Squid (squid.conf)
Squid fácil e intuitivo
Categoria: Miscelânea
Software: Squid
[ Hits: 14.425 ]
Por: Lucas Garcia Moreira
Apresento meu Squid, fácil e intuitivo, que faz parte do artigo "Squid + Sarg + IPtables - Configuração rápida": http://www.vivaolinux.com.br/artigo/Squid-Sarg-IPtables-Configuraeccedileatildeo-reaacutepida
################################################ ##### Porta, Nome e Cache ##### ################################################ # http_port 3128 transparent visible_hostname APA-Proxy # ## Criar cache na memoria de 4 GB ## cache_mem 4096 MB maximum_object_size_in_memory 2 MB maximum_object_size 4 MB minimum_object_size 10 KB cache_swap_low 80 cache_swap_high 95 refresh_pattern ^ftp: 15 20% 2280 refresh_pattern ^gopher: 15 0% 2280 refresh_pattern . 15 20% 2280 # ################################################ ##### Log ##### ################################################ # cache_access_log /var/log/squid3/access.log cache_store_log /var/log/squid3/store.log cache_log /var/log/squid3/cache.log ## Criar um cache em disco de 5 GB ## cache_dir aufs /var/spool/squid3 5120 16 256 # ################################################ ##### ACLs ##### ################################################ # #acl all src 0.0.0.0/0.0.0.0 #acl manager proto cache_object #acl localhost src 127.0.0.1/255.255.255.255 acl SSL_ports port 443 563 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 901 # swat acl Safe_ports port 1025-65535 # portas altas acl purge method PURGE acl CONNECT method CONNECT #Bloquear as portas não sitadas http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # ################################################ ##### Direitos de Acessos ##### ################################################ http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge # ################################################ ## CONTROLE DE BANDA ## ################################################ # #acl livre src 192.168.0.0/255.255.255.0 #acl extensoes url_regex -i .exe$ .mp3$ .vqf$ .tar.gz$ .gz$ .rpm$ .zip$ .rar$ .avi$ .mpeg$ .mpe$ .mpg$ .ram$ .rm$ .iso$ .raw$ .wav$ .mov$ #delay_pools 2 # # Classe 1 - Acesso a Internet a 512k # # delay_class 1 2 # delay_parameters 1 -1/-1 69000/69000 # # Classe 2 - Download a 180k # # delay_class 2 2 # delay_parameters 2 -1/-1 22500/22500 #delay_access 1 allow livre #delay_access 2 allow extensoes # ################################################ #### Liberando IP'S #### ################################################ # acl liberados src "/etc/squid/liberados.conf" # http_access allow liberados # ################################################ #### BLOQUEAR PALAVRAS #### ################################################ # acl bloquear_palavras url_regex -i "/etc/squid3/bloqueios.conf" # http_access deny bloquear_palavras # ################################################ ##### Rede Local #### ################################################ acl redelocal src 10.0.0.0/255.0.0.0 # ################################################ #### Liberando as Redes #### ################################################ http_access allow localhost http_access allow redelocal # ################################################ #### Bloqueando todo o Resto #### ################################################ http_access deny all http_access deny bloquear_palavras error_directory /usr/share/squid3/errors/portuguese
Lucas Garcia Moreira tudo em paz? Gostei do seu conf e usarei ele de base para meus estudos e testes. Se não for abusar, poderia contribuir com iptables? No meu caso eu tenho apenas a porta de rede on-board (eth0) e não sei fazer o redirecionamento da porta 80 e 443 para o proxy, pois eu vou usar ele no gateway do cliente (ficar ip do servidor no gateway) e filtrar a rede. Eu já tentei e não consegui, meu servidor tem IP 10.14.89.10. Obrigado.
Patrocínio
Destaques
Artigos
Melhorando o tempo de boot do Fedora e outras distribuições
Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46
E a guerra contra bots continua
Tradução do artigo do filósofo Gottfried Wilhelm Leibniz sobre o sistema binário
Conheça o firewall OpenGFW, uma implementação do (Great Firewall of China).
Dicas
Instalando o FreeOffice no LMDE 6
Anki: Remover Tags de Estilo HTML de Todas as Cartas
Colocando uma opção de redimensionamento de imagem no menu de contexto do KDE
Tópicos
Todo erro sempre gera um acerto... (12)
pacote não instala no void linux (0)
Top 10 do mês
-
Xerxes
1° lugar - 70.394 pts -
Fábio Berbert de Paula
2° lugar - 57.575 pts -
Clodoaldo Santos
3° lugar - 43.211 pts -
Supervisor dos Moderadores
4° lugar - 23.222 pts -
Sidnei Serra
5° lugar - 22.956 pts -
Daniel Lara Souza
6° lugar - 17.201 pts -
Mauricio Ferrari
7° lugar - 17.183 pts -
Alberto Federman Neto.
8° lugar - 17.167 pts -
Diego Mendes Rodrigues
9° lugar - 15.828 pts -
edps
10° lugar - 14.318 pts
Scripts
[Shell Script] Script para desinstalar pacotes desnecessários no OpenSuse
[Shell Script] Script para criar certificados de forma automatizada no OpenVpn
[Shell Script] Conversor de vídeo com opção de legenda
[C/C++] BRT - Bulk Renaming Tool
[Shell Script] Criação de Usuarios , Grupo e instalação do servidor de arquivos samba
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
