squid.conf

squid (squid.conf)

brunosalmito

Conf do squid bastante simples e funcional

Categoria: Segurança

Software: squid

[ Hits: 8.549 ]

Por: Bruno Salmito Filizola de Faria

0 0

Denuncie Favoritos Indicar

Conf com bloqueio de palavras chaves, bloqueio de download por extensão de arquivos, bloqueio e liberação de sites e domínios e proxy transparente.

http_port 0.0.0.0:8080   #Ip do servidor proxy / porta utilizada
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
ftp_user Squid@
ftp_passive on
hosts_file /etc/hosts
refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320
acl manager proto cache_object
acl SSL_ports port 443 563   
acl SSL_ports port 873      
acl Safe_ports port 80      
acl Safe_ports port 21      
acl Safe_ports port 443 563   
acl Safe_ports port 70      
acl Safe_ports port 210      
acl Safe_ports port 1025-65535   
acl Safe_ports port 280      
acl Safe_ports port 488      
acl Safe_ports port 591      
acl Safe_ports port 777      
acl Safe_ports port 631      
acl Safe_ports port 873      
acl Safe_ports port 901
acl Safe_ports port 1338   #Millenium Worm
acl Safe_ports port 6776   #Sub 7      
acl purge method PURGE
acl CONNECT method CONNECT
#########################
cache_dir ufs /var/spool/squid 1024 16 256 
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl rede src 0.0.0.0/0.0.0.0   #Rede linterna
acl Safe_ports port 8080
acl CONNECT method CONNECT
acl liberadominio dstdomain "/etc/squid/Regras/regras_acesso"   #Coloque aqui os sites a serem liberados
acl acesso url_regex -i "/etc/squid/Regras/acesso" #Coloque aqui os sites bloqueados
#########################
acl bloq_extensao url_regex "/etc/squid/Regras/extensao" #Coloque aqui estensões a serem bloqueadas
#########################
acl palavra url_regex -i "/etc/squid/Regras/regras_palavras" #Coloque aqui as palavras chaves a serem bloqueadas
acl palavra url_regex -i "/etc/squid/Regras/palavras" # Esta regra bloqueia todas as palavras sem diferencias maiusculas de minusculas 
#########################
acl malware_block_list url_regex -i "/etc/squid/Regras/malware"
#########################
########### REGRAS ##############
http_access allow rede liberadominio
http_access deny all malware_block_list
http_access deny all bloq_sites
#########################
http_access deny all palavra
#########################
http_access deny all bloq_extensao
#########################
http_access allow manager localhost
http_access allow rede
http_access deny !Safe_ports
http_access deny all
#########################
cache_effective_user proxy
cache_effective_group proxy
visible_hostname Proxy Server

#########################
deny_info ERR_ACCESS_URL bloq_sites
deny_info ERR_ACCESS_MALWARE malware_block_list
#########################
deny_info ERR_ACCESS_FILE palavra
#########################
deny_info ERR_ACCESS_DOWN bloq_extensao
#########################
error_directory /usr/share/squid/errors/Portuguese/
#########################
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
#########################

Comentários

[1] Comentário enviado por cesar.bsb em 17/02/2008 - 11:46h

Coloquei o ip da eth0 que recebe o sinal da interet, na realidade tenho que coloar o da eth1 para funcionar? quando reestarto o squid aparece a mensagem abaixo

FATAL: Bungled squid.conf line 1: http_port 10.1.1.6:3128

esse ip do servidor, eu coloco o da eth1 ou eth0? essa porta tenho que abrir no modem ou é só para colocar nos cliente?

0 0