny gnutella2
> http_access deny torrent1 !info
> http_access deny torrent2 !info
> http_access deny CONNECT !SSL_ports
> http_access allow localhost
> http_access allow info
> http_access deny blockedsites !unblockedsites !usuario2 !info
> http_access deny lunchtimesites !almoco !usuario2 !info !usuario1 !usuario3
> http_access deny youtube
> http_access deny parperfeito
> http_access deny flogao
> http_access deny gigafoto
> http_access deny fotolog
> http_access deny blogger
> http_access deny mypage
> http_access deny myflog
> http_access deny blockproxy
> http_access deny images3
> http_access deny playboy
> http_access deny sexy
> http_access deny sexyuol
> http_access deny sexyclube
> http_access deny sexyig
> http_access deny chaterra
> http_access deny chatuol
> http_access deny tufos
> http_access deny sexo
> http_access deny prx
> http_access deny orkut2
> http_access deny iporkut
> http_access deny meebo
> http_access deny live !usuario1 !info !usuario2
> http_access deny msn !usuario1 !info !usuario2
> http_access deny msn2 !usuario1 !info !usuario2
> #http_access deny arquivos !usuario1 !info !usuario2
> http_access deny usuario5
> http_access deny usuario4
> http_access deny blockedip
> http_access allow rede_interna !blockedip !usuario4 !usuario5
> http_access deny all
> http_reply_access allow all
> httpd_accel_host virtual
> httpd_accel_port 80
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> icp_access allow all
> visible_hostname proxy
> logfile_rotate 7
> #error_directory /usr/local/squid/share/errors/Portuguese
> coredump_dir /var/cache/squid
> #log_fqdn on
>
>
> Dugestões de melhora?
>
> PS: Pequei esse squid.conf pronto de um servidor rodando... esse servidor
> um amigo meu instalou e pe passou pra ter como base, ams mexi praticamente
> nada com o .conf... só criei algumas ACLs de usuários específicos...
>
>
>
>
> Em 21/08/08, Marcelo Zola <[EMAIL PROTECTED]> escreveu:
>>
>>  A teoria esta certra, mas se puder mandar o .conf, talvez possamos ter
>> uma visão melhor, pra te ajudar.
>>
>>
>>
>> Abs.
>>
>>
>>  ------------------------------
>>
>> *De:* [email protected] [mailto:[EMAIL PROTECTED] *Em
>> nome de *Leonardo souza
>> *Enviada em:* quinta-feira, 21 de agosto de 2008 08:52
>> *Para:* [email protected]
>> *Assunto:* Re: [squid-br] Bloqueio nao tá funcionando...
>>
>>
>>
>> Thiago
>>
>>  No meu caso estou suando sem -i, nào sei ao certo qualquer seria a
>> diferença
>>
>>
>>
>> acl url_proibidas url_regex "/etc/squid/url_proibidas"
>>
>>
>>
>> dentro do arquivo que está no meu, so tem palavras e o nível de acesso a
>> esse arquivo é esta.
>>
>> -rw-r--r--
>>
>>
>>
>> verfica ai e manda uma resposta pra gente.
>>
>>
>>
>> LEonardo Souza
>>
>> 2008/8/21 Thiago Rocha <[EMAIL PROTECTED]>
>>
>> Bom dia a todos!
>>
>>
>>
>> Tenho um Fedora Core 3 com Squid 2.6 rodando aqui.
>>
>>
>>
>> Criei uma ACL chamada blockedsites, contendo em um arquivo os nomes que,
>> caso apareçam no endereço do site, não deixe que o usuário abra.
>>
>>
>>
>>
>>
>> acl blockedsites url_regex -i "/etc/squid/regras/block"
>>
>>
>>
>> Esse arquivo block tem alguns termos, entre eles a palavra blog
>>
>>
>>
>> Com essa palavra blog, todos os sites que contiverem a palavra blog no
>> endereço deveriam ser barrados, certo? (Claro, se usarmos um pouco abaixo no
>> squid.conf a linha http_access deny blockedsites)
>>
>>
>>
>> Isso tá certo?
>>
>>
>>
>> Caso esteja, o que pode estar fazendo com que isso não aconteça?
>>
>> --
>> []'s
>> Thiago Rocha
>> Jarinu - SP
>>
>>
>>
>>
>> No virus found in this incoming message.
>> Checked by AVG.
>> Version: 7.5.524 / Virus Database: 270.6.6/1623 - Release Date: 20/8/2008
>> 08:12
>>
>> No virus found in this outgoing message.
>> Checked by AVG.
>> Version: 7.5.524 / Virus Database: 270.6.6/1623 - Release Date: 20/8/2008
>> 08:12
>>
>
>
>
> --
> []'s
> Thiago Rocha
> Jarinu - SP
> 
>



-- 

www.prognus.com.br
.~.
/ v \ Seja Livre, use GNU/Linux!
/( )\
^^-^^

Responder a