ACLS
Good morning everyone!
I have a situation, here in the office, which is as follows: I have some files allocated in the folder: /etc/squid/rules/ And I add computers with fullAcess to acess web, according to the rules. Just one example: /etc/squid/rules/enable_for_macadress.txt Before it was working normally. Now, when I do, work fine but after a few minutes, It returns with an earlier setting. Already used vim, vi, etc. With all as options: x! Wq !, Etc. and soon in: squid -k reconfigure Even webmin itself happens this event. I've recreated all the files, and it did not work. Any help? > df -h Filesystem Size Used Avail Use% Mounted on /dev/md1 9.5G 577M 8.5G 7% / tmpfs 1.9G 144K 1.9G 1% /dev/shm /dev/md0 190M 70M 110M 39% /boot /dev/md2 9.5G 1.3G 7.8G 15% /usr /dev/md3 24G 12G 13G 49% /var /dev/md5 405G 41G 344G 11% /var/spool /dev/sda6 9.5G 5.5G 3.6G 61% /var/squid1 /dev/sdb6 9.5G 5.5G 3.6G 61% /var/squid2 |
Quote:
Are these computers on a different subnet then a squid box? |
Did you recently change versions of squid?
|
Quote:
My squid.conf # # Squid normally listens to port 3128 http_port 3128 http_port 4040 transparent # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /var/squid1 6144 16 512 cache_dir ufs /var/squid2 6144 16 512 cache_mem 512 MB acl aeon src 177.19.158.163 # Leave coredumps in the first cache dir coredump_dir /var/squid acl manager proto cache_object acl webserver src 192.168.1.1 127.0.0.1 http_access allow manager webserver http_access deny manager visible_hostname SIRIUS # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl manager proto cache_object acl localhost src 127.0.0.1/32 ::1 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 :: 1 # Example rule allowing access from your local networks. # IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet2 src 192.168.1.0/24 # RFC1918 possible internal network acl tolocalnet2 dst 192.168.1.0/24 # RFC1918 possible internal network acl SSL_ports port 443 563 acl SSL_ports port 9443 acl Safe_ports port 80 88 8080 20 7878 # http acl Safe_ports port 1863 # msn acl Safe_ports port 21 20 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8530 # Serviço WSUS Microsoft acl Safe_ports port 5024 # Software Banco Central acl Safe_ports port 3007 # multiling http acl Safe_ports port 3456 # multiling http acl Safe_ports port 2631 # multiling http acl Safe_ports port 445 # Java acl Safe_ports port 403 3607 3613 # Vimeo acl Safe_ports port 90 # COAD acl CONNECT method CONNECT # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # acl site_ok dstdomain "/etc/squid/rules/ok_sites.txt" acl word_site_ok url_regex -i "/etc/squid/rules/ok_sites.txt" http_access allow site_ok http_access allow word_site_ok http_access allow SSL_ports Safe_ports site_ok acl secretaria_diretoria arp 40:8d:5c:c0:e5:5f http_access allow secretaria_diretoria http_access allow SSL_ports secretaria_diretoria http_access allow Safe_ports secretaria_diretoria acl libera_por_mac arp "/etc/squid/rules/libera_por_mac.txt" http_access allow libera_por_mac acl gmail dstdomain .gmail.com acl fazenda url_regex .fazenda.rj.gov.br acl gov dstdomain .gov.com .gov.com.br .gov.br acl captcha url_regex recaptcha acl bancos dstdomain "/etc/squid/rules/bancos.txt" acl GD dstdomain drive.google.com acl docs dstdomain docs.google.com acl domains_bloq dstdomain -i "/etc/squid/rules/domains" acl dst_ip_bloq dst "/etc/squid/rules/dst_bloq" acl words_bloq url_regex -i "/etc/squid/rules/words" acl block_text url_regex -i "/etc/squid/rules/block_text.txt" acl block_site dstdomain "/etc/squid/rules/block_sites.txt" ### RESTRIÇÃO POR HORÁRIOS GLPI 2016080223 acl excep_hora dstdomain "/etc/squid/rules/libera_hr_almoco.txt" acl timealmoco_acl time M T W H F 12:00-12:59 http_access deny gmail http_access allow fazenda http_access allow captcha no_cache deny gov http_access allow gov http_access allow bancos http_access allow excep_hora timealmoco_acl http_access allow GD http_access allow docs http_access allow tolocalnet2 # POLÍTICAS DE BLOQUEIO error_directory /etc/squid/err_page deny_info acessonegado.html all deny_info acessonegado.html domains_bloq !bancos !gov http_access deny domains_bloq !bancos !gov deny_info acessonegado.html dst_ip_bloq http_access deny dst_ip_bloq deny_info acessonegado.html words_bloq !bancos !gov http_access deny words_bloq !bancos !gov deny_info acessonegado.html block_text http_access deny block_text deny_info acessonegado.html block_site http_access deny block_site acl dst_peixeurbano dstdomain .peixeurbano.com.br acl src_peixeurbano src 192.168.1.75 acl port_peixeurbano port 443 http_access allow src_peixeurbano port_peixeurbano dst_peixeurbano acl dst_nutricaokonig dstdomain .nutricaokonig.com.br http_access allow dst_nutricaokonig # Example rule allowing access from your local networks. # Adapt localnet in the ACL section to list your (internal) IP networks # from where browsing should be allowed http_access allow aeon http_access allow localnet http_access allow localnet2 http_access allow localhost http_access allow to_localhost # Recommended minimum Access Permission configuration: # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # And finally deny all other access to this proxy http_access deny all |
OK, squid follows the first matching rule, and ignores any subsequent matches. So, you really have to pay attention to the order of the rules.
|
Quote:
This happens in any file that I make change inside /etc/squid/rules/ |
Problem Solved!
squid -k parse show me what wrong.. before update my problem has solved. |
All times are GMT -5. The time now is 10:11 PM. |