Posted in Linux

Squid.conf Exemplo com autenticacao PAM

 Published Date: 11 de novembro de 2010

http_port 3128 transparent
visible_hostname debian

################################################################################
memory_pools on

cache_mem 512 MB
maximum_object_size_in_memory 1024 KB

maximum_object_size 2512 MB
minimum_object_size 10 KB

cache_swap_low 95
cache_swap_high 98

cache_replacement_policy heap GDSF
memory_replacement_policy heap GDSF

fqdncache_size 20240
ipcache_size 20240
ipcache_low 90
ipcache_high 95
diskd_program /usr/lib/squid/diskd
unlinkd_program /usr/lib/squid/unlinkd
cache_dir ufs /var/spool/squid 819200 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

#mime_table /etc/squid/mime.conf
pid_filename /var/log/squid/squid.pid
log_fqdn on
cache_mgr admin@abratel.com.br
dns_nameservers 200.165.132.147 8.8.8.8
logfile_rotate 10
ie_refresh on
forwarded_for off

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 2280
refresh_pattern . 15 20% 4280

################################################################################
auth_param basic children 15
auth_param basic realm Abratel Proxy Server

auth_param basic program /usr/lib/squid/pam_auth

###############################################################################

acl proibidos url_regex -i “/etc/squid/bloqueados/proibidos.txt”
acl liberados url_regex -i “/etc/squid/bloqueados/liberados.txt”

## ACL USUARIOS ##

acl ulisses.pass proxy_auth “/etc/squid/bloqueados/ulisses.user”
acl ulisses.unblock url_regex -i “/etc/squid/bloqueados/ulisses.unblock.txt”

acl all src 192.168.254.0/255.255.255.0

#regras necessarias
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports_443 port 443 8080
acl SSL_ports port 443 563 8080 10000 2038
acl Safe_ports port 80 443 # http
#acl Safe_ports port 20
#acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 10000 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8080 # multiling http
acl Safe_ports_msn port 1863
acl CONNECT method CONNECT

http_access deny proibidos
http_access allow liberados

http_access allow ulisses.pass ulisses.unblock

####################################################
http_access deny !ulisses.unblock
http_access deny !liberados

###################################################

http_reply_access allow all
#
http_access allow all

#################################################
icp_access allow all
miss_access allow all
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/Portuguese
visible_hostname Abratel Proxy Server
half_closed_clients off
store_dir_select_algorithm round-robin

————————————————————————–
Estrutura do /etc/squid/bloqueados
-rw-r–r– 1 root root 9 Nov 11 01:42 liberados.txt –> sites liberados para todos
-rw-r–r– 1 root root 5 Nov 11 01:46 proibidos.txt –> sites proibidos para todos
-rw-r–r– 1 root root 8 Nov 11 01:53 ulisses.unblock.txt –> sites liberados para esse usuario (se por um ponto “.” dentro do arquivo, libera tudo)
-rw-r–r– 1 root root 8 Nov 11 01:43 ulisses.user –> nome do usuario na tabela do mysql

Deixe um comentário