Problema com o squid.conf [RESOLVIDO]

jonathan_johnn
(usa Ubuntu)

Enviado em 20/10/2011 - 11:50h

Bom dia galera,

sou novo com Servidores linux e estou com um problema

apos ter configurado o squid3 quando rodo o comando #squid3 -k parse
ocorre o seguinte erro:


2011/10/20 11:51:19| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2011/10/20 11:51:19| cache_cf.cc(364) parseOneConfigFile: squid.conf:5 unrecognized: 'refresh_pattern.'
2011/10/20 11:51:19| cache_cf.cc(364) parseOneConfigFile: squid.conf:7 unrecognized: 'Agent}>h"%Ss:%Sh'
2011/10/20 11:51:19| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2011/10/20 11:51:19| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2011/10/20 11:51:19| WARNING: For now we will assume you meant to write /8
2011/10/20 11:51:19| aclParseAclList: ACL name 'manager' not found.
FATAL: Bungled squid.conf line 38: http_access allow manager localhost
Squid Cache (Version 3.1.11): Terminated abnormally.
CPU Usage: 0.016 seconds = 0.008 user + 0.008 sys
Maximum Resident Size: 16384 KB
Page faults with physical i/o: 0


o meu arquivo de configuração esta assim:

http_port 192.168.0.15:3128
hierarchy_stoplist cgi-bind ?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern. 0 20% 4320

Agent}>h"%Ss:%Sh
access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log

acl localhost src 127.0.0.1/32
acl redelocal src 192.168.0.0/24

acl to_localhost dst 127.0.0.0/255.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 #http
acl Safe_ports port 8080 #tomcat
acl Safe_ports port 8443 #tomcat - ssl
acl Safe_ports port 10000 #webmn
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 563 #https, snews
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistered ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 631 #cups
acl Safe_ports port 777 #multiling http
acl Safe_ports port 901 #SWAT
acl Safe_ports port 4500 #Biblioteca USP dedalus
acl Safe_ports port 2083 #CPANEL
acl safe_ports port 2631 #Conectividade Social
acl Safe_ports port 1494 #Sigov
acl Safe_ports port 8333 #WMWARE SERVER
acl purge method PURGE

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge

acl manager proto cache_object

#Proibir e liberar sites por dominio
acl sites_deny dstdomain -i "/etc/squid3/acls/sites-proibidos"
acl sites_allow dstdomain -i "/etc/squid3/acls/sites-permitidos"
acl caixa dstdomain -i .caixa.gov.br
#Proibir sites por palavras
acl palavras_deny url_regex -i "/etc/squid3/acls/palavras-deny"
acl palavras_allow url_regex -i "/etc/squid3/acls/palavras-allow"

#Libera Windows Update
acl dstdomain -i Windowsupdate.microsoft.com au.download.Windowsupdate.com

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#Autenticação no Windows 2008
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol-squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsrrl 2 hours
acl AuthorizedUser proxy_auth REQUIRED
http_access allow all AuthorizedUser


http_access allow update
http_access allow liberaexe
http_access deny sites_deny !sites_allow
http_access deny palavras_deny !palavras_allow
http_access allow caixa
always_direct allow caixa

http_reply_access allow all

icp_access allow all

miss_access allow all

dns_nameservers 192.168.0.1

acl snmpro snmp_community local
snmp_access allow snmpro all
snmp_port 3401

cache_mgr jonahan@vsati.com.br

visible_hostname 192.168.0.15.psmantena.com.br

error_directory /usr/share/squid3/errors/Portuguese
coredump_dir /var/spool/squid3
logfile_rotate 4

Alguem pode me ajudar por favor?

dolivervl
(usa Slackware)

Enviado em 20/10/2011 - 12:04h

Cara, coloca as regras na seguinte ordem:
acl xxxx
http_access
e não ao contrário...

jonathan_johnn
(usa Ubuntu)

Enviado em 20/10/2011 - 12:18h

Boa tarde,

deixei o squid.conf dessa maneira:

-----------------------------------------------------------------

http_port 192.168.0.15:3128
hierarchy_stoplist cgi-bind ?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern. 0 20% 4320

Agent}>h"%Ss:%Sh
access_log /var/log/squid3/access.log
cache_log /var/log/squid3/cache.log

acl localhost src 127.0.0.1/32
acl redelocal src 192.168.0.0/24

acl to_localhost dst 127.0.0.0/255.0.0.0
acl SSL_ports port 443 563
acl Safe_ports port 80 #http
acl Safe_ports port 8080 #tomcat
acl Safe_ports port 8443 #tomcat - ssl
acl Safe_ports port 10000 #webmn
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 563 #https, snews
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistered ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 631 #cups
acl Safe_ports port 777 #multiling http
acl Safe_ports port 901 #SWAT
acl Safe_ports port 4500 #Biblioteca USP dedalus
acl Safe_ports port 2083 #CPANEL
acl safe_ports port 2631 #Conectividade Social
acl Safe_ports port 1494 #Sigov
acl Safe_ports port 8333 #WMWARE SERVER
acl purge method PURGE
acl manager proto cache_object
#Proibir e liberar sites por dominio
acl sites_deny dstdomain -i "/etc/squid3/acls/sites-proibidos"
acl sites_allow dstdomain -i "/etc/squid3/acls/sites-permitidos"
acl caixa dstdomain -i .caixa.gov.br
#Proibir sites por palavras
acl palavras_deny url_regex -i "/etc/squid3/acls/palavras-deny"
acl palavras_allow url_regex -i "/etc/squid3/acls/palavras-allow"

#Libera Windows Update
acl dstdomain -i Windowsupdate.microsoft.com au.download.Windowsupdate.com

acl AuthorizedUser proxy_auth REQUIRED
acl snmpro snmp_community local


http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge

#Autenticação no Windows 2008
auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol-squid-2.5-ntlmssp
auth_param ntlm children 30
auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsrrl 2 hours

http_access allow all AuthorizedUser


http_access allow update
http_access allow liberaexe
http_access deny sites_deny !sites_allow
http_access deny palavras_deny !palavras_allow
http_access allow caixa
always_direct allow caixa

http_reply_access allow all

icp_access allow all

miss_access allow all

dns_nameservers 192.168.0.1

snmp_access allow snmpro all
snmp_port 3401

cache_mgr jonahan@vsati.com.br

visible_hostname 192.168.0.15.psmantena.com.br

error_directory /usr/share/squid3/errors/Portuguese
coredump_dir /var/spool/squid3
logfile_rotate 4


--------------------------------------------------------------

Após essa mudança ocorreu outro erro:

---------------------------------------------------------------

2011/10/20 12:20:15| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2011/10/20 12:20:15| cache_cf.cc(364) parseOneConfigFile: squid.conf:5 unrecognized: 'refresh_pattern.'
2011/10/20 12:20:15| cache_cf.cc(364) parseOneConfigFile: squid.conf:7 unrecognized: 'Agent}>h"%Ss:%Sh'
2011/10/20 12:20:15| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2011/10/20 12:20:15| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2011/10/20 12:20:15| WARNING: For now we will assume you meant to write /8
2011/10/20 12:20:15| Warning: empty ACL: acl palavras_deny url_regex -i "/etc/squid3/acls/palavras-deny"
2011/10/20 12:20:15| Warning: empty ACL: acl palavras_allow url_regex -i "/etc/squid3/acls/palavras-allow"
2011/10/20 12:20:15| aclParseAclLine: Invalid ACL type '-i'
FATAL: Bungled squid.conf line 47: acl dstdomain -i Windowsupdate.microsoft.com au.download.Windowsupdate.com
Squid Cache (Version 3.1.11): Terminated abnormally.
CPU Usage: 0.020 seconds = 0.004 user + 0.016 sys
Maximum Resident Size: 16384 KB
Page faults with physical i/o: 0

-------------------------------------------------------------------------


o que fazer??

dolivervl
(usa Slackware)

Enviado em 20/10/2011 - 13:09h

Você não colocou nome na "acl dstdomain"..exemplo:

acl dominios dstdomain -i Windowsupdate.microsoft.com au.download.Windowsupdate.com
http_access allow dominios

jonathan_johnn
(usa Ubuntu)

Enviado em 20/10/2011 - 14:25h

Então eu coloquei o nome na acl

acl updatewin

e apos isso criei uma regra

http_access allow updatewin

porem outro erro ocorreu


---------------------------------------------------------

2011/10/20 14:26:28| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2011/10/20 14:26:28| cache_cf.cc(364) parseOneConfigFile: squid.conf:5 unrecognized: 'refresh_pattern.'
2011/10/20 14:26:28| cache_cf.cc(364) parseOneConfigFile: squid.conf:7 unrecognized: 'Agent}>h"%Ss:%Sh'
2011/10/20 14:26:28| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2011/10/20 14:26:28| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2011/10/20 14:26:28| WARNING: For now we will assume you meant to write /8
2011/10/20 14:26:28| Warning: empty ACL: acl palavras_deny url_regex -i "/etc/squid3/acls/palavras-deny"
2011/10/20 14:26:28| Warning: empty ACL: acl palavras_allow url_regex -i "/etc/squid3/acls/palavras-allow"
2011/10/20 14:26:28| Can't use proxy auth because no authentication schemes are fully configured.
FATAL: ERROR: Invalid ACL: acl AuthorizedUser proxy_auth REQUIRED

Squid Cache (Version 3.1.11): Terminated abnormally.
CPU Usage: 0.016 seconds = 0.012 user + 0.004 sys
Maximum Resident Size: 16400 KB
Page faults with physical i/o: 0

--------------------------------------------------------------------

jonathan_johnn
(usa Ubuntu)

Enviado em 20/10/2011 - 15:48h

Bom galera eu desinstalei e reinstalei o squid e apos isso fiz a configuração do squid.conf e quando fui rodar o comando
#squid3 -k parse

apresentou o seguinte erro:

-----------------------------------------------------------------------------------------------------

2011/10/20 15:53:04| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2011/10/20 15:53:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:5 unrecognized: 'refresh_pattern.'
2011/10/20 15:53:04| cache_cf.cc(364) parseOneConfigFile: squid.conf:7 unrecognized: 'Agent}>h"%Ss:%Sh'
2011/10/20 15:53:04| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2011/10/20 15:53:04| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2011/10/20 15:53:04| WARNING: For now we will assume you meant to write /8
2011/10/20 15:53:04| strtokFile: /etc/squid3/acls/sites-proibidos not found
2011/10/20 15:53:04| strtokFile: /etc/squid3/acls/sites-permitidos not found
2011/10/20 15:53:04| strtokFile: /etc/squid3/acls/palavras-deny not found
2011/10/20 15:53:04| Warning: empty ACL: acl palavras_deny url_regex -i "/etc/squid3/acls/palavras-deny"
2011/10/20 15:53:04| strtokFile: /etc/squid3/acls/palavras-allow not found
2011/10/20 15:53:04| Warning: empty ACL: acl palavras_allow url_regex -i "/etc/squid3/acls/palavras-allow"
2011/10/20 15:53:04| Can't use proxy auth because no authentication schemes are fully configured.
FATAL: ERROR: Invalid ACL: acl AuthorizedUser proxy_auth REQUIRED

Squid Cache (Version 3.1.11): Terminated abnormally.
CPU Usage: 0.028 seconds = 0.004 user + 0.024 sys
Maximum Resident Size: 16400 KB
Page faults with physical i/o: 49


---------------------------------------------------------------------------------------------------



Aguem ai pode me ajudar?

n4t4n
(usa Arch Linux)

Enviado em 21/10/2011 - 17:20h

Aqui você deve colocar um espaço antes e depois desse ponto, ficando assim:

refresh_pattern . 0 20% 4320 

Veja o formato dos parâmetros de log em http://www.squid-cache.org/Doc/config/logformat/

O Correto é

"%{User-Agent}>h" %Ss:%Sh

acl localhost src 127.0.0.1/32

acl redelocal src 192.168.0.0/24

    

acl to_localhost dst 127.0.0.0/255.0.0.0 

Troque por

[code]acl localhost src 127.0.0.1/32
acl redelocal src 192.168.0.0/24

acl to_localhost dst 127.0.0.0/8[/quote]



Veja se os arquivos estão nesse local informado, inclusive se os nomes correspondem aos informados



Parece que você não informou nenhuma palavra para ser bloqueada.



Arquivo não encontrado, veja a localização correta.



Parece que seu arquivo de palavras liberadas está vazio.



Você não configurou a autenticação direito. Reveja as configurações.

http://www.vivaolinux.com.br/artigo/Squid-com-autenticacao
http://www.vivaolinux.com.br/dica/Squid-com-autenticacao



acl AuthorizedUser proxy_auth REQUIRED

Esta acl é inválida. Veja os links acima.