Squid (squid.conf)

Proxy autenticado por LDAP no Squid

Categoria: Networking

Software: Squid

[ Hits: 11.550 ]

Por: Mauricio Vieira Gomes da Silva


Este arquivo mostra como configurar o Squid para autenticação do proxy de rede através do LDAP.


##########################################################
# /etc/squid/squid.conf arquivo de configuracao do squid #
##########################################################

#Define a porta listner do Proxy
http_port 3128

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

#Tamanho da memoria utilizada pelo Proxy
cache_mem 156 MB

#Caminho do Cache, tamanho, subpastas e subpastas das subpastas
cache_dir ufs /usr/local/squid/var/cache 1000 64 64

#Caminho do Log de cache
cache_log /usr/local/squid/var/logs/cache.log

#Caminho do log se acesso
cache_access_log /usr/local/squid/var/logs/access.log

#Configura time out para autenticacao
client_persistent_connections on
server_persistent_connections on

#Autenticacao de usuarios
auth_param basic program /usr/lib/squid/ldap_auth -P -b "dc=<sua dc do LDAP>,dc=<sua dc do LDAP>" -f "uid=%s" <IP do servidor LDAP:Porta>
auth_param basic children 30
auth_param basic realm Digite seu Login para Acesso a Internet
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on

refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320

#Configuracao das ACLS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object

acl ldap_auth proxy_auth REQUIRED

#Configuracao de ACLS de sites bloqueados e permitidos
#acl blockedsites url_regex -i "/etc/squid/acls/denied.txt"
#acl allowedsites url_regex -i "/etc/squid/acls/allowed.txt"
#acl capes url_regex -i "/etc/squid/acls/capes"
#acl capes url_regex -i ^capes

acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 3128 88  # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#Permissao das ACLs
http_access deny !Safe_ports
http_access allow localhost

#http_access allow ldap_auth
#http_access deny blockedsites !allowedsites
#http_access allow rede_interna
#http_access deny !capes
http_access allow ldap_auth

http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid

#Habilita rotacao de logs
logfile_rotate 10

#Troca o manager do cache
cache_mgr <e-mail do manager do LDAP>

#Usuario e grupo efetivos do squid
cache_effective_user nobody
cache_effective_group nogroup

#Paginas de erros em portugues
error_directory /usr/local/squid/share/errors/Portuguese

#Tudo que nao for liberado nas regras acima sera barrado por Default
#http_access deny all
  


Comentários

Nenhum comentário foi encontrado.


Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts