squid.conf

Squid (squid.conf)

dandelion

Proxy autenticado por LDAP no Squid

Categoria: Networking

Software: Squid

[ Hits: 12.026 ]

Por: Mauricio Vieira Gomes da Silva

0 0

Denuncie Favoritos Indicar

Este arquivo mostra como configurar o Squid para autenticação do proxy de rede através do LDAP.

##########################################################
# /etc/squid/squid.conf arquivo de configuracao do squid #
##########################################################

#Define a porta listner do Proxy
http_port 3128

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

#Tamanho da memoria utilizada pelo Proxy
cache_mem 156 MB

#Caminho do Cache, tamanho, subpastas e subpastas das subpastas
cache_dir ufs /usr/local/squid/var/cache 1000 64 64

#Caminho do Log de cache
cache_log /usr/local/squid/var/logs/cache.log

#Caminho do log se acesso
cache_access_log /usr/local/squid/var/logs/access.log

#Configura time out para autenticacao
client_persistent_connections on
server_persistent_connections on

#Autenticacao de usuarios
auth_param basic program /usr/lib/squid/ldap_auth -P -b "dc=<sua dc do LDAP>,dc=<sua dc do LDAP>" -f "uid=%s" <IP do servidor LDAP:Porta>
auth_param basic children 30
auth_param basic realm Digite seu Login para Acesso a Internet
auth_param basic credentialsttl 2 hours
auth_param basic casesensitive on

refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320

#Configuracao das ACLS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object

acl ldap_auth proxy_auth REQUIRED

#Configuracao de ACLS de sites bloqueados e permitidos
#acl blockedsites url_regex -i "/etc/squid/acls/denied.txt"
#acl allowedsites url_regex -i "/etc/squid/acls/allowed.txt"
#acl capes url_regex -i "/etc/squid/acls/capes"
#acl capes url_regex -i ^capes

acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 3128 88  # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

#Permissao das ACLs
http_access deny !Safe_ports
http_access allow localhost

#http_access allow ldap_auth
#http_access deny blockedsites !allowedsites
#http_access allow rede_interna
#http_access deny !capes
http_access allow ldap_auth

http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid

#Habilita rotacao de logs
logfile_rotate 10

#Troca o manager do cache
cache_mgr <e-mail do manager do LDAP>

#Usuario e grupo efetivos do squid
cache_effective_user nobody
cache_effective_group nogroup

#Paginas de erros em portugues
error_directory /usr/local/squid/share/errors/Portuguese

#Tudo que nao for liberado nas regras acima sera barrado por Default
#http_access deny all

Comentários

Nenhum comentário foi encontrado.