Mandrake 10 (squid.conf)
Meu primeiro server squid
Categoria: Segurança
Software: Mandrake 10
[ Hits: 8.011 ]
Por: Wellington Pinheiro Gomes
Depois de tanta luta, de tanto formata e instala, pra lá e pra cá, consegui colocar meu squid pra rodar sem probremas (hehehe... bem... pelo menos ainda não deu nenhum erro...). Aenho agora colocar a minha conf para vocês darem uma olhada e dizerem o que está faltando e se eu poderia melhorar em algo. Desde já um muito obrigado e espero que isto possa ajudar muitos outros.
# ----------------------------------------------------------------------------- # TAG: http_port #Coloquei desta forma pois tinha engraçadinho tentando sair sem passar pelo squid e deu certo. # http_port 3128 8080 http_port 192.168.0.1:3128 http_port 10.0.0.1:3128 http_port 192.168.0.254:3128 # TAG: https_port # # #Default: # dead_peer_timeout 10 seconds # TAG: hierarchy_stoplist hierarchy_stoplist cgi-bin ? # TAG: no_cache acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY # OPTIONS WHICH AFFECT THE CACHE SIZE # ----------------------------------------------------------------------------- # TAG: cache_mem (bytes) # #Default: cache_mem 16 MB # TAG: cache_swap_low (percent, 0-100) # TAG: cache_swap_high (percent, 0-100) # #Default: cache_swap_low 90 cache_swap_high 95 # TAG: maximum_object_size (bytes) # #Default: maximum_object_size 4096 KB # TAG: minimum_object_size (bytes) # #Default: # minimum_object_size 0 KB # TAG: maximum_object_size_in_memory (bytes) # #Default: maximum_object_size_in_memory 8 KB # LOGFILE PATHNAMES AND CACHE DIRECTORIES # ----------------------------------------------------------------------------- # TAG: cache_dir #Tentei colocar das 5 (cinco) ultimas formas porem meu squid ficou muito lento. Somente a primeira ficou legal: cache_dir ufs /var/spool/squid 2000 64 512 #cache_dir ufs /var/spool/squid/1 2900 128 512 #cache_dir ufs /var/spool/squid/2 2900 128 512 #cache_dir ufs /var/spool/squid/3 2900 128 512 #cache_dir ufs /var/spool/squid/4 2900 128 512 #cache_dir ufs /var/spool/squid/5 2900 128 512 # TAG: cache_access_log #Default: cache_access_log /var/log/squid/access.log # TAG: cache_log #Default: cache_log /var/log/squid/cache.log # TAG: cache_store_log #Default: cache_store_log /var/log/squid/store.log # TAG: auth_param #Recommended minimum configuration: #auth_param digest program <uncomment and complete this line> #auth_param digest children 5 #auth_param digest realm Squid proxy-caching web server #auth_param digest nonce_garbage_interval 5 minutes #auth_param digest nonce_max_duration 30 minutes #auth_param digest nonce_max_count 50 #auth_param ntlm program <uncomment and complete this line to activate> #auth_param ntlm children 5 #auth_param ntlm max_challenge_reuses 0 #auth_param ntlm max_challenge_lifetime 2 minutes #auth_param basic program <uncomment and complete this line> auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours # TAG: refresh_pattern #Suggested default: refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern . 0 20% 4320 ######################################## #Default: # connect_timeout 2 minutes ######################################## # ACCESS CONTROLS # ----------------------------------------------------------------------------- # TAG: acl #Recommended minimum configuration: #acl all src 0.0.0.0/0.0.0.0 #acl manager proto cache_object #acl localhost src 127.0.0.1/255.255.255.255 #acl to_localhost dst 127.0.0.0/8 #acl SSL_ports port 443 563 #acl Safe_ports port 80 # http #acl Safe_ports port 21 # ftp #acl Safe_ports port 443 563 # https, snews #acl Safe_ports port 70 # gopher #acl Safe_ports port 210 # wais #acl Safe_ports port 1025-65535 # unregistered ports #acl Safe_ports port 280 # http-mgmt #acl Safe_ports port 488 # gss-http #acl Safe_ports port 591 # filemaker #acl Safe_ports port 777 # multiling http #acl CONNECT method CONNECT ######################################################################### #acl fileupload req_mime_type -i ^multipart/form-data$ #acl javascript rep_mime_type -i ^application/x-javascript$ # #Recommended minimum configuration: acl all src 10.0.0.0/24 acl all src 192.168.0.0/24 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # TAG: http_access #Default: #http_access deny all http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports #http_access deny blockedsites !unblockedsites #http_access deny regras_wpg #http_access allow regras_liberado http_access allow all # TAG: http_reply_access #Default: # http_reply_access allow all ### AUTERADO DO DIA 03/10/2007 #http_reply_access allow all # TAG: icp_access # icp_access deny all icp_access allow all # ADMINISTRATIVE PARAMETERS # ----------------------------------------------------------------------------- # TAG: cache_effective_group # #Default: cache_effective_user squid cache_effective_group squid # TAG: visible_hostname #Default: visible_hostname ConetBrasil #ACELERADOR # ----------------------------------------------------------------------------- # TAG: httpd_accel_port #Default: httpd_accel_host virtual httpd_accel_port 80 # TAG: httpd_accel_single_host on|off #Default: httpd_accel_single_host on # TAG: httpd_accel_with_proxy on|off #Default: httpd_accel_with_proxy on # TAG: httpd_accel_uses_host_header on|off #Default: httpd_accel_uses_host_header on # TAG: error_directory #error_directory /usr/lib/squid/errors/English #Default: error_directory /usr/lib/squid/errors/Portuguese # coredump_dir none coredump_dir /var/spool/squid #coredump_dir /etc/squid/cache #### CONTROLE DE BANDA #### delay_pools 22 #REDE INTERNA acl eth0 src 192.168.0.1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_access 1 allow eth0 #REDE EXTERNA acl eth1 src 10.0.0.1 delay_class 2 2 Zdelay_parameters 2 -1/-1 -1/-1 delay_access 2 allow eth1 #ATENDIMENTO_01 acl BD_atend_01 src 192.168.0.3 delay_class 3 2 delay_parameters 3 20000/20000 20000/20000 delay_access 3 allow BD_atend_01 #ATENDIMENTO_02 acl BD_atend_02 src 192.168.0.8 delay_class 4 2 delay_parameters 4 20000/20000 20000/20000 delay_access 4 allow BD_atend_02 #ATENDIMENTO_03 acl BD_atend_03 src 192.168.0.9 delay_class 5 2 delay_parameters 5 20000/20000 20000/20000 delay_access 5 allow BD_atend_03 #ATENDIMENTO_04 acl BD_atend_04 src 192.168.0.6 delay_class 6 2 delay_parameters 6 15800/15800 15800/15800 delay_access 6 allow BD_atend_04 #ADMINISTRAÇÃO acl BD_ADM src 192.168.0.4 delay_class 7 2 delay_parameters 7 20800/20800 20800/20800 delay_access 7 allow BD_ADM #ESTOQUE acl BD_estoque src 192.168.0.7 delay_class 8 2 delay_parameters 8 20000/20000 20000/20000 delay_access 8 allow BD_estoque #SERVIDOR acl BD_server src 192.168.0.5 delay_class 9 2 delay_parameters 9 20000/20000 20000/20000 delay_access 9 allow BD_server #LAB_01 acl LAB_01 src 192.168.0.40 delay_class 10 2 delay_parameters 10 20000/20000 20000/20000 delay_access 10 allow LAB_01 #LAB_02 acl LAB_02 src 192.168.0.41 delay_class 11 2 delay_parameters 11 20000/20000 20000/20000 delay_access 11 allow LAB_02 #LAB_03 acl LAB_03 src 192.168.0.42 delay_class 12 2 delay_parameters 12 20000/20000 20000/20000 delay_access 12 allow LAB_03 #LAB_04 acl LAB_04 src 192.168.0.43 delay_class 13 2 delay_parameters 13 20000/20000 20000/20000 delay_access 13 allow LAB_04 #LAB_05 acl LAB_05 src 192.168.0.44 delay_class 14 2 delay_parameters 14 20000/20000 20000/20000 delay_access 14 allow LAB_05 #LAB_06 acl LAB_06 src 192.168.0.45 delay_class 15 2 delay_parameters 15 20000/20000 20000/20000 delay_access 15 allow LAB_06 ########### CLIENTES ############ #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_01 src 10.0.0.3 delay_class 16 2 delay_parameters 16 20000/20000 20000/20000 delay_access 16 allow CLIENTE_01 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_02 src 10.0.0.4 delay_class 17 2 delay_parameters 17 20000/20000 20000/20000 delay_access 17 allow CLIENTE_02 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_03 src 10.0.0.5 delay_class 17 2 delay_parameters 17 20000/20000 20000/20000 delay_access 17 allow CLIENTE_03 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_04 src 10.0.0.6 delay_class 18 2 delay_parameters 18 20000/20000 20000/20000 delay_access 18 allow CLIENTE_04 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_05 src 10.0.0.7 delay_class 19 2 delay_parameters 19 20000/20000 20000/20000 delay_access 19 allow CLIENTE_05 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_06 src 10.0.0.8 delay_class 20 2 delay_parameters 20 20000/20000 20000/20000 delay_access 20 allow CLIENTE_06 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_07 src 10.0.0.9 delay_class 21 2 delay_parameters 21 20000/20000 20000/20000 delay_access 21 allow CLIENTE_07 #NOME: #END: #FONE: #E-MAIL: acl CLIENTE_08 src 10.0.0.10 delay_class 22 2 delay_parameters 22 20000/20000 20000/20000 delay_access 22 allow CLIENTE_08 #Espero ter ajudado e espero tb ter ajuda de vcs ... T+
Enviar mensagem ao usuário trabalhando com as opções do php.ini
Meu Fork do Plugin de Integração do CVS para o KDevelop
Compartilhando a tela do Computador no Celular via Deskreen
Como Configurar um Túnel SSH Reverso para Acessar Sua Máquina Local a Partir de uma Máquina Remota
Configuração para desligamento automatizado de Computadores em um Ambiente Comercial
Criando uma VPC na AWS via CLI
Multifuncional HP imprime mas não digitaliza
Dica básica para escrever um Artigo.
Como Exibir Imagens Aleatórias no Neofetch para Personalizar seu Terminal
Bluetooth no notebook com linux (0)
Erro: no such device: polilinux_root . (1)
Servidor Fileserver em debian 12 com integração ao AD (0)