Quote:
Originally Posted by AwesomeMachine
Did you recently change versions of squid?
|
Nops!
My squid.conf
#
# Squid normally listens to port 3128
http_port 3128
http_port 4040 transparent
# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/squid1 6144 16 512
cache_dir ufs /var/squid2 6144 16 512
cache_mem 512 MB
acl aeon src 177.19.158.163
# Leave coredumps in the first cache dir
coredump_dir /var/squid
acl manager proto cache_object
acl webserver src 192.168.1.1 127.0.0.1
http_access allow manager webserver
http_access deny manager
visible_hostname SIRIUS
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 :: 1
# Example rule allowing access from your local networks.
# IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet2 src 192.168.1.0/24 # RFC1918 possible internal network
acl tolocalnet2 dst 192.168.1.0/24 # RFC1918 possible internal network
acl SSL_ports port 443 563
acl SSL_ports port 9443
acl Safe_ports port 80 88 8080 20 7878 # http
acl Safe_ports port 1863 # msn
acl Safe_ports port 21 20 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8530 # Serviço WSUS Microsoft
acl Safe_ports port 5024 # Software Banco Central
acl Safe_ports port 3007 # multiling http
acl Safe_ports port 3456 # multiling http
acl Safe_ports port 2631 # multiling http
acl Safe_ports port 445 # Java
acl Safe_ports port 403 3607 3613 # Vimeo
acl Safe_ports port 90 # COAD
acl CONNECT method CONNECT
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
acl site_ok dstdomain "/etc/squid/rules/ok_sites.txt"
acl word_site_ok url_regex -i "/etc/squid/rules/ok_sites.txt"
http_access allow site_ok
http_access allow word_site_ok
http_access allow SSL_ports Safe_ports site_ok
acl secretaria_diretoria arp 40:8d:5c:c0:e5:5f
http_access allow secretaria_diretoria
http_access allow SSL_ports secretaria_diretoria
http_access allow Safe_ports secretaria_diretoria
acl libera_por_mac arp "/etc/squid/rules/libera_por_mac.txt"
http_access allow libera_por_mac
acl gmail dstdomain .gmail.com
acl fazenda url_regex .fazenda.rj.gov.br
acl gov dstdomain .gov.com .gov.com.br .gov.br
acl captcha url_regex recaptcha
acl bancos dstdomain "/etc/squid/rules/bancos.txt"
acl GD dstdomain drive.google.com
acl docs dstdomain docs.google.com
acl domains_bloq dstdomain -i "/etc/squid/rules/domains"
acl dst_ip_bloq dst "/etc/squid/rules/dst_bloq"
acl words_bloq url_regex -i "/etc/squid/rules/words"
acl block_text url_regex -i "/etc/squid/rules/block_text.txt"
acl block_site dstdomain "/etc/squid/rules/block_sites.txt"
### RESTRIÇÃO POR HORÁRIOS GLPI 2016080223
acl excep_hora dstdomain "/etc/squid/rules/libera_hr_almoco.txt"
acl timealmoco_acl time M T W H F 12:00-12:59
http_access deny gmail
http_access allow fazenda
http_access allow captcha
no_cache deny gov
http_access allow gov
http_access allow bancos
http_access allow excep_hora timealmoco_acl
http_access allow GD
http_access allow docs
http_access allow tolocalnet2
# POLÍTICAS DE BLOQUEIO
error_directory /etc/squid/err_page
deny_info acessonegado.html all
deny_info acessonegado.html domains_bloq !bancos !gov
http_access deny domains_bloq !bancos !gov
deny_info acessonegado.html dst_ip_bloq
http_access deny dst_ip_bloq
deny_info acessonegado.html words_bloq !bancos !gov
http_access deny words_bloq !bancos !gov
deny_info acessonegado.html block_text
http_access deny block_text
deny_info acessonegado.html block_site
http_access deny block_site
acl dst_peixeurbano dstdomain .peixeurbano.com.br
acl src_peixeurbano src 192.168.1.75
acl port_peixeurbano port 443
http_access allow src_peixeurbano port_peixeurbano dst_peixeurbano
acl dst_nutricaokonig dstdomain .nutricaokonig.com.br
http_access allow dst_nutricaokonig
# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow aeon
http_access allow localnet
http_access allow localnet2
http_access allow localhost
http_access allow to_localhost
# Recommended minimum Access Permission configuration:
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
# And finally deny all other access to this proxy
http_access deny all