Squid

Arquivo de Proxy

( /etc/squid/squid.conf )

# yum install squid

# chmod 4755 /usr/lib64/squid/pam_auth

--------------------------------------------------------------------------------------------------------

squid.conf

acl manager proto cache_object

acl localhost src 127.0.0.1/32 ::1

acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network

acl localnet src 172.16.0.0/12 # RFC1918 possible internal network

acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl localnet src fc00::/7 # RFC 4193 local private network range

acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 # https

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

#Autenticacao de senha

auth_param basic program /usr/lib64/squid/pam_auth

auth_param basic children 5 startup=5 idle=1

auth_param basic realm Autenticacao do Proxy

auth_param basic credentialsttl 2 hours

acl senha proxy_auth REQUIRED

http_access allow manager localhost

http_access deny manager

http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

# -------------------- REGRAS BASICAS -------------------- #

#Autenticacao:

#http_access deny !senha

#http_access allow localnet

#http_access allow localhost

#http_access deny all

# -------------------- REGRAS BASICAS -------------------- #

# -------------------- REGRAS -------------------- #

# - ACLs -

acl BatePapo url_regex -i "/etc/squid/acl/BatePapo"

acl BatePapoMsnLiberado url_regex -i "/etc/squid/acl/BatePapoMsnLiberado"

acl UsuariosBatePapo proxy_auth "/etc/squid/acl/UsuariosBatePapo"

acl PalavrasBloqueadas url_regex "/etc/squid/acl/PalavrasBloqueadas"

acl DownloadsGeral url_regex "/etc/squid/acl/DownloadsGeral"

acl MicroGoverno src "/etc/squid/acl/MicroGoverno"

acl MicroBanco src "/etc/squid/acl/MicroBanco"

acl DominiosLiberados url_regex "/etc/squid/acl/DominiosLiberados"

acl DominiosSemCache url_regex "/etc/squid/acl/DominiosSemCache"

acl DominiosGoverno url_regex "/etc/squid/acl/DominiosGoverno"

acl DominiosBancos url_regex "/etc/squid/acl/DominiosBancos"

acl DominiosRedesSociais url_regex "/etc/squid/acl/DominiosRedesSociais"

acl DominiosVideos url_regex "/etc/squid/acl/DominiosVideos"

acl DominiosBlog url_regex "/etc/squid/acl/DominiosBlog"

acl DominiosShareds url_regex "/etc/squid/acl/DominiosShareds"

acl UsuariosRedesSociais proxy_auth "/etc/squid/acl/UsuariosRedesSociais"

acl UsuariosVideos proxy_auth "/etc/squid/acl/UsuariosVideos"

acl UsuariosBlog proxy_auth "/etc/squid/acl/UsuariosBlog"

acl UsuariosShareds proxy_auth "/etc/squid/acl/UsuariosShareds"

acl UsuariosSuporte proxy_auth "/etc/squid/acl/UsuariosSuporte"

# - BLOQUEIOS -

# Sem cache

no_cache deny DominiosSemCache

#Libera a propria maquina

http_access allow localhost

#Liberar MSN

http_access allow BatePapoMsnLiberado

#Liberar Governo

http_access allow MicroGoverno DominiosGoverno

#Liberar Bancos

http_access allow MicroBanco DominiosBancos

http_access allow MicroBanco DominiosBancos SSL_ports

#Autenticacao:

http_access deny !senha

http_access allow DominiosRedesSociais UsuariosRedesSociais

http_access allow DominiosShareds UsuariosShareds

http_access allow DominiosVideos UsuariosVideos

http_access allow DominiosBlog UsuariosBlog

http_access allow DominiosLiberados

#Regras Bate Papo

http_access allow BatePapo SSL_ports UsuariosBatePapo

http_access allow BatePapo UsuariosBatePapo

http_access deny BatePapo

http_access deny PalavrasBloqueadas

http_access allow UsuariosSuporte

http_access deny DownloadsGeral

http_access allow localnet

http_access deny all

# -------------------- REGRAS -------------------- #

http_port 3128

hierarchy_stoplist cgi-bin ?

cache_dir ufs /var/spool/squid 2048 16 256

cache_mgr contato@silviogarbes.com.br

coredump_dir /var/spool/squid

error_default_language pt-br

# Add any of your own refresh_pattern entries above these.

refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-private

refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-no-store ignore-no-private

refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200 override-expire ignore-no-cache ignore-no-store ignore-no-private

refresh_pattern -i \.index.(html|htm)$ 0 40% 10080

refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320

refresh_pattern . 0 40% 40320

--------------------------------------------------------------------------------------------------------

# mkdir /etc/squid/acl

# touch /etc/squid/acl/BatePapo

# touch /etc/squid/acl/BatePapoMsnLiberado

# touch /etc/squid/acl/UsuariosBatePapo

# touch /etc/squid/acl/PalavrasBloqueadas

# touch /etc/squid/acl/DownloadsGeral

# touch /etc/squid/acl/MicroGoverno

# touch /etc/squid/acl/MicroBanco

# touch /etc/squid/acl/DominiosLiberados

# touch /etc/squid/acl/DominiosSemCache

# touch /etc/squid/acl/DominiosGoverno

# touch /etc/squid/acl/DominiosBancos

# touch /etc/squid/acl/DominiosRedesSociais

# touch /etc/squid/acl/DominiosVideos

# touch /etc/squid/acl/DominiosBlog

# touch /etc/squid/acl/DominiosShareds

# touch /etc/squid/acl/UsuariosRedesSociais

# touch /etc/squid/acl/UsuariosVideos

# touch /etc/squid/acl/UsuariosBlog

# touch /etc/squid/acl/UsuariosShareds

# touch /etc/squid/acl/UsuariosSuporte

# touch /etc/squid/acl/UsuariosRestritos

# /etc/squid/acl/BatePapo

login.live.com

# /etc/squid/acl/BatePapoMsnLiberado

apps.skype.com

# /etc/squid/acl/UsuariosBatePapo

usuario

# /etc/squid/acl/PalavrasBloqueadas

4shared

# /etc/squid/acl/DownloadsGeral

\.com$

\.bat$

\.arj$

\.pif$

\.bin$

\.cue$

\.iso$

\.mp3$

\.mpg$

\.wma$

\.wav$

\.divx$

\.scr$

\.gz$

\.tar.gz$

\.tgz$

\.tar$

\.tar.bz2$

\.tbz$

\.rar$

\.exe$

\.zip$

\.mpeg$

\.wmv$

\.avi$

\.xls$

\.doc$

\.dot$

\.xlt$

\.flv$

\.mov$

\.mar$

\.msi$

\.mid$

\.pps$

\.rmvb$

\.asf$

\.upd$

# /etc/squid/acl/MicroGoverno

192.168.1.1

# /etc/squid/acl/MicroBanco

192.168.1.1

# /etc/squid/acl/DominiosLiberados

update.avg.com

# /etc/squid/acl/DominiosSemCache

nfe.fazenda.gov.br

# /etc/squid/acl/DominiosGoverno

nfe.fazenda.gov.br

# /etc/squid/acl/DominiosBancos

caixa.gov.br

# /etc/squid/acl/DominiosRedesSociais

linkedin.com

facebook.com

facebook.net

fbcdn.net

# /etc/squid/acl/DominiosVideos

youtube.com

# /etc/squid/acl/DominiosBlog

blogspot.com

# /etc/squid/acl/DominiosShareds

4shared.com

megaupload.com

easy-share.com

recaptcha.net

sendspace.com

vimeo.com

# /etc/squid/acl/UsuariosRedesSociais

usuario

# /etc/squid/acl/UsuariosVideos

usuario

# /etc/squid/acl/UsuariosBlog

usuario

# /etc/squid/acl/UsuariosShareds

usuario

# /etc/squid/acl/UsuariosSuporte

usuario

# /etc/squid/acl/UsuariosRestritos

usuario