Squid erro URL inválida

1. Squid erro URL inválida

Felipe Marques Ferreira
felipeb2a

(usa Ubuntu)

Enviado em 04/01/2017 - 13:32h

Estou tendo problemas ao abri alguns sites com URL sem (www, http), Outros sites abrem normalmente.
Segue erro que o squid informa abaixo.
Squid não transparente.
URL inválida

Alguma característica da URL requisitada é incorreta.

Alguns dos possíveis problemas são:

Protocolo de acesso faltando ou incorreto (deveria ser http:// ou semelhante)

Nome do host faltando

Escape duplo ilegal na URL-Path

Caracter ilegal no nome de host; underscores não são permitidos.


Configuração do squid e iptables

SQUID

#-----------------------------------------------------------------|CONFIGURACOES SQUID|-------------------------------------------------------------#
http_port 3128
visible_hostname proxy-server
cache_effective_user squid #significa que o Squid rodará como o usuário squid
error_directory /usr/local/squid/share/errors/pt-br #o parâmetro que coloca as páginas de erro do Squid em português
cache_mem 64 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 512 MB
minimum_object_size 0 KB
cache_mgr [email protected] #EMAIL WEBMASTER
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /usr/local/squid/var/cache 2048 16 256 #arquivo de log do Squid e o diretório de cache
cache_access_log /usr/local/squid/var/logs/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
acl manager proto cache_object
acl SSL_ports port 443 563
acl Safe_ports port 21 80 443 563 70 210 280 488 59 777 901 1025-65535
acl purge method PURGE
acl CONNECT method CONNECT
http_access deny manager
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

#---------------------------------------------------------------------------------------------------------------------------------------------------#

#-----------------------------------------------------------------|ACLs|----------------------------------------------------------------------------#
#-------------------------------------|MAC ADDRESS|------------------------------------------#

acl macaddressti arp "/usr/local/squid/etc/controle/mac_ti"
acl macaddressdiretores arp "/usr/local/squid/etc/controle/mac_diretores"
acl macaddressgerentes arp "/usr/local/squid/etc/controle/mac_gerentes"
#-------------------------------------|LIBERADOS|--------------------------------------------#

acl sites_liberados url_regex -i "/usr/local/squid/etc/controle/sites_liberados"
acl palavras_liberadas url_regex -i "/usr/local/squid/etc/controle/palavras_liberadas"

#-------------------------------------|BLOQUEIOS|--------------------------------------------#

acl sites_bloqueados url_regex -i "/usr/local/squid/etc/controle/sites_bloqueados"
acl extensoes_bloqueadas url_regex -i "/usr/local/squid/etc/controle/extensoes_bloqueadas"
acl palavras_bloqueadas url_regex -i "/usr/local/squid/etc/controle/palavras_bloqueadas"

#-------------------------------------|LIMITADO|--------------------------------------------#

acl sites_limitados url_regex -i "/usr/local/squid/etc/controle/sites_limitados"

#---------------------------------------------------------------------------------------------------------------------------------------------------#

#-----------------------------------------------------------------|CONTROLE DE BANDA|---------------------------------------------------------------#

#1° CONTROLE C/LIMITE
delay_pools 2
delay_class 1 2
delay_parameters 1 -1/-1 22500/22500

#2° CONTROLE C/LIMITE
delay_class 2 2
delay_parameters 2 -1/-1 -1/-1

delay_access 1 allow sites_limitados
delay_access 2 allow macaddressdiretores

#---------------------------------------------------------------------------------------------------------------------------------------------------#

#--------------------------------------------------------------|MASCARA DE REDE|--------------------------------------------------------------------#

acl redelocal src 192.168.0.0/24

#---------------------------------------------------------------------------------------------------------------------------------------------------#

#--------------------------------------------------------------|HTTP ACCESS|------------------------------------------------------------------------#
#-------------------------------------|DIRETORES|--------------------------------------------#
http_access allow macaddressdiretores

#-------------------------------------|GERENTES|---------------------------------------------#
http_access allow macaddressgerentes

#-------------------------------------|USUARIOS LIBERADOS|-----------------------------------#
#http_access allow macaddressti

#-------------------------------------|BLOQUEIOS|--------------------------------------------#
http_access deny extensoes_bloqueadas
http_access deny palavras_bloqueadas
http_access deny sites_bloqueados

#-------------------------------------|LIBERADOS|--------------------------------------------#
http_access allow sites_liberados
http_access allow palavras_liberadas

#-------------------------------------|GERAL|------------------------------------------------#
http_access allow redelocal
http_access deny all

#---------------------------------------------------------------------------------------------------------------------------------------------------#

#--------------------------------------------------------------|PAGINA DE ERRO|---------------------------------------------------------------------#

deny_info ERR_PAGE_SQUID sites_bloqueados
deny_info ERR_PAGE_SQUID extensoes_bloqueadas

#---------------------------------------------------------------------------------------------------------------------------------------------------#


IPTABLES

#!/bin/bash

##################################################################################################
# DECLARANDO AS VARIÁVEIS #
##################################################################################################

#INTERFACE DE REDE LIGADA A INTERNET
IFACE_WEB="eth0"

#INTERFACE DE REDE LIGADA A REDE INTERNA
IFACE_REDE="eth1"

#REDE INTERNA
REDE_INTERNA="192.168.0.0/24"

#PORTAS LIBERADAS TCP
PORTAS_TCP="20,21,22,53,80,443,1022,3128,8000,8001,9080,9090,10000"

#PORTAS LIBERADAS UDP
PORTAS_UDP="53,1194,123"

#PORTAS LIBERADAS PORTAS REDE INTERNA
PORTAS_REDE_INTERNA="25,110,557,993,445"

##################################################################################################
#----------------------------------->FUNCTION START<---------------------------------------------#
##################################################################################################
function start () {
##################################################################################################
# MODULOS IPTABLES #
##################################################################################################
modprobe ip_tables
modprobe iptable_nat
/sbin/modprobe ip_tables
/sbin/modprobe iptable_filter
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe nf_conntrack_ipv4
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ipt_MASQUERADE
/sbin/modprobe iptable_mangle
/sbin/modprobe iptable_nat
/sbin/modprobe nf_nat
/sbin/modprobe nf_conntrack
/sbin/modprobe x_tables
/sbin/modprobe nf_nat_pptp

##################################################################################################
# ATIVANDO ALGUMAS COISAS BASICAS DO KERNEL #
##################################################################################################
#COMENTE/DESCOMENTE, ATIVE/DESATIVE (DESABILITAR = 0 HABILITAR = 1)
echo 1 > /proc/sys/net/ipv4/tcp_syncookies # Habilitar o uso de syncookies (muito útil para evitar SYN flood attacks)
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all # Descomente caso queira desabilita o "ping" (Mensagens ICMP) para sua máquina
echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects # Não aceite redirecionar pacotes ICMP
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses # Ative a proteção contra respostas a mensagens de erro falsas
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts # Evita a peste do Smurf Attack e alguns outros de redes locais
echo 0 > /proc/sys/net/ipv4/conf/all/accept_source_route # Desabilita roteamento de fonte, evitando que indivíduos maliciosos gerarem trafego fingindo ser da rede local
#echo 0 > /proc/sys/net/ipv4/ip_forward # Desabilita roteamento de pacotes, lembre-se de configurar as portas da CHAIN FORWARD, caso a use


##################################################################################################
# LIMPAR TABELAS #
##################################################################################################
#LIMPA AS REGRAS DA TABELA
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X

##################################################################################################
# DEFINIR POLITICAS PADROES #
##################################################################################################
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

##################################################################################################
# CRIA IDA E VOLTA AS CHAINS #
##################################################################################################
#CRIA A IDA E VOLTA DO ACESSO NAS CHAINS INPUT, OUTPUT E FORWARD, ASSIM NÃO PRECISAMOS CRIAR A IDA E VOLTA NAS REGRAS
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

##################################################################################################
# REGRAS NAT #
##################################################################################################
#COMPARTILHA INTERNET ETH0 FOR ETH1
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

#REDIRECT SQUID
iptables -A INPUT -p tcp -i eth1 --dport 3128 -j ACCEPT
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 ! -s 192.0.0.248



  






Patrocínio

Site hospedado pelo provedor RedeHost.
Linux banner
Linux banner
Linux banner

Destaques

Artigos

Dicas

Tópicos

Top 10 do mês

Scripts