Bom dia a todos Meu squid não está bloqueando site algum do meu blacklist.
Já tentei incluir uma ACL de ums ite específico (usando url_regex e urlpath_regex) e nada. O log funciona, tudo normal. Abaixo meu squid.conf ****************************************** hierarchy_stoplist cgi-bin ? http_port 3128 cache_mem 64 MB cache_swap_low 95 cache_swap_high 98 maximum_object_size 16384 KB maximum_object_size_in_memory 20 KB cache_access_log /var/log/squid/access.log cache_dir ufs /var/cache/squid 300000 64 128 ftp_user Squid@ ftp_passive on refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 #delay_pools 1 #delay_class 1 1 #delay_parameters 1 43750/43750 #delay_access 1 allow rede_interna client_netmask 255.255.255.0 acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl rede_interna src 192.168.0.0/24 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT acl QUERY urlpath_regex cgi-bin \? acl almoco time MTWHF 12:00-13:00 acl arquivos url_regex \.mp3 \.wav \.wmv \.mpg \.mpeg \.avi \.flv \.scr \.pif \.vbs acl blockedsites urlpath_regex -i "/etc/squid/regras/block" acl unblockedsites urlpath_regex -i "/etc/squid/regras/permit" acl lunchtimesites urlpath_regex -i "/etc/squid/regras/almoco" acl diretoria src 192.168.0.26 acl subgerente src 192.168.0.38 acl info src 192.168.0.24 acl gerente src 192.168.0.33 acl oficina src 192.168.0.16 acl torrent1 port 16093 acl torrent2 port 16000 http_access allow rede_interna !oficina http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access deny to_localhost http_access allow info http_access deny torrent1 !info http_access deny torrent2 !info http_access deny arquivos !diretoria !info !subgerente http_access deny oficina http_access deny lunchtimesites !almoco !subgerente !diretoria !gerente http_access deny blockedsites !unblockedsites !subgerente !info !diretoria http_access deny all http_reply_access allow all httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on icp_access allow all visible_hostname proxy logfile_rotate 7 #error_directory /usr/local/squid/share/errors/Portuguese coredump_dir /var/cache/squid #log_fqdn on ********************************************** Se eu tirar o http_access allow rede_interna ele só libera net pros grupos info, diretoria, gerente e subgerente. Se eu voltar ele, mesmo retirando o !oficina, ele libera acesso pra todo mundo, e ignora meu blacklist. Sugestões? PS: Uso Fedora3 -- []'s Thiago Rocha Jarinu - SP
