Squid erro URL inválida
1. Squid erro URL inválida
felipeb2a
(usa Ubuntu)
Enviado em 04/01/2017 - 13:32h
Estou tendo problemas ao abri alguns sites com URL sem (www, http), Outros sites abrem normalmente.Segue erro que o squid informa abaixo.
Squid não transparente.
URL inválida
Alguma característica da URL requisitada é incorreta.
Alguns dos possíveis problemas são:
Protocolo de acesso faltando ou incorreto (deveria ser http:// ou semelhante)
Nome do host faltando
Escape duplo ilegal na URL-Path
Caracter ilegal no nome de host; underscores não são permitidos.
Alguma característica da URL requisitada é incorreta.
Alguns dos possíveis problemas são:
Protocolo de acesso faltando ou incorreto (deveria ser http:// ou semelhante)
Nome do host faltando
Escape duplo ilegal na URL-Path
Caracter ilegal no nome de host; underscores não são permitidos.
Configuração do squid e iptables
SQUID
#-----------------------------------------------------------------|CONFIGURACOES SQUID|-------------------------------------------------------------#
http_port 3128
visible_hostname proxy-server
cache_effective_user squid #significa que o Squid rodará como o usuário squid
error_directory /usr/local/squid/share/errors/pt-br #o parâmetro que coloca as páginas de erro do Squid em português
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_mgr felipe.ferreira@server.com.br #EMAIL WEBMASTER
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /usr/local/squid/var/cache 2048 16 256 #arquivo de log do Squid e o diretório de cache
cache_access_log /usr/local/squid/var/logs/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
http_access deny manager
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#-----------------------------------------------------------------|ACLs|----------------------------------------------------------------------------#
#-------------------------------------|MAC ADDRESS|------------------------------------------#
acl macaddressti arp "/usr/local/squid/etc/controle/mac_ti"
acl macaddressdiretores arp "/usr/local/squid/etc/controle/mac_diretores"
acl macaddressgerentes arp "/usr/local/squid/etc/controle/mac_gerentes"
#-------------------------------------|LIBERADOS|--------------------------------------------#
acl sites_liberados url_regex -i "/usr/local/squid/etc/controle/sites_liberados"
acl palavras_liberadas url_regex -i "/usr/local/squid/etc/controle/palavras_liberadas"
#-------------------------------------|BLOQUEIOS|--------------------------------------------#
acl sites_bloqueados url_regex -i "/usr/local/squid/etc/controle/sites_bloqueados"
acl extensoes_bloqueadas url_regex -i "/usr/local/squid/etc/controle/extensoes_bloqueadas"
acl palavras_bloqueadas url_regex -i "/usr/local/squid/etc/controle/palavras_bloqueadas"
#-------------------------------------|LIMITADO|--------------------------------------------#
acl sites_limitados url_regex -i "/usr/local/squid/etc/controle/sites_limitados"
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#-----------------------------------------------------------------|CONTROLE DE BANDA|---------------------------------------------------------------#
#1° CONTROLE C/LIMITE
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 22500/22500
#2° CONTROLE C/LIMITE
delay_class 2 2
delay_parameters 2 -1/-1 -1/-1
delay_access 1 allow sites_limitados
delay_access 2 allow macaddressdiretores
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#--------------------------------------------------------------|MASCARA DE REDE|--------------------------------------------------------------------#
acl redelocal src 192.168.0.0/24
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#--------------------------------------------------------------|HTTP ACCESS|------------------------------------------------------------------------#
#-------------------------------------|DIRETORES|--------------------------------------------#
http_access allow macaddressdiretores
#-------------------------------------|GERENTES|---------------------------------------------#
http_access allow macaddressgerentes
#-------------------------------------|USUARIOS LIBERADOS|-----------------------------------#
#http_access allow macaddressti
#-------------------------------------|BLOQUEIOS|--------------------------------------------#
http_access deny extensoes_bloqueadas
http_access deny palavras_bloqueadas
http_access deny sites_bloqueados
#-------------------------------------|LIBERADOS|--------------------------------------------#
http_access allow sites_liberados
http_access allow palavras_liberadas
#-------------------------------------|GERAL|------------------------------------------------#
http_access allow redelocal
http_access deny all
#---------------------------------------------------------------------------------------------------------------------------------------------------#
#--------------------------------------------------------------|PAGINA DE ERRO|---------------------------------------------------------------------#
deny_info ERR_PAGE_SQUID sites_bloqueados
deny_info ERR_PAGE_SQUID extensoes_bloqueadas
#---------------------------------------------------------------------------------------------------------------------------------------------------#
IPTABLES
#!/bin/bash
##################################################################################################
# DECLARANDO AS VARIÁVEIS #
##################################################################################################
#INTERFACE DE REDE LIGADA A INTERNET
IFACE_WEB="eth0"
#INTERFACE DE REDE LIGADA A REDE INTERNA
IFACE_REDE="eth1"
#REDE INTERNA
REDE_INTERNA="192.168.0.0/24"
#PORTAS LIBERADAS TCP
PORTAS_TCP="20,21,22,53,80,443,1022,3128,8000,8001,9080,9090,10000"
#PORTAS LIBERADAS UDP
PORTAS_UDP="53,1194,123"
#PORTAS LIBERADAS PORTAS REDE INTERNA
PORTAS_REDE_INTERNA="25,110,557,993,445"
##################################################################################################
#----------------------------------->FUNCTION START<---------------------------------------------#
##################################################################################################
function start () {
##################################################################################################
# MODULOS IPTABLES #
##################################################################################################
modprobe ip_tables
modprobe iptable_nat
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe nf_conntrack_ipv4
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe nf_nat
/sbin/modprobe nf_conntrack
/sbin/modprobe x_tables
/sbin/modprobe nf_nat_pptp
##################################################################################################
# ATIVANDO ALGUMAS COISAS BASICAS DO KERNEL #
##################################################################################################
#COMENTE/DESCOMENTE, ATIVE/DESATIVE (DESABILITAR = 0 HABILITAR = 1)
echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Habilitar o uso de syncookies (muito útil para evitar SYN flood attacks)
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all # Descomente caso queira desabilita o "ping" (Mensagens ICMP) para sua máquina
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects # Não aceite redirecionar pacotes ICMP
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses # Ative a proteção contra respostas a mensagens de erro falsas
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Evita a peste do Smurf Attack e alguns outros de redes locais
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route # Desabilita roteamento de fonte, evitando que indivíduos maliciosos gerarem trafego fingindo ser da rede local
#echo 0 > /proc/sys/net/ipv4/ip_forward # Desabilita roteamento de pacotes, lembre-se de configurar as portas da CHAIN FORWARD, caso a use
##################################################################################################
# LIMPAR TABELAS #
##################################################################################################
#LIMPA AS REGRAS DA TABELA
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
##################################################################################################
# DEFINIR POLITICAS PADROES #
##################################################################################################
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
##################################################################################################
# CRIA IDA E VOLTA AS CHAINS #
##################################################################################################
#CRIA A IDA E VOLTA DO ACESSO NAS CHAINS INPUT, OUTPUT E FORWARD, ASSIM NÃO PRECISAMOS CRIAR A IDA E VOLTA NAS REGRAS
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
##################################################################################################
# REGRAS NAT #
##################################################################################################
#COMPARTILHA INTERNET ETH0 FOR ETH1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
#REDIRECT SQUID
iptables -A INPUT -p tcp -i eth1 --dport 3128 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 ! -s 192.0.0.248
Patrocínio
Site hospedado pelo provedor RedeHost.
Destaques
Atenção a quem posta conteúdo de dicas, scripts e tal (1)
Artigos
Manutenção de sistemas Linux Debian e derivados com apt-get, apt, aptitude e dpkg
Melhorando o tempo de boot do Fedora e outras distribuições
Como instalar as extensões Dash To Dock e Hide Top Bar no Gnome 45/46
Dicas
Como Atualizar Fedora 39 para 40
Instalar Google Chrome no Debian e derivados
Consertando o erro do Sushi e Wayland no Opensuse Leap 15
Instalar a última versão do PostgreSQL no Lunix mantendo atualizado
Flathub na sua distribuição Linux e comandos básicos de gerenciamento
Tópicos
erro ao clonar repo github (7)
ASRock H310CM-HG4 vs Linux (1)
Como adicionar módulo de saúde da bateria dos notebooks Acer ao kernel... (26)
Top 10 do mês
-
Xerxes
1° lugar - 72.588 pts -
Fábio Berbert de Paula
2° lugar - 58.055 pts -
Clodoaldo Santos
3° lugar - 44.914 pts -
Buckminster
4° lugar - 26.890 pts -
Sidnei Serra
5° lugar - 26.027 pts -
Daniel Lara Souza
6° lugar - 17.826 pts -
Mauricio Ferrari
7° lugar - 17.301 pts -
Alberto Federman Neto.
8° lugar - 17.247 pts -
Diego Mendes Rodrigues
9° lugar - 15.544 pts -
edps
10° lugar - 14.673 pts
Scripts
[Shell Script] Script para desinstalar pacotes desnecessários no OpenSuse
[Shell Script] Script para criar certificados de forma automatizada no OpenVpn
[Shell Script] Conversor de vídeo com opção de legenda
[C/C++] BRT - Bulk Renaming Tool
[Shell Script] Criação de Usuarios , Grupo e instalação do servidor de arquivos samba
A maior comunidade GNU/Linux da América Latina! Artigos, dicas, tutoriais, fórum, scripts e muito mais. Ideal para quem busca auto-ajuda.
Site hospedado por:
