Sistemas‎ > ‎Linux‎ > ‎

Squid

Arquivo de Proxy

( /etc/squid/squid.conf )


# yum install squid
# chmod 4755 /usr/lib64/squid/pam_auth

--------------------------------------------------------------------------------------------------------

squid.conf

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#Autenticacao de senha
auth_param basic program /usr/lib64/squid/pam_auth
auth_param basic children 5 startup=5 idle=1
auth_param basic realm Autenticacao do Proxy
auth_param basic credentialsttl 2 hours
acl senha proxy_auth REQUIRED

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# -------------------- REGRAS BASICAS -------------------- #

#Autenticacao:
#http_access deny !senha

#http_access allow localnet
#http_access allow localhost
#http_access deny all

# -------------------- REGRAS BASICAS -------------------- #

# -------------------- REGRAS -------------------- #

# - ACLs -
acl BatePapo url_regex -i "/etc/squid/acl/BatePapo"
acl BatePapoMsnLiberado url_regex -i "/etc/squid/acl/BatePapoMsnLiberado"
acl UsuariosBatePapo proxy_auth "/etc/squid/acl/UsuariosBatePapo"
acl PalavrasBloqueadas url_regex "/etc/squid/acl/PalavrasBloqueadas"
acl DownloadsGeral url_regex "/etc/squid/acl/DownloadsGeral"
acl MicroGoverno src "/etc/squid/acl/MicroGoverno"
acl MicroBanco src "/etc/squid/acl/MicroBanco"
acl DominiosLiberados url_regex "/etc/squid/acl/DominiosLiberados"
acl DominiosSemCache url_regex "/etc/squid/acl/DominiosSemCache"
acl DominiosGoverno url_regex "/etc/squid/acl/DominiosGoverno"
acl DominiosBancos url_regex "/etc/squid/acl/DominiosBancos"
acl DominiosRedesSociais url_regex "/etc/squid/acl/DominiosRedesSociais"
acl DominiosVideos url_regex "/etc/squid/acl/DominiosVideos"
acl DominiosBlog url_regex "/etc/squid/acl/DominiosBlog"
acl DominiosShareds url_regex "/etc/squid/acl/DominiosShareds"
acl UsuariosRedesSociais proxy_auth "/etc/squid/acl/UsuariosRedesSociais"
acl UsuariosVideos proxy_auth "/etc/squid/acl/UsuariosVideos"
acl UsuariosBlog proxy_auth "/etc/squid/acl/UsuariosBlog"
acl UsuariosShareds proxy_auth "/etc/squid/acl/UsuariosShareds"
acl UsuariosSuporte proxy_auth "/etc/squid/acl/UsuariosSuporte"

# - BLOQUEIOS -

# Sem cache
no_cache deny DominiosSemCache

#Libera a propria maquina
http_access allow localhost

#Liberar MSN
http_access allow BatePapoMsnLiberado

#Liberar Governo
http_access allow MicroGoverno DominiosGoverno

#Liberar Bancos
http_access allow MicroBanco DominiosBancos
http_access allow MicroBanco DominiosBancos SSL_ports

#Autenticacao:
http_access deny !senha


http_access allow DominiosRedesSociais UsuariosRedesSociais
http_access allow DominiosShareds UsuariosShareds
http_access allow DominiosVideos UsuariosVideos
http_access allow DominiosBlog UsuariosBlog

http_access allow DominiosLiberados

#Regras Bate Papo
http_access allow BatePapo SSL_ports UsuariosBatePapo
http_access allow BatePapo UsuariosBatePapo
http_access deny BatePapo

http_access deny PalavrasBloqueadas
http_access allow UsuariosSuporte
http_access deny DownloadsGeral

http_access allow localnet
http_access deny all



# -------------------- REGRAS -------------------- #

http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/spool/squid 2048 16 256
cache_mgr contato@silviogarbes.com.br
coredump_dir /var/spool/squid
error_default_language pt-br

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-no-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-no-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320


--------------------------------------------------------------------------------------------------------

# mkdir /etc/squid/acl
# touch /etc/squid/acl/BatePapo
# touch /etc/squid/acl/BatePapoMsnLiberado
# touch /etc/squid/acl/UsuariosBatePapo
# touch /etc/squid/acl/PalavrasBloqueadas
# touch /etc/squid/acl/DownloadsGeral
# touch /etc/squid/acl/MicroGoverno
# touch /etc/squid/acl/MicroBanco
# touch /etc/squid/acl/DominiosLiberados
# touch /etc/squid/acl/DominiosSemCache
# touch /etc/squid/acl/DominiosGoverno
# touch /etc/squid/acl/DominiosBancos
# touch /etc/squid/acl/DominiosRedesSociais
# touch /etc/squid/acl/DominiosVideos
# touch /etc/squid/acl/DominiosBlog
# touch /etc/squid/acl/DominiosShareds
# touch /etc/squid/acl/UsuariosRedesSociais
# touch /etc/squid/acl/UsuariosVideos
# touch /etc/squid/acl/UsuariosBlog
# touch /etc/squid/acl/UsuariosShareds
# touch /etc/squid/acl/UsuariosSuporte
# touch /etc/squid/acl/UsuariosRestritos

/etc/squid/acl/BatePapo
login.live.com

# /etc/squid/acl/BatePapoMsnLiberado
apps.skype.com

/etc/squid/acl/UsuariosBatePapo
usuario

# /etc/squid/acl/PalavrasBloqueadas
4shared

# /etc/squid/acl/DownloadsGeral
\.com$
\.bat$
\.arj$
\.pif$
\.bin$
\.cue$
\.iso$
\.mp3$
\.mpg$
\.wma$
\.wav$
\.divx$
\.scr$
\.gz$
\.tar.gz$
\.tgz$
\.tar$
\.tar.bz2$
\.tbz$
\.rar$
\.exe$
\.zip$
\.mpeg$
\.wmv$
\.avi$
\.xls$
\.doc$
\.dot$
\.xlt$
\.flv$
\.mov$
\.mar$
\.msi$
\.mid$
\.pps$
\.rmvb$
\.asf$
\.upd$

# /etc/squid/acl/MicroGoverno
192.168.1.1

# /etc/squid/acl/MicroBanco
192.168.1.1

# /etc/squid/acl/DominiosLiberados
update.avg.com

# /etc/squid/acl/DominiosSemCache
nfe.fazenda.gov.br

# /etc/squid/acl/DominiosGoverno
nfe.fazenda.gov.br

# /etc/squid/acl/DominiosBancos
caixa.gov.br

# /etc/squid/acl/DominiosRedesSociais
linkedin.com
facebook.com
facebook.net
fbcdn.net

# /etc/squid/acl/DominiosVideos
youtube.com

# /etc/squid/acl/DominiosBlog
blogspot.com

# /etc/squid/acl/DominiosShareds
4shared.com
megaupload.com
easy-share.com
recaptcha.net
sendspace.com
vimeo.com

# /etc/squid/acl/UsuariosRedesSociais
usuario

# /etc/squid/acl/UsuariosVideos
usuario

# /etc/squid/acl/UsuariosBlog
usuario

# /etc/squid/acl/UsuariosShareds
usuario

# /etc/squid/acl/UsuariosSuporte
usuario

# /etc/squid/acl/UsuariosRestritos
usuario


Comments