Squid + Dansguardian

vicentedeandrade
(usa FreeBSD)

Enviado em 26/08/2010 - 18:11h

Olá galera, estou procurando faz + de UMA semana para configurar um servidor proxy com as seguintes caracteristicas:

autenticacao squid + filtro de conteudo Dansguardian

Os usuarios precisam se autenticar via Squid (pois uso o MySAR para os relatorios) e preciso juntar o Dansguardian para filtrar o conteudo.

Os 2 serviços funcionam isoladamente da forma correta, mas quando tento fazer o fluxo

usuario -> squid -> dansguardian -> internet

Nao funciona.


####### squid.conf (squid-2.7)

http_port 3128
visible_hostname SRVProxy

#### autenticacao no AD
auth_param basic program /usr/lib/squid/ldap_auth -R -b "dc=AD" \
-D "cn=Administrador,cn=Users,dc=AD" -w "senha123" \
-f sAMAccountName=%s -h 192.168.0.150
auth_param basic children 5
auth_param basic realm MSG de autenticacao
auth_param basic credentialsttl 30 minutes
# autenticacao no AD

# Conf de CACHE
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 2048 16 256
cache_access_log /var/log/squid/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280

# Conf padrao Squid 2.7
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT

## acl autenticacao
acl autenticacao proxy_auth REQUIRED
#

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl redelocal src 192.168.0.0/255.255.255.0
http_access allow localhost
http_access allow redelocal autenticacao
http_access deny all


#### dansguardian.conf (Danguardian 2.10)
reportinglevel = 3
languagedir = '/etc/dansguardian/languages'
language = 'ptbrazilian'
loglevel = 2
logexceptionhits = 2
logfileformat = 1
filterip =
filterport = 8080
proxyip = 127.0.0.1
proxyport = 3128
accessdeniedaddress = 'http://YOURSERVER.YOURDOMAIN/cgi-bin/dansguardian.pl'
nonstandarddelimiter = on
usecustombannedimage = on
custombannedimagefile = '/usr/share/dansguardian/transparent1x1.gif'
filtergroups = 1
filtergroupslist = '/etc/dansguardian/lists/filtergroupslist'
bannediplist = '/etc/dansguardian/lists/bannediplist'
exceptioniplist = '/etc/dansguardian/lists/exceptioniplist'
showweightedfound = on
weightedphrasemode = 2
urlcachenumber = 1000
urlcacheage = 900
scancleancache = on
phrasefiltermode = 2
preservecase = 0
hexdecodecontent = off
forcequicksearch = off
reverseaddresslookups = off
reverseclientiplookups = off
logclienthostnames = off
createlistcachefiles = on
maxuploadsize = -1
maxcontentfiltersize = 256
maxcontentramcachescansize = 2000
maxcontentfilecachescansize = 20000
filecachedir = '/tmp'
deletedownloadedtempfiles = on
initialtrickledelay = 20
trickledelay = 10
downloadmanager = '/etc/dansguardian/downloadmanagers/fancy.conf'
downloadmanager = '/etc/dansguardian/downloadmanagers/default.conf'
contentscannertimeout = 60
contentscanexceptions = off
authplugin = '/etc/dansguardian/authplugins/proxy-basic.conf'
recheckreplacedurls = off
forwardedfor = off
usexforwardedfor = off
logconnectionhandlingerrors = on
logchildprocesshandling = off
maxchildren = 120
minchildren = 8
minsparechildren = 4
preforkchildren = 6
maxsparechildren = 32
maxagechildren = 500
maxips = 0
ipcfilename = '/tmp/.dguardianipc'
urlipcfilename = '/tmp/.dguardianurlipc'
ipipcfilename = '/tmp/.dguardianipipc'
nodaemon = off
nologger = off
logadblocks = off
loguseragent = off
softrestart = off
mailer = '/usr/sbin/sendmail -t'


Obrigado pela atençao.