Bom dia, irei dar uma sugestão. Você poderia por esses sites todos dentro de um so arquivo, e fazer a acl, Outra sugestão para um filtro de conteúdo é o dansguardian, estou usando ele e olha so tem me dado alegria. Espero ter ajudado.
Att, Maiquel 2008/8/21 Thiago Rocha <[EMAIL PROTECTED]> > Abaixo meu squid.conf > > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > http_port 3128 > cache_mem 64 MB > cache_swap_low 95 > cache_swap_high 98 > maximum_object_size 16384 KB > maximum_object_size_in_memory 20 KB > cache_access_log /var/log/squid/access.log > cache_dir ufs /var/cache/squid 300000 64 128 > ftp_user Squid@ > ftp_passive on > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > acl all src 0.0.0.0/0.0.0.0 > acl rede_interna src 192.168.0.0/24 > #delay_pools 1 > #delay_class 1 1 > #delay_parameters 1 43750/43750 > #delay_access 1 allow rede_interna > acl hans src 192.168.0.26 > acl luciano src 192.168.0.38 > acl info src 192.168.0.2 192.168.0.240 192.168.0.24 > acl gabriel src 192.168.0.33 > acl joseantonio src 192.168.0.129 > acl oficina src 192.168.0.16 > acl blockedip src 192.168.0.3 > acl almoco time MTWHF 12:00-13:00 > acl msn url_regex gateway.dll > acl live url_regex login.live.com > acl msn2 url_regex loginnet.passport.com > acl arquivos url_regex .mp3 .wav .wmv .mpg .mpeg .avi .flv .scr .pif .vbs > acl prx url_regex proxy > acl meebo url_regex meebo.com > acl orkut url_regex > http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F > acl orkut2 url_regex https://www.orkut.com > acl playboy url_regex playboy.abril.com.br > acl sexy url_regex sexy.com.br > acl sexyuol url_regex uol.com.br/sexy > acl sexyclube url_regex sexyclube.com.br > acl sexyig url_regex sexyclube.ig.com.br > acl youtube url_regex youtube.com > acl chaterra url_regex chat.terra.com.br > acl parperfeito url_regex parperfeito.com.br > acl flogao url_regex flogao.com.br > acl gigafoto url_regex gigafoto.com.br > acl fotolog url_regex fotolog.net > acl fotolist url_regex fotolist.com.br > acl blogger url_regex blogger.com.br > acl mypage url_regex mypage.com.br > acl myflog url_regex myflog.com.br > acl images3 url_regex images3.orkut.com > acl chatuol url_regex tc.batepapo.uol.com.br > acl tufos url_regex tufos.com.br > acl sexo url_regex sexo.com.br > acl iporkut url_regex 72.14.209.87 > acl blockproxy url_regex proxy > acl netip src 192.168.0.16 192.168.0.21 192.168.0.22 192.168.0.23 > 192.168.0.26 192.168.0.28 192.168.0.29 192.168.0.129 192.168.0.31 > 192.168.0.32 192.168.0.33 192.198.0.34 192.168.0.35 192.168.0.36 > 192.168.0.68 192.168.0.69 192.168.0.70 192.168.0.100 192.168.0.199 > 192.168.0.200 192.168.0.201 192.168.0.202 192.168.0.203 192.168.0.204 > 192.168.0.205 192.168.0.206 192.168.0.207 192.168.0.208 192.168.0.209 > 192.168.0.210 192.168.0.211 192.168.0.212 192.168.0.213 192.168.0.214 > 192.168.0.215 192.168.0.216 192.168.0.217 192.168.0.218 192.168.0.219 > 192.168.0.220 192.168.0.221 192.168.0.222 192.168.0.223 192.168.0.224 > 192.168.0.225 192.168.0.226 192.168.0.227 192.168.0.228 192.168.0.229 > 192.168.0.230 192.168.0.231 192.168.0.232 192.168.0.233 192.168.0.234 > 192.168.0.235 192.168.0.236 192.168.0.237 192.168.0.238 192.168.0.239 > 182.168.0.240 192.168.0.241 192.168.0.242 192.168.0.243 192.168.0.244 > 192.168.0.245 192.168.0.246 192.168.0.247 192.168.0.248 192.168.0.249 > 192.168.0.250 192.168.0.251 192.168.0.252 192.168.0.253 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl emule1 port 49170 > acl emule2 port 49200 > acl emule3 port 25161 > acl emule4 port 25170 > acl gnutella1 port 6346 > acl gnutella2 port 6349 > acl torrent1 port 16093 > acl torrent2 port 16000 > acl CONNECT method CONNECT > acl blockedsites url_regex -i "/etc/squid/regras/block" > acl unblockedsites url_regex -i "/etc/squid/regras/permit" > acl lunchtimesites url_regex -i "/etc/squid/regras/almoco" > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny emule1 > http_access deny emule2 > http_access deny gnutella1 > http_access deny gnutella2 > http_access deny torrent1 !info > http_access deny torrent2 !info > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access allow info > http_access deny blockedsites !unblockedsites !luciano !info > http_access deny lunchtimesites !almoco !luciano !info !hans !gabriel > http_access allow netip > http_access deny youtube > http_access deny parperfeito > http_access deny flogao > http_access deny gigafoto > http_access deny fotolog > http_access deny blogger > http_access deny mypage > http_access deny myflog > http_access deny blockproxy > http_access deny images3 > http_access deny playboy > http_access deny sexy > http_access deny sexyuol > http_access deny sexyclube > http_access deny sexyig > http_access deny chaterra > http_access deny chatuol > http_access deny tufos > http_access deny sexo > http_access deny prx > http_access deny orkut2 > http_access deny iporkut > http_access deny meebo > http_access deny live !hans !info !luciano > http_access deny msn !hans !info !luciano > http_access deny msn2 !hans !info !luciano > #http_access deny arquivos !hans !info !luciano > http_access allow rede_interna !blockedip !joseantonio !oficina > http_access deny oficina > http_access deny joseantonio > http_access deny blockedip > http_access deny all > http_reply_access allow all > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > icp_access allow all > visible_hostname proxy > logfile_rotate 7 > #error_directory /usr/local/squid/share/errors/Portuguese > coredump_dir /var/cache/squid > #log_fqdn on > > > Lendo esse arquivo, achei algumas coisas estranhas, e mudei algumas > coisas... > > Abaixo o squid.conf agora... > > hierarchy_stoplist cgi-bin ? > acl QUERY urlpath_regex cgi-bin \? > http_port 3128 > cache_mem 64 MB > cache_swap_low 95 > cache_swap_high 98 > maximum_object_size 16384 KB > maximum_object_size_in_memory 20 KB > cache_access_log /var/log/squid/access.log > cache_dir ufs /var/cache/squid 300000 64 128 > ftp_user Squid@ > ftp_passive on > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > acl all src 0.0.0.0/0.0.0.0 > acl rede_interna src 192.168.0.0/24 > #delay_pools 1 > #delay_class 1 1 > #delay_parameters 1 43750/43750 > #delay_access 1 allow rede_interna > acl usuario1 src 192.168.0.26 > acl usuario2 src 192.168.0.38 > acl info src 192.168.0.240 192.168.0.24 > acl usuario3 src 192.168.0.33 > acl usuario4 src 192.168.0.129 > acl usuario5 src 192.168.0.16 > acl blockedip src 192.168.0.3 > acl almoco time MTWHF 12:00-13:00 > acl msn url_regex gateway.dll > acl live url_regex login.live.com > acl msn2 url_regex loginnet.passport.com > acl arquivos url_regex .mp3 .wav .wmv .mpg .mpeg .avi .flv .scr .pif .vbs > acl prx url_regex proxy > acl meebo url_regex meebo.com > acl orkut url_regex > http://www.orkut.com/GLogin.aspx?done=http%3A%2F%2Fwww.orkut.com%2F > acl orkut2 url_regex https://www.orkut.com > acl playboy url_regex playboy.abril.com.br > acl sexy url_regex sexy.com.br > acl sexyuol url_regex uol.com.br/sexy > acl sexyclube url_regex sexyclube.com.br > acl sexyig url_regex sexyclube.ig.com.br > acl youtube url_regex youtube.com > acl chaterra url_regex chat.terra.com.br > acl parperfeito url_regex parperfeito.com.br > acl flogao url_regex flogao.com.br > acl gigafoto url_regex gigafoto.com.br > acl fotolog url_regex fotolog.net > acl fotolist url_regex fotolist.com.br > acl blogger url_regex blogger.com.br > acl mypage url_regex mypage.com.br > acl myflog url_regex myflog.com.br > acl images3 url_regex images3.orkut.com > acl chatuol url_regex tc.batepapo.uol.com.br > acl tufos url_regex tufos.com.br > acl sexo url_regex sexo.com.br > acl iporkut url_regex 72.14.209.87 > acl blockproxy url_regex proxy > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl emule1 port 49170 > acl emule2 port 49200 > acl emule3 port 25161 > acl emule4 port 25170 > acl gnutella1 port 6346 > acl gnutella2 port 6349 > acl torrent1 port 16093 > acl torrent2 port 16000 > acl CONNECT method CONNECT > acl blockedsites url_regex -i "/etc/squid/regras/block" > acl unblockedsites url_regex -i "/etc/squid/regras/permit" > acl lunchtimesites url_regex -i "/etc/squid/regras/almoco" > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny emule1 > http_access deny emule2 > http_access deny gnutella1 > http_access deny gnutella2 > http_access deny torrent1 !info > http_access deny torrent2 !info > http_access deny CONNECT !SSL_ports > http_access allow localhost > http_access allow info > http_access deny blockedsites !unblockedsites !usuario2 !info > http_access deny lunchtimesites !almoco !usuario2 !info !usuario1 !usuario3 > http_access deny youtube > http_access deny parperfeito > http_access deny flogao > http_access deny gigafoto > http_access deny fotolog > http_access deny blogger > http_access deny mypage > http_access deny myflog > http_access deny blockproxy > http_access deny images3 > http_access deny playboy > http_access deny sexy > http_access deny sexyuol > http_access deny sexyclube > http_access deny sexyig > http_access deny chaterra > http_access deny chatuol > http_access deny tufos > http_access deny sexo > http_access deny prx > http_access deny orkut2 > http_access deny iporkut > http_access deny meebo > http_access deny live !usuario1 !info !usuario2 > http_access deny msn !usuario1 !info !usuario2 > http_access deny msn2 !usuario1 !info !usuario2 > #http_access deny arquivos !usuario1 !info !usuario2 > http_access deny usuario5 > http_access deny usuario4 > http_access deny blockedip > http_access allow rede_interna !blockedip !usuario4 !usuario5 > http_access deny all > http_reply_access allow all > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > icp_access allow all > visible_hostname proxy > logfile_rotate 7 > #error_directory /usr/local/squid/share/errors/Portuguese > coredump_dir /var/cache/squid > #log_fqdn on > > > Dugestões de melhora? > > PS: Pequei esse squid.conf pronto de um servidor rodando... esse servidor > um amigo meu instalou e pe passou pra ter como base, ams mexi praticamente > nada com o .conf... só criei algumas ACLs de usuários específicos... > > > > > Em 21/08/08, Marcelo Zola <[EMAIL PROTECTED]> escreveu: >> >> A teoria esta certra, mas se puder mandar o .conf, talvez possamos ter >> uma visão melhor, pra te ajudar. >> >> >> >> Abs. >> >> >> ------------------------------ >> >> *De:* [email protected] [mailto:[EMAIL PROTECTED] *Em >> nome de *Leonardo souza >> *Enviada em:* quinta-feira, 21 de agosto de 2008 08:52 >> *Para:* [email protected] >> *Assunto:* Re: [squid-br] Bloqueio nao tá funcionando... >> >> >> >> Thiago >> >> No meu caso estou suando sem -i, nào sei ao certo qualquer seria a >> diferença >> >> >> >> acl url_proibidas url_regex "/etc/squid/url_proibidas" >> >> >> >> dentro do arquivo que está no meu, so tem palavras e o nível de acesso a >> esse arquivo é esta. >> >> -rw-r--r-- >> >> >> >> verfica ai e manda uma resposta pra gente. >> >> >> >> LEonardo Souza >> >> 2008/8/21 Thiago Rocha <[EMAIL PROTECTED]> >> >> Bom dia a todos! >> >> >> >> Tenho um Fedora Core 3 com Squid 2.6 rodando aqui. >> >> >> >> Criei uma ACL chamada blockedsites, contendo em um arquivo os nomes que, >> caso apareçam no endereço do site, não deixe que o usuário abra. >> >> >> >> >> >> acl blockedsites url_regex -i "/etc/squid/regras/block" >> >> >> >> Esse arquivo block tem alguns termos, entre eles a palavra blog >> >> >> >> Com essa palavra blog, todos os sites que contiverem a palavra blog no >> endereço deveriam ser barrados, certo? (Claro, se usarmos um pouco abaixo no >> squid.conf a linha http_access deny blockedsites) >> >> >> >> Isso tá certo? >> >> >> >> Caso esteja, o que pode estar fazendo com que isso não aconteça? >> >> -- >> []'s >> Thiago Rocha >> Jarinu - SP >> >> >> >> >> No virus found in this incoming message. >> Checked by AVG. >> Version: 7.5.524 / Virus Database: 270.6.6/1623 - Release Date: 20/8/2008 >> 08:12 >> >> No virus found in this outgoing message. >> Checked by AVG. >> Version: 7.5.524 / Virus Database: 270.6.6/1623 - Release Date: 20/8/2008 >> 08:12 >> > > > > -- > []'s > Thiago Rocha > Jarinu - SP > > -- www.prognus.com.br .~. / v \ Seja Livre, use GNU/Linux! /( )\ ^^-^^
