Bloqueio de videos online [RESOLVIDO]

13. Re: Bloqueio de videos online [RESOLVIDO]

Jessika Sato
jessysato

(usa Debian)

Enviado em 01/02/2013 - 17:26h

Fiz tudo conforme dito acima, até criei o arquivo blockmine, mas não deu em nada.
Os vídeos continuam passando.


  


14. Re: Bloqueio de videos online [RESOLVIDO]

Weverton Gleub
buelg

(usa Ubuntu)

Enviado em 07/02/2013 - 18:28h

o script esta funcionando de boa, so que preciso que algumas maquina fique fora da regra, e nao tou conseguindo colocar, gostaria da colaboraçoa de vcs.


15. Bloqueio de videos online

Júnior
jabj

(usa FreeBSD)

Enviado em 26/08/2013 - 20:57h

Boa noite!

Gostaria de agradecer e dizer que apliquei as regras em meu squid.conf e funcionaram também.

Mas tem um porem no meu caso.

Gostaria de liberar downloads de extensão de imagens, bloqueando apenas os usuários de assistirem vídeos e escutarem musicas.

Como exemplo, se tento baixar um arquivo de imagem proveniente do site http://www.sendspace.com de extensão ".psd", ele é bloqueado.

Notei em testes que se tiro a opção "application/octet-stream", consigo fazer o download, só que em contra partida, vídeos do YouTube são liberados.

Se coloco de volta "application/octet-stream", os vídeos são bloqueados do jeito que quero, mas o download para de funcionar.

Neste caso teriam alguma dica?

Agradeço se puderem ajudar.





16. Bloqueia bacana porém !!

Leonardo Alves Romão
leo2000xp

(usa Debian)

Enviado em 18/03/2014 - 11:35h

Bloqueou aqui perfeitamente, porém quando usa o HTTPS funciona normalmente.



o proxy é transparente, alguma sugestao ?


sei que a postagem é antiga, mas não custa tentar hehe.


17. Re: Bloqueio de videos online [RESOLVIDO]

PH Digitos
chaplinux

(usa Debian)

Enviado em 25/03/2015 - 13:42h

leo2000xp escreveu:

Bloqueou aqui perfeitamente, porém quando usa o HTTPS funciona normalmente.



o proxy é transparente, alguma sugestao ?


sei que a postagem é antiga, mas não custa tentar hehe.



Realmente tambem no proxy transparente HTTPS youtube roda normal!!!

alguma solução ??? nem que seja via iptables! ???



18. Re: Bloqueio de videos online [RESOLVIDO]

Ronaldo Barboza
ronaldobsj

(usa Outra)

Enviado em 05/06/2015 - 06:43h


Sim Charplinux, deve ser bloqueado via iptables.

Esta é o meu.


for bloqueados in $(cat /etc/squid3/bloqhttps)
do
for ipliberados in $(cat /etc/squid3/ipliberados)
do

iptables -A FORWARD -s "$ipliberados" -m string --algo bm --string "$bloqueados" -j ACCEPT
iptables -A FORWARD -d "$ipliberados" -m string --algo bm --string "$bloqueados" -j ACCEPT

done
done



# BLOCKING HTTPSs

# SCRIPT TO FIND IPs FREEs


for bloqueados in $(cat /etc/squid3/bloqhttps)
do
for ipliberados in $(cat /etc/squid3/ipliberados)
do

# This line go apply the action

iptables -A FORWARD -s 192.168.1.0/24 -m string --algo bm --string "$bloqueados" -j REJECT
iptables -A FORWARD -s 192.168.1.0/24 -m string --algo bm --string "$bloqueados" -j REJECT

done
done

#
# END SCRIPT
#



# ENABLE INTERNET SHARING


echo "1" > /proc/sys/net/ipv4/ip_forward



# TRANSPARENT PROXY DIRECTIONAMENT


iptables -t nat -I PREROUTING -i eth0 -s 192.168.1.0/24 -p tcp --dport 80 -j REDIRECT --to-port 8080



# ENABLE THE NAT


iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -nL | nl



19. Re: Bloqueio de videos online [RESOLVIDO]

Marcos Valente
Mvalente

(usa CentOS)

Enviado em 04/10/2016 - 22:13h

Fala pessoal!!! Eu tenho o Squid integrado ao AD e quero bloquear Videos só para o Grupo de "internet Padrão" e os outros grupos podem acessar normalmente, já fiz de tudo mais não trava os videos e continuam passando!! Será que poderiam dar uma força?? To quebrando a cabeça... Meu squid.conf é esse abaixo: Agradeço quem puder dar uma força....

#############################################################################
#############################################################################
## ARQUIVO DE CONFIGURACAO DO SQUID - COM AUTENTICACAO NO ACTIVE DIRECTORY ##
#############################################################################
#############################################################################

##DEFINE A PORTA DE CONEXAO DO SQUID#########################################
http_port 3128

##DEFINE O TAMANHO MAXIMO DE UM OBJETO PARA SER ARMAZENADO EM CACHE##########
maximum_object_size 131070 KB

##DEFINE O TAMANHO MINIMO DE UM OBJETO PARA SER ARMAZENADO EM CACHE##########
minimum_object_size 0 KB

##DEFINE O TAMANHO MAXIMO DE UM OBJETO EM CACHE DE MEMORIA###################
maximum_object_size_in_memory 8 MB

##DEFINE A QUANTIDADE DE MEMORIA RAM A SER ALOCADA PARA CACHE################
cache_mem 256 MB

##ALTERA A PERFORMANCE EM CONEXOES PIPELINE (PARALELO)#######################
pipeline_prefetch on

##CACHE DE FQDN##############################################################
fqdncache_size 1024

##Inibe a informacao da versao do Squid quando um site for bloqueado#########
httpd_suppress_version_string on

##Add any of your own refresh_pattern entries above these####################
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

##DEFINE A % DO USO DO CACHE#################################################
cache_swap_low 90
cache_swap_high 95

##LOGS#######################################################################
access_log /var/log/squid/access.log squid
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

##DEFINE O LOCAL DO CACHE####################################################
cache_dir ufs /var/spool/squid 8192 16 256

##CONTROLE DO LOG############################################################
logfile_rotate 10

##ARQUIVO ONDE CONTEM OS HOSTNAME DAS ESTACOES OU SERVIDORES#################
hosts_file /etc/hosts

##LIBERAR O ACESSO AO SITE DA CAIXA - PROBLEMAS COM PROXY####################
acl caixa dstdomain .caixa.gov.br
always_direct allow caixa
cache deny caixa

##NFE########################################################################
acl nfe dstdomain "/etc/squid/nfe"
http_access allow nfe

##LIBERAR O ACESSO SEM O PROXY###############################################
acl acessos_semproxy url_regex -i "/etc/squid/acls/acessos_semproxy"
acl acessos_semproxy2 dstdomain -i "/etc/squid/acls/acessos_semproxy2"
http_access allow acessos_semproxy
http_access allow acessos_semproxy2

##LIBERACAO SKYPE###########################################################
acl skype_domain dstdom_regex skype.com
http_access allow skype_domain

##HOSTS QUE NAO PRECISAM DE AUTENTICACAO#####################################
acl liberados_sem_autenticacao src "/etc/squid/acls/liberados_sem_autenticacao"
http_access allow liberados_sem_autenticacao

##MACS LIBERADOS#############################################################
acl mac_liberado arp "/etc/squid/acls/mac_liberado"
http_access allow mac_liberado


##ACL PADROES################################################################
# portas seguras
acl SSL_ports port 81
acl SSL_ports port 82
acl SSL_ports port 563
acl SSL_ports port 443
acl SSL_ports port 8180
acl SSL_ports port 8443
# Demais servicos
acl Safe_ports port 80 # http
acl Safe_ports port 81 # http
acl Safe_ports port 82 # http
acl Safe_ports port 20-21 # ftp
acl Safe_ports port 70 # gopher
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl Safe_ports port 8080 # http
acl Safe_ports port 8081 # http
acl Safe_ports port 8082 # http
acl Safe_ports port 8088 # http
acl Safe_ports port 8180 8443 # https
acl Safe_ports port 3456 # receita federal - irpf
acl Safe_ports port 3001 # diario oficial
acl CONNECT method CONNECT

acl localhost src 127.0.0.1/32
http_access allow localhost

##BLOQUEIA O ACESSO UNSAFE PORTS##############################################
http_access deny !Safe_ports

##Deny CONNECT to other than secure SSL port##################################
http_access deny CONNECT !SSL_ports

##SITES QUE NAO TERAO CACHE###################################################
acl NOCACHE url_regex "/etc/squid/acls/sites_acesso_sem_cache" \?
no_cache deny NOCACHE

##############################################################################
# AUTENTICACAO NO ACTIVE DIRECTORY #
##############################################################################
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 50
auth_param ntlm keep_alive on
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20
auth_param basic realm Squid proxy server

##DEFINE O TIMEOUT DE LOGON NO PROXY##
auth_param basic credentialsttl 12 hours

##DESATIVA A VERIFICAÇÃO DE LETRAS MAIÚSCULAS E MINÚSCULAS##
auth_param basic casesensitive off

external_acl_type ad_group ttl=600 %LOGIN /usr/lib64/squid/wbinfo_group.pl

###########################################################################
# ACL's - GRUPOS DO AD #
###########################################################################
# Nome ACL TIPO Nome Grupo AD #
###########################################################################
acl internet_acesso_bloqueado external ad_group internet_acesso_bloqueado
acl internet_acesso_completo external ad_group internet_acesso_completo
acl internet_acesso_padrao external ad_group internet_acesso_padrao
acl internet_acesso_rede_sociais external ad_group internet_acesso_rede_sociais
acl internet_acesso_rede_teamviewer external ad_group internet_acesso_rede_teamviewer
acl internet_acesso_rede_whatsapp external ad_group internet_acesso_rede_whatsapp

##ACL's - Permitidos - Proibidos - Outras#####################################
acl downloads_proibidos urlpath_regex -i "/etc/squid/acls/downloads_proibidos"
acl sites_liberados url_regex -i "/etc/squid/acls/sites_liberados"
acl sites_proibidos url_regex -i "/etc/squid/acls/sites_proibidos"
acl sites_rede_sociais url_regex -i "/etc/squid/acls/sites_rede_sociais"
acl sites_teamviewer url_regex -i "/etc/squid/acls/sites_teamviewer"
acl sites_whatsapp url_regex -i "/etc/squid/acls/sites_whatsapp"

################## ACL for Radio / Video Stream ###########################
acl StreamingRequest req_mime_type -i ^video/x-ms-asf$
acl StreamingRequest req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
acl StreamingRequest req_mime_type -i ^application/x-mms-framed$
acl StreamingRequest req_mime_type -i ^audio/x-pn-realaudio$
acl StreamingReply rep_mime_type -i ^video/x-ms-asf$
acl StreamingReply rep_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
acl StreamingReply rep_mime_type -i ^application/x-mms-framed$
acl StreamingReply rep_mime_type -i ^audio/x-pn-realaudio$

acl streaming req_mime_type ^video/x-ms-asf
acl videomusic urlpath_regex -i \.aif$ \.aifc$ \.aiff$ \.asf$ \.asx$ \.avi$ \.au$ \.m3u$ \.med$ \.mp3$ \.mp4$ \.m1v$ \.mp2$ \.mp2v$ \.mpa$ \.mov$ \.mpe$ \.mpg$ \.mpeg$ \.ogg$ \.pls$ \.ram$ \.ra$ \.ram$ \.snd$ \.wma$ \.wmv$ \.wvx$ \.mid$ \.midi$ \.rmi$ \.flv$

###########################################################################
# DEFINIÇÃO DAS REGRAS DE ACESSOS #
###########################################################################

##REGRA PARA GARANTIR A AUTENTICACAO##
acl autenticados proxy_auth REQUIRED

##PERMISSOES DE ACESSO AO GRUPO "internet_acesso_completo"##
##ACESSO FULL LIBERADO
http_access allow internet_acesso_completo

##BLOQUEAR USUARIOS##
http_access deny internet_acesso_bloqueado

##LIBERA ACESSO EM HORARIO DE ALMOCO##
#acl almoco time MTWHFAS 12:00-14:00
#http_access allow almoco

#LIBERA ACESSO AO SITES REDE SOCIAS##
http_access allow internet_acesso_rede_sociais sites_rede_sociais

#LIBERA ACESSO AO SITES TEAMVIEWER##
http_access allow internet_acesso_rede_teamviewer sites_teamviewer

#LIBERA ACESSO AO SITES WHATSAPP##
http_access allow internet_acesso_rede_whatsapp sites_whatsapp

##FAZ A NEGACAO DOS SITES PROIBIDOS##
##DEPOIS LIBERA SITES AO GRUPO "internet_acesso_padrao"##
##DEPOIS BLOQUEIA O STREAMING DE VIDEO##
http_access deny sites_proibidos
http_access allow internet_acesso_padrao

#http_reply_access deny streaming
http_access deny videomusic internet_acesso_padrao
http_reply_access deny streaming internet_acesso_padrao
http_access deny StreamingRequest internet_acesso_padrao
http_reply_access deny StreamingRequest internet_acesso_padrao
http_access deny StreamingReply internet_acesso_padrao
http_reply_access deny StreamingReply internet_acesso_padrao


##PERMISSOES DE ACESSO AO SITES LIBERADOS ###
http_access allow autenticados sites_liberados

##DEFININDO A ORDEM DAS ACL's##
#http_access deny downloads_proibidos

http_access deny all
http_reply_access allow all
icp_access allow all
miss_access allow all

##DIRETORIO DAS PAGINAS DE ERROS##############################################
error_directory /usr/share/squid/errors/pt-br

##OUTRAS OPCOES DE CACHE######################################################
#cache_effective_group squid
cache_effective_user squid
coredump_dir /var/spool/squid



20. Re: Bloqueio de videos online [RESOLVIDO]

Eduardo Policarpo
edupoli

(usa Ubuntu)

Enviado em 07/10/2016 - 11:10h

leandrofv escreveu:

Caro amigo obrigado pela ajuda, depois das orientações resolveu o problema.




Como voce resolveu amigo ?


21. algumas opções....

PH Digitos
chaplinux

(usa Debian)

Enviado em 07/10/2016 - 11:48h


Cara só vejo algumas opções....

Essa compilando o Squid com algumas funcoes Habilitadas.
https://www.vivaolinux.com.br/dica/Squid-3-com-bloqueio-HTTPS

ou Usar o pfsense tambem com o squid modificado.
https://forum.pfsense.org/index.php?topic=62263.0

ou usar um servidor de DNS chamado nxfilter
http://docs.nxf.kernel.inf.br/pt_BR/latest/pages/getting_started/sys_req.html

bom estudo....

~~~~~~~~===~~~~~~~~===~~~~~~~~===~~~~~~~===
{ Papai..., o que é Software?
meu filho..., Software é a parte que você xinga...
...mais Pai! então o que é Hardware ?
meu guri..., Hardware é a parte que você chuta! ...
... hhha tá.. }



01 02



Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts