Então Rafael Táva url_regex antes.
Pra usar dstdomain tem que ter dentro do arquivo coisas do tipo youtube.com playboy.abril.com e assim vai? Se eu deixar só youtube playboy ele Não funciona, né? []s Thiago Rocha 2009/2/11 Rafael C. Silva <[email protected]> > Usa assim: > > > > Por palavra: > > acl blockedsites url_regex -i "/etc/squid/regras/block" > acl unblockedsites url_regex -i "/etc/squid/regras/permit" > acl lunchtimesites url_regex -i "/etc/squid/regras/almoco" > > > > ou por dominio > > > > acl blockedsites dstdomain -i "/etc/squid/regras/block" > acl unblockedsites dstdomain -i "/etc/squid/regras/permit" > acl lunchtimesites dstdomain -i "/etc/squid/regras/almoco" > > > > > > > > *De:* [email protected] [mailto:[email protected]] *Em > nome de *Thiago Rocha > *Enviada em:* quarta-feira, 11 de fevereiro de 2009 11:51 > *Para:* [email protected] > *Assunto:* [squid-br] Squid não bloqueia sites > > > > Bom dia a todos > > > > Meu squid não está bloqueando site algum do meu blacklist. > > > > Já tentei incluir uma ACL de ums ite específico (usando url_regex e > urlpath_regex) e nada. > > > > O log funciona, tudo normal. > > > > Abaixo meu squid.conf > > > > ****************************************** > > hierarchy_stoplist cgi-bin ? > http_port 3128 > cache_mem 64 MB > cache_swap_low 95 > cache_swap_high 98 > maximum_object_size 16384 KB > maximum_object_size_in_memory 20 KB > cache_access_log /var/log/squid/access.log > cache_dir ufs /var/cache/squid 300000 64 128 > ftp_user Squid@ > ftp_passive on > refresh_pattern ^ftp: 1440 20% 10080 > refresh_pattern ^gopher: 1440 0% 1440 > refresh_pattern . 0 20% 4320 > #delay_pools 1 > #delay_class 1 1 > #delay_parameters 1 43750/43750 > #delay_access 1 allow rede_interna > client_netmask 255.255.255.0 > acl all src 0.0.0.0/0.0.0.0 > acl manager proto cache_object > acl localhost src 127.0.0.1/255.255.255.255 > acl rede_interna src 192.168.0.0/24 > acl to_localhost dst 127.0.0.0/8 > acl SSL_ports port 443 563 > acl Safe_ports port 80 # http > acl Safe_ports port 21 # ftp > acl Safe_ports port 443 563 # https, snews > acl Safe_ports port 70 # gopher > acl Safe_ports port 210 # wais > acl Safe_ports port 1025-65535 # unregistered ports > acl Safe_ports port 280 # http-mgmt > acl Safe_ports port 488 # gss-http > acl Safe_ports port 591 # filemaker > acl Safe_ports port 777 # multiling http > acl CONNECT method CONNECT > acl QUERY urlpath_regex cgi-bin \? > acl almoco time MTWHF 12:00-13:00 > acl arquivos url_regex \.mp3 \.wav \.wmv \.mpg \.mpeg \.avi \.flv \.scr > \.pif \.vbs > acl blockedsites urlpath_regex -i "/etc/squid/regras/block" > acl unblockedsites urlpath_regex -i "/etc/squid/regras/permit" > acl lunchtimesites urlpath_regex -i "/etc/squid/regras/almoco" > acl diretoria src 192.168.0.26 > acl subgerente src 192.168.0.38 > acl info src 192.168.0.24 > acl gerente src 192.168.0.33 > acl oficina src 192.168.0.16 > acl torrent1 port 16093 > acl torrent2 port 16000 > http_access allow rede_interna !oficina > > http_access allow manager localhost > http_access deny manager > http_access deny !Safe_ports > http_access deny CONNECT !SSL_ports > http_access deny to_localhost > http_access allow info > http_access deny torrent1 !info > http_access deny torrent2 !info > http_access deny arquivos !diretoria !info !subgerente > http_access deny oficina > http_access deny lunchtimesites !almoco !subgerente !diretoria !gerente > http_access deny blockedsites !unblockedsites !subgerente !info !diretoria > http_access deny all > http_reply_access allow all > httpd_accel_host virtual > httpd_accel_port 80 > httpd_accel_with_proxy on > httpd_accel_uses_host_header on > icp_access allow all > visible_hostname proxy > logfile_rotate 7 > #error_directory /usr/local/squid/share/errors/Portuguese > coredump_dir /var/cache/squid > #log_fqdn on > > > > ********************************************** > > > > Se eu tirar o http_access allow rede_interna ele só libera net pros grupos > info, diretoria, gerente e subgerente. > > > > Se eu voltar ele, mesmo retirando o !oficina, ele libera acesso pra todo > mundo, e ignora meu blacklist. > > > > Sugestões? > > > > PS: Uso Fedora3 > > > > -- > []'s > Thiago Rocha > Jarinu - SP > > > > > -- []'s Thiago Rocha Jarinu - SP
