{"id":85,"date":"2010-11-11T00:51:36","date_gmt":"2010-11-11T03:51:36","guid":{"rendered":"http:\/\/blog.digavoip.com.br\/2010\/11\/11\/squidconf-exemplo-com-autenticacao-pam\/"},"modified":"2010-11-11T00:59:34","modified_gmt":"2010-11-11T03:59:34","slug":"squidconf-exemplo-com-autenticacao-pam","status":"publish","type":"post","link":"https:\/\/blog.abratel.com.br\/?p=85","title":{"rendered":"Squid.conf Exemplo com autenticacao PAM"},"content":{"rendered":"

http_port 3128 transparent
\nvisible_hostname debian<\/p>\n

################################################################################
\nmemory_pools on<\/p>\n

cache_mem 512 MB
\nmaximum_object_size_in_memory 1024 KB<\/p>\n

maximum_object_size 2512 MB
\nminimum_object_size 10 KB<\/p>\n

cache_swap_low 95
\ncache_swap_high 98<\/p>\n

cache_replacement_policy heap GDSF
\nmemory_replacement_policy heap GDSF<\/p>\n

fqdncache_size 20240
\nipcache_size 20240
\nipcache_low 90
\nipcache_high 95
\ndiskd_program \/usr\/lib\/squid\/diskd
\nunlinkd_program \/usr\/lib\/squid\/unlinkd
\ncache_dir ufs \/var\/spool\/squid 819200 16 256
\ncache_access_log \/var\/log\/squid\/access.log
\ncache_log \/var\/log\/squid\/cache.log
\ncache_store_log \/var\/log\/squid\/store.log<\/p>\n

#mime_table \/etc\/squid\/mime.conf
\npid_filename \/var\/log\/squid\/squid.pid
\nlog_fqdn on
\ncache_mgr admin@abratel.com.br
\ndns_nameservers 200.165.132.147 8.8.8.8
\nlogfile_rotate 10
\nie_refresh on
\nforwarded_for off<\/p>\n

refresh_pattern ^ftp: 1440 20% 10080
\nrefresh_pattern ^gopher: 1440 0% 2280
\nrefresh_pattern . 15 20% 4280<\/p>\n

################################################################################
\nauth_param basic children 15
\nauth_param basic realm Abratel Proxy Server<\/p>\n

auth_param basic program \/usr\/lib\/squid\/pam_auth<\/p>\n

###############################################################################<\/p>\n

acl proibidos url_regex -i “\/etc\/squid\/bloqueados\/proibidos.txt”
\nacl liberados url_regex -i “\/etc\/squid\/bloqueados\/liberados.txt”<\/p>\n

## ACL USUARIOS ##<\/p>\n

acl ulisses.pass proxy_auth “\/etc\/squid\/bloqueados\/ulisses.user”
\nacl ulisses.unblock url_regex -i “\/etc\/squid\/bloqueados\/ulisses.unblock.txt”<\/p>\n

acl all src 192.168.254.0\/255.255.255.0<\/p>\n

#regras necessarias
\nacl manager proto cache_object
\nacl localhost src 127.0.0.1\/255.255.255.255
\nacl to_localhost dst 127.0.0.0\/8
\nacl SSL_ports_443 port 443 8080
\nacl SSL_ports port 443 563 8080 10000 2038
\nacl Safe_ports port 80 443 # http
\n#acl Safe_ports port 20
\n#acl Safe_ports port 21 # ftp
\nacl Safe_ports port 443 563 10000 # https, snews
\nacl Safe_ports port 70 # gopher
\nacl Safe_ports port 210 # wais
\nacl Safe_ports port 1025-65535 # unregistered ports
\nacl Safe_ports port 280 # http-mgmt
\nacl Safe_ports port 488 # gss-http
\nacl Safe_ports port 591 # filemaker
\nacl Safe_ports port 777 # multiling http
\nacl Safe_ports port 8080 # multiling http
\nacl Safe_ports_msn port 1863
\nacl CONNECT method CONNECT<\/p>\n

http_access deny proibidos
\nhttp_access allow liberados<\/p>\n

http_access allow ulisses.pass ulisses.unblock<\/p>\n

####################################################
\nhttp_access deny !ulisses.unblock
\nhttp_access deny !liberados<\/p>\n

###################################################<\/p>\n

http_reply_access allow all
\n#
\nhttp_access allow all<\/p>\n

#################################################
\nicp_access allow all
\nmiss_access allow all
\nicon_directory \/usr\/share\/squid\/icons
\nerror_directory \/usr\/share\/squid\/errors\/Portuguese
\nvisible_hostname Abratel Proxy Server
\nhalf_closed_clients off
\nstore_dir_select_algorithm round-robin<\/p>\n

————————————————————————–
\nEstrutura do \/etc\/squid\/bloqueados
\n-rw-r–r– 1 root root 9 Nov 11 01:42 liberados.txt –> sites liberados para todos
\n -rw-r–r– 1 root root 5 Nov 11 01:46 proibidos.txt –> sites proibidos para todos
\n-rw-r–r– 1 root root 8 Nov 11 01:53 ulisses.unblock.txt –> sites liberados para esse usuario (se por um ponto “.” dentro do arquivo, libera tudo)
\n-rw-r–r– 1 root root 8 Nov 11 01:43 ulisses.user –> nome do usuario na tabela do mysql<\/p>\n","protected":false},"excerpt":{"rendered":"

http_port 3128 transparent visible_hostname debian ################################################################################ memory_pools on cache_mem 512 MB maximum_object_size_in_memory 1024 KB maximum_object_size 2512 MB minimum_object_size 10 KB cache_swap_low 95 cache_swap_high 98 cache_replacement_policy heap GDSF memory_replacement_policy heap GDSF fqdncache_size 20240 ipcache_size 20240 ipcache_low 90 ipcache_high 95 diskd_program \/usr\/lib\/squid\/diskd unlinkd_program \/usr\/lib\/squid\/unlinkd cache_dir ufs \/var\/spool\/squid…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/85"}],"collection":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=85"}],"version-history":[{"count":0,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=\/wp\/v2\/posts\/85\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=85"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=85"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.abratel.com.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=85"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}