LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-14-2017, 09:59 AM   #1
rafaelmedeiros
LQ Newbie
 
Registered: Jul 2017
Posts: 5

Rep: Reputation: Disabled
Smile ACLS


Good morning everyone!

I have a situation, here in the office, which is as follows:
I have some files allocated in the folder: /etc/squid/rules/
And I add computers with fullAcess to acess web, according to the rules.

Just one example: /etc/squid/rules/enable_for_macadress.txt
Before it was working normally. Now, when I do, work fine but after a few minutes,
It returns with an earlier setting.

Already used vim, vi, etc. With all as options: x! Wq !, Etc. and soon in: squid -k reconfigure
Even webmin itself happens this event.

I've recreated all the files, and it did not work.

Any help?



> df -h
Filesystem Size Used Avail Use% Mounted on
/dev/md1 9.5G 577M 8.5G 7% /
tmpfs 1.9G 144K 1.9G 1% /dev/shm
/dev/md0 190M 70M 110M 39% /boot
/dev/md2 9.5G 1.3G 7.8G 15% /usr
/dev/md3 24G 12G 13G 49% /var
/dev/md5 405G 41G 344G 11% /var/spool
/dev/sda6 9.5G 5.5G 3.6G 61% /var/squid1
/dev/sdb6 9.5G 5.5G 3.6G 61% /var/squid2

Last edited by rafaelmedeiros; 07-14-2017 at 10:49 AM.
 
Old 07-18-2017, 03:24 PM   #2
/dev/random
Member
 
Registered: Aug 2012
Location: Ontario, Canada
Distribution: Slackware 14.2, LFS-current, NetBSD 6.1.3, OpenIndiana
Posts: 319

Rep: Reputation: 112Reputation: 112
Quote:
Originally Posted by rafaelmedeiros View Post
Good morning everyone!

I have a situation, here in the office, which is as follows:
I have some files allocated in the folder: /etc/squid/rules/
And I add computers with fullAcess to acess web, according to the rules.

Just one example: /etc/squid/rules/enable_for_macadress.txt
Before it was working normally. Now, when I do, work fine but after a few minutes,
It returns with an earlier setting.

Already used vim, vi, etc. With all as options: x! Wq !, Etc. and soon in: squid -k reconfigure
Even webmin itself happens this event.

I've recreated all the files, and it did not work.

Any help?



> df -h
Filesystem Size Used Avail Use% Mounted on
/dev/md1 9.5G 577M 8.5G 7% /
tmpfs 1.9G 144K 1.9G 1% /dev/shm
/dev/md0 190M 70M 110M 39% /boot
/dev/md2 9.5G 1.3G 7.8G 15% /usr
/dev/md3 24G 12G 13G 49% /var
/dev/md5 405G 41G 344G 11% /var/spool
/dev/sda6 9.5G 5.5G 3.6G 61% /var/squid1
/dev/sdb6 9.5G 5.5G 3.6G 61% /var/squid2

Are these computers on a different subnet then a squid box?
 
Old 07-18-2017, 04:43 PM   #3
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
Did you recently change versions of squid?
 
Old 07-19-2017, 04:41 PM   #4
rafaelmedeiros
LQ Newbie
 
Registered: Jul 2017
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by AwesomeMachine View Post
Did you recently change versions of squid?
Nops!

My squid.conf

#
# Squid normally listens to port 3128
http_port 3128
http_port 4040 transparent

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/squid1 6144 16 512
cache_dir ufs /var/squid2 6144 16 512

cache_mem 512 MB

acl aeon src 177.19.158.163
# Leave coredumps in the first cache dir
coredump_dir /var/squid

acl manager proto cache_object
acl webserver src 192.168.1.1 127.0.0.1
http_access allow manager webserver
http_access deny manager

visible_hostname SIRIUS

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320


acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 :: 1
# Example rule allowing access from your local networks.
# IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet2 src 192.168.1.0/24 # RFC1918 possible internal network
acl tolocalnet2 dst 192.168.1.0/24 # RFC1918 possible internal network
acl SSL_ports port 443 563
acl SSL_ports port 9443
acl Safe_ports port 80 88 8080 20 7878 # http
acl Safe_ports port 1863 # msn
acl Safe_ports port 21 20 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8530 # Serviço WSUS Microsoft
acl Safe_ports port 5024 # Software Banco Central
acl Safe_ports port 3007 # multiling http
acl Safe_ports port 3456 # multiling http
acl Safe_ports port 2631 # multiling http
acl Safe_ports port 445 # Java
acl Safe_ports port 403 3607 3613 # Vimeo
acl Safe_ports port 90 # COAD
acl CONNECT method CONNECT


#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
acl site_ok dstdomain "/etc/squid/rules/ok_sites.txt"
acl word_site_ok url_regex -i "/etc/squid/rules/ok_sites.txt"
http_access allow site_ok
http_access allow word_site_ok
http_access allow SSL_ports Safe_ports site_ok

acl secretaria_diretoria arp 40:8d:5c:c0:e5:5f
http_access allow secretaria_diretoria
http_access allow SSL_ports secretaria_diretoria
http_access allow Safe_ports secretaria_diretoria

acl libera_por_mac arp "/etc/squid/rules/libera_por_mac.txt"
http_access allow libera_por_mac

acl gmail dstdomain .gmail.com

acl fazenda url_regex .fazenda.rj.gov.br

acl gov dstdomain .gov.com .gov.com.br .gov.br

acl captcha url_regex recaptcha

acl bancos dstdomain "/etc/squid/rules/bancos.txt"

acl GD dstdomain drive.google.com

acl docs dstdomain docs.google.com

acl domains_bloq dstdomain -i "/etc/squid/rules/domains"

acl dst_ip_bloq dst "/etc/squid/rules/dst_bloq"

acl words_bloq url_regex -i "/etc/squid/rules/words"

acl block_text url_regex -i "/etc/squid/rules/block_text.txt"

acl block_site dstdomain "/etc/squid/rules/block_sites.txt"

### RESTRIÇÃO POR HORÁRIOS GLPI 2016080223
acl excep_hora dstdomain "/etc/squid/rules/libera_hr_almoco.txt"
acl timealmoco_acl time M T W H F 12:00-12:59

http_access deny gmail
http_access allow fazenda
http_access allow captcha

no_cache deny gov
http_access allow gov
http_access allow bancos
http_access allow excep_hora timealmoco_acl
http_access allow GD
http_access allow docs

http_access allow tolocalnet2

# POLÍTICAS DE BLOQUEIO
error_directory /etc/squid/err_page

deny_info acessonegado.html all
deny_info acessonegado.html domains_bloq !bancos !gov

http_access deny domains_bloq !bancos !gov

deny_info acessonegado.html dst_ip_bloq

http_access deny dst_ip_bloq

deny_info acessonegado.html words_bloq !bancos !gov
http_access deny words_bloq !bancos !gov

deny_info acessonegado.html block_text
http_access deny block_text

deny_info acessonegado.html block_site
http_access deny block_site

acl dst_peixeurbano dstdomain .peixeurbano.com.br
acl src_peixeurbano src 192.168.1.75
acl port_peixeurbano port 443
http_access allow src_peixeurbano port_peixeurbano dst_peixeurbano

acl dst_nutricaokonig dstdomain .nutricaokonig.com.br
http_access allow dst_nutricaokonig

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow aeon
http_access allow localnet
http_access allow localnet2
http_access allow localhost
http_access allow to_localhost


# Recommended minimum Access Permission configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

# And finally deny all other access to this proxy
http_access deny all
 
Old 07-19-2017, 08:44 PM   #5
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
OK, squid follows the first matching rule, and ignores any subsequent matches. So, you really have to pay attention to the order of the rules.
 
Old 07-20-2017, 06:32 AM   #6
rafaelmedeiros
LQ Newbie
 
Registered: Jul 2017
Posts: 5

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by AwesomeMachine View Post
OK, squid follows the first matching rule, and ignores any subsequent matches. So, you really have to pay attention to the order of the rules.

This happens in any file that I make change inside /etc/squid/rules/
 
Old 08-02-2017, 11:25 AM   #7
rafaelmedeiros
LQ Newbie
 
Registered: Jul 2017
Posts: 5

Original Poster
Rep: Reputation: Disabled
Problem Solved!
squid -k parse show me what wrong.. before update my problem has solved.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
need help regarding ACLs in Squid blackvirus Linux - Newbie 3 02-08-2013 05:09 AM
Issue with ACLs shadowers Linux - Server 3 05-12-2011 12:08 AM
mv command and ACLs murraymn Linux - Security 7 05-03-2011 10:31 AM
help with permissions without using ACLs ehco2121 Linux - Newbie 1 02-09-2008 07:07 PM
Using Samba with ACLs drenze Linux - Server 1 10-19-2007 08:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 05:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration