Squid negando acesso pagina estapar [RESOLVIDO]

fbiancardi79
(usa Debian)

Enviado em 02/06/2017 - 15:18h

Galera, Boa tarde, Alguém poderia me dar uma ajuda ? configurei um squid mas estou tendo dificuldade para acessar o site da estapar aparece a mensagem abaixo, já coloquei o site como liberado e também a porta no squid.conf e mesmo assim ainda esta negando


TCP_DENIED/403 123695 CONNECT www.estapar.com.br:448 - HIER_NONE/- text/html
TCP_DENIED_ABORTED/403 49270 CONNECT www.estapar.com.br:448 - HIER_NONE/- text/html

Squid.conf

error_directory /usr/share/squid-langpack/pt-br/
acl localnet src 172.16.100.0/24

# ACL Portas
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 81 # tcp host to host
acl Safe_ports port 82 # estapar
acl Safe_ports port 448 # boletos estapar
acl Safe_ports port 403
acl CONNECT method CONNECT

acl nocache url_regex -i "/etc/squid3/nocache"
acl sitesliberados dstdom_regex -i "/etc/squid3/sites.allow"
acl ipsfull src "/etc/squid3/ips.allow"
acl palavraspermitidas url_regex -i "/etc/squid3/palavras.allow"
acl skype_domain dstdom_regex skype.com
acl sitesbloqueados dstdom_regex -i "/etc/squid3/sites.deny"
acl palavrasbloqueadas url_regex -i "/etc/squid3/palavras.deny"
acl downloadsblock urlpath_regex -i "/etc/squid3/downloads.deny"
acl mailblocks url_regex -i "/etc/squid3/mail.deny
acl ipsblock src "/etc/squid3/ips.deny"

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow nocache
http_access allow skype_domain
http_access allow sitesliberados
http_access allow ipsfull
http_access allow palavraspermitidas

http_access deny sitesbloqueados
http_access deny palavrasbloqueadas
http_access deny downloadsblock
http_access deny ipsblock
http_access deny mailblocks
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

http_port 3128

cache_mem 1724 MB
cache_swap_low 90
cache_swap_high 95

cache_dir diskd /var/spool/squid3 20480 64 256 Q1=64 Q2=72

coredump_dir /var/spool/squid3

maximum_object_size 16384 kb
maximum_object_size_in_memory 20 kb



refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Buckminster
(usa Debian)

Enviado em 02/06/2017 - 15:42h

Execute squid -k parse (ou squid3 -k parse) e veja se dá alguma mensagem de ERROR ou FATAL e poste aqui.

berghetti
(usa Debian)

Enviado em 02/06/2017 - 17:46h

Esta correto essa porta que voçê coloca no final do endereço? www.estapar.com.br:448.

não seria 443? fiz o teste de fora, e o site não entra pela porta 448,
ou é uma aplicação interna?

fbiancardi79
(usa Debian)

Enviado em 02/06/2017 - 18:04h

Segue o resultado do comando


root@squid:~# squid3 -k parse
2017/06/02 18:03:37| Startup: Initializing Authentication Schemes ...
2017/06/02 18:03:37| Startup: Initialized Authentication Scheme 'basic'
2017/06/02 18:03:37| Startup: Initialized Authentication Scheme 'digest'
2017/06/02 18:03:37| Startup: Initialized Authentication Scheme 'negotiate'
2017/06/02 18:03:37| Startup: Initialized Authentication Scheme 'ntlm'
2017/06/02 18:03:37| Startup: Initialized Authentication.
2017/06/02 18:03:37| Processing Configuration File: /etc/squid3/squid.conf (depth 0)
2017/06/02 18:03:37| Processing: error_directory /usr/share/squid-langpack/pt-br/
2017/06/02 18:03:37| Processing: acl localnet src 172.16.100.0/24
2017/06/02 18:03:37| Processing: acl SSL_ports port 443 563
2017/06/02 18:03:37| Processing: acl Safe_ports port 80 # http
2017/06/02 18:03:37| Processing: acl Safe_ports port 21 # ftp
2017/06/02 18:03:37| Processing: acl Safe_ports port 443 # https
2017/06/02 18:03:37| Processing: acl Safe_ports port 563 # https
2017/06/02 18:03:37| Processing: acl Safe_ports port 70 # gopher
2017/06/02 18:03:37| Processing: acl Safe_ports port 210 # wais
2017/06/02 18:03:37| Processing: acl Safe_ports port 1025-65535 # unregistered ports
2017/06/02 18:03:37| Processing: acl Safe_ports port 280 # http-mgmt
2017/06/02 18:03:37| Processing: acl Safe_ports port 488 # gss-http
2017/06/02 18:03:37| Processing: acl Safe_ports port 591 # filemaker
2017/06/02 18:03:37| Processing: acl Safe_ports port 777 # multiling http
2017/06/02 18:03:37| Processing: acl Safe_ports port 81 # tcp host to host
2017/06/02 18:03:37| Processing: acl Safe_ports port 82 # estapar
2017/06/02 18:03:37| Processing: acl Safe_ports port 7071 # Zimbra
2017/06/02 18:03:37| Processing: acl CONNECT method CONNECT
2017/06/02 18:03:37| Processing: acl nocache url_regex -i "/etc/squid3/nocache"
2017/06/02 18:03:37| Processing: acl sitesliberados dstdom_regex -i "/etc/squid3/sites.allow"
2017/06/02 18:03:37| Processing: acl ipsfull src "/etc/squid3/ips.allow"
2017/06/02 18:03:37| Processing: acl palavraspermitidas url_regex -i "/etc/squid3/palavras.allow"
2017/06/02 18:03:37| Processing: acl skype_domain dstdom_regex skype.com
2017/06/02 18:03:37| Processing: acl sitesbloqueados dstdom_regex -i "/etc/squid3/sites.deny"
2017/06/02 18:03:37| /etc/squid3/squid.conf line 31: acl sitesbloqueados dstdom_regex -i "/etc/squid3/sites.deny"
2017/06/02 18:03:37| WARNING: there are more than 100 regular expressions. Consider using less REs or use rules without expressions like 'dstdomain'.
2017/06/02 18:03:37| Processing: acl palavrasbloqueadas url_regex -i "/etc/squid3/palavras.deny"
2017/06/02 18:03:37| Processing: acl downloadsblock urlpath_regex -i "/etc/squid3/downloads.deny"
2017/06/02 18:03:37| Processing: acl mailblocks url_regex -i "/etc/squid3/mail.deny
2017/06/02 18:03:37| Processing: acl ipsblock src "/etc/squid3/ips.deny"
2017/06/02 18:03:37| Processing: http_access deny !Safe_ports
2017/06/02 18:03:37| Processing: http_access deny CONNECT !SSL_ports
2017/06/02 18:03:37| Processing: http_access allow nocache
2017/06/02 18:03:37| Processing: http_access allow skype_domain
2017/06/02 18:03:37| Processing: http_access allow sitesliberados
2017/06/02 18:03:37| Processing: http_access allow ipsfull
2017/06/02 18:03:37| Processing: http_access allow palavraspermitidas
2017/06/02 18:03:37| Processing: http_access deny sitesbloqueados
2017/06/02 18:03:37| Processing: http_access deny palavrasbloqueadas
2017/06/02 18:03:37| Processing: http_access deny downloadsblock
2017/06/02 18:03:37| Processing: http_access deny ipsblock
2017/06/02 18:03:37| Processing: http_access deny mailblocks
2017/06/02 18:03:37| Processing: http_access allow localhost manager
2017/06/02 18:03:37| Processing: http_access deny manager
2017/06/02 18:03:37| Processing: http_access allow localnet
2017/06/02 18:03:37| Processing: http_access allow localhost
2017/06/02 18:03:37| Processing: http_access deny all
2017/06/02 18:03:37| Processing: http_port 3128
2017/06/02 18:03:37| Processing: cache_mem 1724 MB
2017/06/02 18:03:37| Processing: cache_swap_low 90
2017/06/02 18:03:37| Processing: cache_swap_high 95
2017/06/02 18:03:37| Processing: cache_dir diskd /var/spool/squid3 20480 64 256 Q1=64 Q2=72
2017/06/02 18:03:37| Processing: coredump_dir /var/spool/squid3
2017/06/02 18:03:37| Processing: maximum_object_size 16384 kb
2017/06/02 18:03:37| Processing: maximum_object_size_in_memory 20 kb
2017/06/02 18:03:37| Processing: refresh_pattern ^ftp: 1440 20% 10080
2017/06/02 18:03:37| Processing: refresh_pattern ^gopher: 1440 0% 1440
2017/06/02 18:03:37| Processing: refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
2017/06/02 18:03:37| Processing: refresh_pattern . 0 20% 4320
2017/06/02 18:03:37| Processing: cache_mgr suporte@souzaramos.com.br
2017/06/02 18:03:37| Processing: dns_nameservers 8.8.8.8
2017/06/02 18:03:37| Processing: dns_nameservers 8.8.4.4

fbiancardi79
(usa Debian)

Enviado em 02/06/2017 - 18:12h

berghetti,

Quando eu acesso o estapar e clico em login ele direciona para o endereço abaixo, fiz o teste retirando o proxy e acessa normal



A página da web em https://www.estapar.com.br:448/AutenticadorSite/LoginExterno.aspx?Aplicacao=29&ShowFooter=1 pode estar temporariamente indisponível ou pode ter sido movida permanentemente para um novo endereço da web.

SMarcell
(usa Slackware)

Enviado em 02/06/2017 - 18:42h

Adicione:

acl SSL_ports port 448

Buckminster
(usa Debian)

Enviado em 02/06/2017 - 19:50h

2017/06/02 18:03:37| Processing: acl Safe_ports port 82 # estapar

Veja a porta 448 não aparece em uma linha igual à acima.

Faça o que o SMarcell disse, reinicie o Squid e teste.

fbiancardi79
(usa Debian)

Enviado em 09/06/2017 - 10:00h

Galera, bom dia, muito obrigado pela ajuda de todos, deu certo inseri no squid.conf a "acl SSL_ports port 448" agora esta acessando normalmente

Buckminster
(usa Debian)

Enviado em 09/06/2017 - 10:09h

De nada.