squid.conf

Mandrake 10 (squid.conf)

wellingtonpg

Meu primeiro server squid

Categoria: Segurança

Software: Mandrake 10

[ Hits: 7.916 ]

Por: Wellington Pinheiro Gomes

0 0
Denuncie   Favoritos   Indicar  

Depois de tanta luta, de tanto formata e instala, pra lá e pra cá, consegui colocar meu squid pra rodar sem probremas (hehehe... bem... pelo menos ainda não deu nenhum erro...). Aenho agora colocar a minha conf para vocês darem uma olhada e dizerem o que está faltando e se eu poderia melhorar em algo. Desde já um muito obrigado e espero que isto possa ajudar muitos outros.


# -----------------------------------------------------------------------------

#  TAG: http_port
#Coloquei desta forma pois tinha engraçadinho tentando sair sem passar pelo squid e deu certo.
# http_port 3128 8080
 http_port 192.168.0.1:3128
 http_port 10.0.0.1:3128
 http_port 192.168.0.254:3128

#  TAG: https_port
#
#
#Default:
# dead_peer_timeout 10 seconds

#  TAG: hierarchy_stoplist
hierarchy_stoplist cgi-bin ?

#  TAG: no_cache
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY


# OPTIONS WHICH AFFECT THE CACHE SIZE
# -----------------------------------------------------------------------------

#  TAG: cache_mem   (bytes)
#
#Default:
 cache_mem 16 MB

#  TAG: cache_swap_low   (percent, 0-100)
#  TAG: cache_swap_high   (percent, 0-100)
#
#Default:
 cache_swap_low 90
 cache_swap_high 95

#  TAG: maximum_object_size   (bytes)
#
#Default:
 maximum_object_size 4096 KB

#  TAG: minimum_object_size   (bytes)
#
#Default:
# minimum_object_size 0 KB

#  TAG: maximum_object_size_in_memory   (bytes)
#
#Default:
 maximum_object_size_in_memory 8 KB

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
# -----------------------------------------------------------------------------

#  TAG: cache_dir
#Tentei colocar das 5 (cinco) ultimas formas porem meu squid ficou muito lento. Somente a primeira ficou legal:
 cache_dir ufs /var/spool/squid 2000 64  512
#cache_dir ufs /var/spool/squid/1 2900 128 512
#cache_dir ufs /var/spool/squid/2 2900 128 512
#cache_dir ufs /var/spool/squid/3 2900 128 512
#cache_dir ufs /var/spool/squid/4 2900 128 512
#cache_dir ufs /var/spool/squid/5 2900 128 512


#  TAG: cache_access_log
#Default:
 cache_access_log /var/log/squid/access.log

#  TAG: cache_log
#Default:
 cache_log /var/log/squid/cache.log

#  TAG: cache_store_log
#Default:
 cache_store_log /var/log/squid/store.log

#  TAG: auth_param
#Recommended minimum configuration:
#auth_param digest program <uncomment and complete this line>
#auth_param digest children 5
#auth_param digest realm Squid proxy-caching web server
#auth_param digest nonce_garbage_interval 5 minutes
#auth_param digest nonce_max_duration 30 minutes
#auth_param digest nonce_max_count 50
#auth_param ntlm program <uncomment and complete this line to activate>
#auth_param ntlm children 5
#auth_param ntlm max_challenge_reuses 0
#auth_param ntlm max_challenge_lifetime 2 minutes
#auth_param basic program <uncomment and complete this line>
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

#  TAG: refresh_pattern
#Suggested default:
refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320
########################################
#Default:
# connect_timeout 2 minutes
########################################
# ACCESS CONTROLS
# -----------------------------------------------------------------------------

#  TAG: acl
#Recommended minimum configuration:
#acl all src 0.0.0.0/0.0.0.0
#acl manager proto cache_object
#acl localhost src 127.0.0.1/255.255.255.255
#acl to_localhost dst 127.0.0.0/8
#acl SSL_ports port 443 563
#acl Safe_ports port 80      # http
#acl Safe_ports port 21      # ftp
#acl Safe_ports port 443 563   # https, snews
#acl Safe_ports port 70      # gopher
#acl Safe_ports port 210      # wais
#acl Safe_ports port 1025-65535   # unregistered ports
#acl Safe_ports port 280      # http-mgmt
#acl Safe_ports port 488      # gss-http
#acl Safe_ports port 591      # filemaker
#acl Safe_ports port 777      # multiling http
#acl CONNECT method CONNECT
#########################################################################
#acl fileupload req_mime_type -i ^multipart/form-data$
#acl javascript rep_mime_type -i ^application/x-javascript$
#
#Recommended minimum configuration:
acl all src 10.0.0.0/24
acl all src 192.168.0.0/24
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT



#  TAG: http_access
#Default:
#http_access deny all
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#http_access deny blockedsites !unblockedsites
#http_access deny regras_wpg
#http_access allow regras_liberado 
http_access allow all

#  TAG: http_reply_access
#Default:
# http_reply_access allow all

### AUTERADO DO DIA 03/10/2007
#http_reply_access allow all

#  TAG: icp_access
# icp_access deny all
icp_access allow all

# ADMINISTRATIVE PARAMETERS
# -----------------------------------------------------------------------------

#  TAG: cache_effective_group
#
#Default:
 cache_effective_user squid
 cache_effective_group squid

#  TAG: visible_hostname
#Default:
visible_hostname ConetBrasil

#ACELERADOR
# -----------------------------------------------------------------------------

# TAG: httpd_accel_port
#Default:
 httpd_accel_host virtual
 httpd_accel_port 80

#  TAG: httpd_accel_single_host   on|off
#Default:
 httpd_accel_single_host on

#  TAG: httpd_accel_with_proxy   on|off
#Default:
 httpd_accel_with_proxy on

#  TAG: httpd_accel_uses_host_header   on|off
#Default:
 httpd_accel_uses_host_header on

#  TAG: error_directory
#error_directory /usr/lib/squid/errors/English
#Default:
 error_directory /usr/lib/squid/errors/Portuguese

# coredump_dir none
coredump_dir /var/spool/squid
#coredump_dir /etc/squid/cache


#### CONTROLE DE BANDA #### 
delay_pools 22

#REDE INTERNA
acl eth0 src 192.168.0.1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow eth0

#REDE EXTERNA
acl eth1 src 10.0.0.1
delay_class 2 2
Zdelay_parameters 2 -1/-1 -1/-1
delay_access 2 allow eth1

#ATENDIMENTO_01
acl BD_atend_01 src 192.168.0.3
delay_class 3 2
delay_parameters 3 20000/20000 20000/20000
delay_access 3 allow BD_atend_01

#ATENDIMENTO_02
acl BD_atend_02 src 192.168.0.8
delay_class 4 2
delay_parameters 4 20000/20000 20000/20000
delay_access 4 allow BD_atend_02

#ATENDIMENTO_03
acl BD_atend_03 src 192.168.0.9
delay_class 5 2
delay_parameters 5 20000/20000 20000/20000
delay_access 5 allow BD_atend_03

#ATENDIMENTO_04
acl BD_atend_04 src 192.168.0.6
delay_class 6 2
delay_parameters 6 15800/15800 15800/15800
delay_access 6 allow BD_atend_04

#ADMINISTRAÇÃO
acl BD_ADM src 192.168.0.4
delay_class 7 2
delay_parameters 7 20800/20800 20800/20800
delay_access 7 allow BD_ADM

#ESTOQUE
acl BD_estoque src 192.168.0.7
delay_class 8 2
delay_parameters 8 20000/20000 20000/20000
delay_access 8 allow BD_estoque

#SERVIDOR
acl BD_server src 192.168.0.5
delay_class 9 2
delay_parameters 9 20000/20000 20000/20000
delay_access 9 allow BD_server

#LAB_01
acl LAB_01 src 192.168.0.40
delay_class 10 2
delay_parameters 10 20000/20000 20000/20000
delay_access 10 allow LAB_01

#LAB_02
acl LAB_02 src 192.168.0.41
delay_class 11 2
delay_parameters 11 20000/20000 20000/20000
delay_access 11 allow LAB_02

#LAB_03
acl LAB_03 src 192.168.0.42
delay_class 12 2
delay_parameters 12 20000/20000 20000/20000
delay_access 12 allow LAB_03

#LAB_04
acl LAB_04 src 192.168.0.43
delay_class 13 2
delay_parameters 13 20000/20000 20000/20000
delay_access 13 allow LAB_04

#LAB_05
acl LAB_05 src 192.168.0.44
delay_class 14 2
delay_parameters 14 20000/20000 20000/20000
delay_access 14 allow LAB_05

#LAB_06
acl LAB_06 src 192.168.0.45
delay_class 15 2
delay_parameters 15 20000/20000 20000/20000
delay_access 15 allow LAB_06

########### CLIENTES ############

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_01 src 10.0.0.3
delay_class 16 2
delay_parameters 16 20000/20000 20000/20000
delay_access 16 allow CLIENTE_01

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_02 src 10.0.0.4
delay_class 17 2
delay_parameters 17 20000/20000 20000/20000
delay_access 17 allow CLIENTE_02

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_03 src 10.0.0.5
delay_class 17 2
delay_parameters 17 20000/20000 20000/20000
delay_access 17 allow CLIENTE_03

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_04 src 10.0.0.6
delay_class 18 2
delay_parameters 18 20000/20000 20000/20000
delay_access 18 allow CLIENTE_04

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_05 src 10.0.0.7
delay_class 19 2
delay_parameters 19 20000/20000 20000/20000
delay_access 19 allow CLIENTE_05

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_06 src 10.0.0.8
delay_class 20 2
delay_parameters 20 20000/20000 20000/20000
delay_access 20 allow CLIENTE_06

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_07 src 10.0.0.9
delay_class 21 2
delay_parameters 21 20000/20000 20000/20000
delay_access 21 allow CLIENTE_07

#NOME:
#END:
#FONE:
#E-MAIL:
acl CLIENTE_08 src 10.0.0.10
delay_class 22 2
delay_parameters 22 20000/20000 20000/20000
delay_access 22 allow CLIENTE_08


#Espero ter ajudado e espero tb ter ajuda de vcs ... T+
  


Comentários
[1] Comentário enviado por matheus.silva em 05/02/2008 - 13:06h

A questão de sair sem passar pelo squid era só vc ter fechado a saida pela porta 80 no firewall... dai você força o uso do proxy..
tive que fazer isso no meu serviço hehehe

[2] Comentário enviado por wellingtonpg em 18/02/2008 - 22:28h

Pois é eu acabei fazendo isto tb ficou bem bacana.
Eu já resumi o meu squid bastante e alem de fazer cache e controle de banda eu coloquei ele até pra fazer cobranças ou cortar quando os clientes não pagarem na data "X" e em breve estarei postando ele tambêm.


Contribuir com comentário

  



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner

Destaques

Artigos

Melhorando o tempo de boot do Fedora e outras distribuições

Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46

E a guerra contra bots continua

Tradução do artigo do filósofo Gottfried Wilhelm Leibniz sobre o sistema binário

Conheça o firewall OpenGFW, uma implementação do (Great Firewall of China).

Dicas

Instalando o FreeOffice no LMDE 6

Anki: Remover Tags de Estilo HTML de Todas as Cartas

Colocando uma opção de redimensionamento de imagem no menu de contexto do KDE

Instalar IRPF 2024 no Linux

Instalando Google Chrome no LMDE 6

Tópicos

VMWare Workstation Pro (2)

Pirataria ou não? (6)

Não consigo acessar os modos de desempenho no mint 2.3 (5)

Liberar a porta 10050 (2)

Gentoo bane contribuições de código feitas com IA (1)

Top 10 do mês

Scripts

[Shell Script] Script para desinstalar pacotes desnecessários no OpenSuse

[Shell Script] Script para criar certificados de forma automatizada no OpenVpn

[Shell Script] Conversor de vídeo com opção de legenda

[C/C++] BRT - Bulk Renaming Tool

[Shell Script] Criação de Usuarios , Grupo e instalação do servidor de arquivos samba

A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.

Site hospedado por: