SQUID in SuSE 10 x64
Hello people trying to pick your mind once again.
I've set up a squid box with a quad port NIC plus 4 more single NIC's
I'm filtering internet access (Identifying by MAC address) and gave different rules.
It's working fine but have two or three questions.
0.-My most important one is how can I limit the tranfer rate and
download rate from the users in order for me to save bandwith
resources
1.-Can you analyse and see if my code is in the best way it can
2.-what suggestion can you give me reffering to security
3.-any suggestion will be helpfull
Thanks once again for your time and patience!!!!!
Code:
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl all src 0.0.0.0/0.0.0.0
acl my_server src 127.0.0.1/255.255.255.255
acl manager proto http cache_object
#USUARIOS QUE SOLO TENDRAN ACCESO A PAGINAS DE TRABAJO
acl mac_mortal_usr1 arp "/etc/squid/access/idf1/mac/mortal_usr"
acl mac_mortal_usr2 arp "/etc/squid/access/idf2/mac/mortal_usr"
acl mac_mortal_usr3 arp "/etc/squid/access/idf3/mac/mortal_usr"
acl mac_mortal_usr4 arp "/etc/squid/access/idf4/mac/mortal_usr"
acl mac_mortal_usr5 arp "/etc/squid/access/idf5/mac/mortal_usr"
acl mac_mortal_usr6 arp "/etc/squid/access/idf6/mac/mortal_usr"
acl mac_mortal_usr7 arp "/etc/squid/access/idf7/mac/mortal_usr"
#USUARIOS QUE SOLO TENDRAN ACCESO A PAGINAS EN GENERAL POR EJEMEMPLO
#LA CRONICA, ANTIVIRUS, CONSULTAS DE PRECIOS ETC. E INCLUYENDO LAS ANTERIORES
acl mac_mortal_usr1 arp "/etc/squid/access/idf1/mac/grl_usr"
acl mac_mortal_usr2 arp "/etc/squid/access/idf2/mac/grl_usr"
acl mac_mortal_usr3 arp "/etc/squid/access/idf3/mac/grl_usr"
acl mac_mortal_usr4 arp "/etc/squid/access/idf4/mac/grl_usr"
acl mac_mortal_usr5 arp "/etc/squid/access/idf5/mac/grl_usr"
acl mac_mortal_usr6 arp "/etc/squid/access/idf6/mac/grl_usr"
acl mac_mortal_usr7 arp "/etc/squid/access/idf7/mac/grl_usr"
#USUARIOS QUE TENDRAN ACCESO A PAGINAS ESPECIALES E INCLUYENDO LAS ANTERIORES
#PRO EJEMPLO GMAIL, HOTMAIL, Y UNA QUE OTRA PAGINA ESPECIAL
acl mac_mortal_usr1 arp "/etc/squid/access/idf1/mac/special_usr"
acl mac_mortal_usr2 arp "/etc/squid/access/idf2/mac/special_usr"
acl mac_mortal_usr3 arp "/etc/squid/access/idf3/mac/special_usr"
acl mac_mortal_usr4 arp "/etc/squid/access/idf4/mac/special_usr"
acl mac_mortal_usr5 arp "/etc/squid/access/idf5/mac/special_usr"
acl mac_mortal_usr6 arp "/etc/squid/access/idf6/mac/special_usr"
acl mac_mortal_usr7 arp "/etc/squid/access/idf7/mac/special_usr"
#USUARIOS QUE TENDRAN ACCESO A PAGINAS DEL MSN ETC. Y TODO LO DEMAS. CONTROLADOS POR ANCHO DE BANDA DE LA
#TARJETA DEL PROXY
acl mac_mortal_usr1 arp "/etc/squid/access/idf1/mac/super_usr"
acl mac_mortal_usr2 arp "/etc/squid/access/idf2/mac/super_usr"
acl mac_mortal_usr3 arp "/etc/squid/access/idf3/mac/super_usr"
acl mac_mortal_usr4 arp "/etc/squid/access/idf4/mac/super_usr"
acl mac_mortal_usr5 arp "/etc/squid/access/idf5/mac/super_usr"
acl mac_mortal_usr6 arp "/etc/squid/access/idf6/mac/super_usr"
acl mac_mortal_usr arp "/etc/squid/access/idf7/mac/super_usr"
acl work_web_access url_regex "/etc/squid/access/webs/work_web"
acl grl_web_access url_regex "/etc/squid/access/webs/grl_web"
acl special_web_access url_regex /etc/squid/access/webs/special_web"
acl msn_web_access url_regex "/etc/squid/access/webs/msn_web"
###################USERS FROM COMUNICATIONS ROOM 1######################################
http_access allow mac_mortal_usr1 work_web_access
http_access allow mac_grl_usr1 grl_web_access
http_access allow mac_grl_usr1 work_web_access
http_access allow mac_special_usr1 work_web_access
http_access allow mac_special_usr1 grl_web_access
http_access allow mac_special_usr1 special_web_access
http_access allow mac_super_usr1 work_web_access
http_access allow mac_super_usr1 grl_web_access
http_access allow mac_super_usr1 special_web_access
http_access allow mac_super_usr1 msn_web_access
########################################################################################
###################USERS FROM COMUNICATIONS ROOM 2######################################
http_access allow mac_mortal_usr2 work_web_access
http_access allow mac_grl_usr2 grl_web_access
http_access allow mac_grl_usr2 work_web_access
http_access allow mac_special_usr2 work_web_access
http_access allow mac_special_usr2 grl_web_access
http_access allow mac_special_usr2 special_web_access
http_access allow mac_super_usr2 work_web_access
http_access allow mac_super_usr2 grl_web_access
http_access allow mac_super_usr2 special_web_access
http_access allow mac_super_usr2 msn_web_access
########################################################################################
###################USERS FROM COMUNICATIONS ROOM 3######################################
http_access allow mac_mortal_usr3 work_web_access
http_access allow mac_grl_usr3 grl_web_access
http_access allow mac_grl_usr3 work_web_access
http_access allow mac_special_usr3 work_web_access
http_access allow mac_special_usr3 grl_web_access
http_access allow mac_special_usr3 special_web_access
http_access allow mac_super_usr3 work_web_access
http_access allow mac_super_usr3 grl_web_access
http_access allow mac_super_usr3 special_web_access
http_access allow mac_super_usr3 msn_web_access
###################USERS FROM COMUNICATIONS ROOM 4######################################
http_access allow mac_mortal_usr4 work_web_access
http_access allow mac_grl_usr4 grl_web_access
http_access allow mac_grl_usr4 work_web_access
http_access allow mac_special_usr4 work_web_access
http_access allow mac_special_usr4 grl_web_access
http_access allow mac_special_usr4 special_web_access
http_access allow mac_super_usr4 work_web_access
http_access allow mac_super_usr4 grl_web_access
http_access allow mac_super_usr4 special_web_access
http_access allow mac_super_usr4 msn_web_access
########################################################################################
###################USERS FROM COMUNICATIONS ROOM 5######################################
http_access allow mac_mortal_usr5 work_web_access
http_access allow mac_grl_usr5 grl_web_access
http_access allow mac_grl_usr5 work_web_access
http_access allow mac_special_usr5 work_web_access
http_access allow mac_special_usr5 grl_web_access
http_access allow mac_special_usr5 special_web_access
http_access allow mac_super_usr5 work_web_access
http_access allow mac_super_usr5 grl_web_access
http_access allow mac_super_usr5 special_web_access
http_access allow mac_super_usr5 msn_web_access
########################################################################################
###################USERS FROM COMUNICATIONS ROOM 6######################################
http_access allow mac_mortal_usr6 work_web_access
http_access allow mac_grl_usr6 grl_web_access
http_access allow mac_grl_usr6 work_web_access
http_access allow mac_special_usr6 work_web_access
http_access allow mac_special_usr6 grl_web_access
http_access allow mac_special_usr6 special_web_access
http_access allow mac_super_usr6 work_web_access
http_access allow mac_super_usr6 grl_web_access
http_access allow mac_super_usr6 special_web_access
http_access allow mac_super_usr6 msn_web_access
########################################################################################
###################USERS FROM COMUNICATIONS ROOM 7######################################
http_access allow mac_mortal_usr7 work_web_access
http_access allow mac_grl_usr7 grl_web_access
http_access allow mac_grl_usr7 work_web_access
http_access allow mac_special_usr7 work_web_access
http_access allow mac_special_usr7 grl_web_access
http_access allow mac_special_usr7 special_web_access
http_access allow mac_super_usr7 work_web_access
http_access allow mac_super_usr7 grl_web_access
http_access allow mac_super_usr7 special_web_access
http_access allow mac_super_usr7 msn_web_access
#########################################################################################
http_access allow my_server
http_reply_access allow all
http_access deny all
icp_access allow my_server
icp_access allow mac_mortal_usr3
icp_access allow work_web_access
icp_access allow mac_grl_usr3
icp_access allow grl_web_access
icp_access allow mac_special_usr3
icp_access allow special_web_access
icp_access allow mac_super_usr3
icp_access allow msn_web_access
icp_access deny all
http_port x.x.x.x:8080
http_port x.x.x.x:3128
icp_port 0
cache_mem 512 MB
cache_dir ufs /var/cache/squid 800 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
visible_hostname my_server
ident_lookup_access allow QUERY all mexproxy01 manager work_web_access mac_mortal_usr1 mac_mortal_usr2 mac_mortal_usr3 mac_mortal_usr4 mac_mortal_usr5 mac_mortal_usr6 mac_mortal_usr7 mac_grl_usr1 mac_grl_usr2 mac_grl_usr3 mac_grl_usr4 mac_grl_usr5 mac_grl_usr6 mac_grl_usr7 grl_web_access special_web_access mac_special_usr1 mac_special_usr2 mac_special_usr3 mac_special_usr4 mac_special_usr5 mac_special_usr6 mac_special_usr7 msn_web_access mac_super_usr1 mac_super_usr2 mac_super_usr3 mac_super_usr4 mac_super_usr5 mac_super_usr6 mac_super_usr7
tcp_outgoing_address x.x.x.x
delay_pools 0
httpd_accel_with_proxy on
httpd_accel_port 80
httpd_accel_uses_host_header on
cache_effective_user squid
cache_effective_group nogroup
#############END####################
Last edited by AQG; 01-11-2007 at 01:16 PM.
|