Squid
Arquivo de Proxy
( /etc/squid/squid.conf )
# yum install squid
# chmod 4755 /usr/lib64/squid/pam_auth
--------------------------------------------------------------------------------------------------------
squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#Autenticacao de senha
auth_param basic program /usr/lib64/squid/pam_auth
auth_param basic children 5 startup=5 idle=1
auth_param basic realm Autenticacao do Proxy
auth_param basic credentialsttl 2 hours
acl senha proxy_auth REQUIRED
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
# -------------------- REGRAS BASICAS -------------------- #
#Autenticacao:
#http_access deny !senha
#http_access allow localnet
#http_access allow localhost
#http_access deny all
# -------------------- REGRAS BASICAS -------------------- #
# -------------------- REGRAS -------------------- #
# - ACLs -
acl BatePapo url_regex -i "/etc/squid/acl/BatePapo"
acl BatePapoMsnLiberado url_regex -i "/etc/squid/acl/BatePapoMsnLiberado"
acl UsuariosBatePapo proxy_auth "/etc/squid/acl/UsuariosBatePapo"
acl PalavrasBloqueadas url_regex "/etc/squid/acl/PalavrasBloqueadas"
acl DownloadsGeral url_regex "/etc/squid/acl/DownloadsGeral"
acl MicroGoverno src "/etc/squid/acl/MicroGoverno"
acl MicroBanco src "/etc/squid/acl/MicroBanco"
acl DominiosLiberados url_regex "/etc/squid/acl/DominiosLiberados"
acl DominiosSemCache url_regex "/etc/squid/acl/DominiosSemCache"
acl DominiosGoverno url_regex "/etc/squid/acl/DominiosGoverno"
acl DominiosBancos url_regex "/etc/squid/acl/DominiosBancos"
acl DominiosRedesSociais url_regex "/etc/squid/acl/DominiosRedesSociais"
acl DominiosVideos url_regex "/etc/squid/acl/DominiosVideos"
acl DominiosBlog url_regex "/etc/squid/acl/DominiosBlog"
acl DominiosShareds url_regex "/etc/squid/acl/DominiosShareds"
acl UsuariosRedesSociais proxy_auth "/etc/squid/acl/UsuariosRedesSociais"
acl UsuariosVideos proxy_auth "/etc/squid/acl/UsuariosVideos"
acl UsuariosBlog proxy_auth "/etc/squid/acl/UsuariosBlog"
acl UsuariosShareds proxy_auth "/etc/squid/acl/UsuariosShareds"
acl UsuariosSuporte proxy_auth "/etc/squid/acl/UsuariosSuporte"
# - BLOQUEIOS -
# Sem cache
no_cache deny DominiosSemCache
#Libera a propria maquina
http_access allow localhost
#Liberar MSN
http_access allow BatePapoMsnLiberado
#Liberar Governo
http_access allow MicroGoverno DominiosGoverno
#Liberar Bancos
http_access allow MicroBanco DominiosBancos
http_access allow MicroBanco DominiosBancos SSL_ports
#Autenticacao:
http_access deny !senha
http_access allow DominiosRedesSociais UsuariosRedesSociais
http_access allow DominiosShareds UsuariosShareds
http_access allow DominiosVideos UsuariosVideos
http_access allow DominiosBlog UsuariosBlog
http_access allow DominiosLiberados
#Regras Bate Papo
http_access allow BatePapo SSL_ports UsuariosBatePapo
http_access allow BatePapo UsuariosBatePapo
http_access deny BatePapo
http_access deny PalavrasBloqueadas
http_access allow UsuariosSuporte
http_access deny DownloadsGeral
http_access allow localnet
http_access deny all
# -------------------- REGRAS -------------------- #
http_port 3128
hierarchy_stoplist cgi-bin ?
cache_dir ufs /var/spool/squid 2048 16 256
cache_mgr contato@silviogarbes.com.br
coredump_dir /var/spool/squid
error_default_language pt-br
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-no-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-no-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern . 0 40% 40320
--------------------------------------------------------------------------------------------------------
# mkdir /etc/squid/acl
# touch /etc/squid/acl/BatePapo
# touch /etc/squid/acl/BatePapoMsnLiberado
# touch /etc/squid/acl/UsuariosBatePapo
# touch /etc/squid/acl/PalavrasBloqueadas
# touch /etc/squid/acl/DownloadsGeral
# touch /etc/squid/acl/MicroGoverno
# touch /etc/squid/acl/MicroBanco
# touch /etc/squid/acl/DominiosLiberados
# touch /etc/squid/acl/DominiosSemCache
# touch /etc/squid/acl/DominiosGoverno
# touch /etc/squid/acl/DominiosBancos
# touch /etc/squid/acl/DominiosRedesSociais
# touch /etc/squid/acl/DominiosVideos
# touch /etc/squid/acl/DominiosBlog
# touch /etc/squid/acl/DominiosShareds
# touch /etc/squid/acl/UsuariosRedesSociais
# touch /etc/squid/acl/UsuariosVideos
# touch /etc/squid/acl/UsuariosBlog
# touch /etc/squid/acl/UsuariosShareds
# touch /etc/squid/acl/UsuariosSuporte
# touch /etc/squid/acl/UsuariosRestritos
# /etc/squid/acl/BatePapo
login.live.com
# /etc/squid/acl/BatePapoMsnLiberado
apps.skype.com
# /etc/squid/acl/UsuariosBatePapo
usuario
# /etc/squid/acl/PalavrasBloqueadas
4shared
# /etc/squid/acl/DownloadsGeral
\.com$
\.bat$
\.arj$
\.pif$
\.bin$
\.cue$
\.iso$
\.mp3$
\.mpg$
\.wma$
\.wav$
\.divx$
\.scr$
\.gz$
\.tar.gz$
\.tgz$
\.tar$
\.tar.bz2$
\.tbz$
\.rar$
\.exe$
\.zip$
\.mpeg$
\.wmv$
\.avi$
\.xls$
\.doc$
\.dot$
\.xlt$
\.flv$
\.mov$
\.mar$
\.msi$
\.mid$
\.pps$
\.rmvb$
\.asf$
\.upd$
# /etc/squid/acl/MicroGoverno
192.168.1.1
# /etc/squid/acl/MicroBanco
192.168.1.1
# /etc/squid/acl/DominiosLiberados
update.avg.com
# /etc/squid/acl/DominiosSemCache
nfe.fazenda.gov.br
# /etc/squid/acl/DominiosGoverno
nfe.fazenda.gov.br
# /etc/squid/acl/DominiosBancos
caixa.gov.br
# /etc/squid/acl/DominiosRedesSociais
linkedin.com
facebook.com
facebook.net
fbcdn.net
# /etc/squid/acl/DominiosVideos
youtube.com
# /etc/squid/acl/DominiosBlog
blogspot.com
# /etc/squid/acl/DominiosShareds
4shared.com
megaupload.com
easy-share.com
recaptcha.net
sendspace.com
vimeo.com
# /etc/squid/acl/UsuariosRedesSociais
usuario
# /etc/squid/acl/UsuariosVideos
usuario
# /etc/squid/acl/UsuariosBlog
usuario
# /etc/squid/acl/UsuariosShareds
usuario
# /etc/squid/acl/UsuariosSuporte
usuario
# /etc/squid/acl/UsuariosRestritos
usuario