.. SQUID PROXY ..
Falando em proxy não podemos deixar de falar do proxy mais rápido e o mais modular do mundo da informática o SQUID!!! Demonstro abaixo um modelo criado pela minha pessoa espero que ajude a todos!
Importante!
Este .conf esta com regras (ACLs) para bloquear MSN, Goolge Talk e sites de PPPPPP!!!!!! Endereços padrões que não são permitidos na maioria das empresas.
Obs. melhores documentos do SQUID (man squid) e (http://www.squid-cache.org/)
# Arquivo de configuração /etc/squid/squid.conf
# daemon
# Service start /etc/init.d/squid start
# Service stop /etc/init.d/squid stop
# Service reload /etc/init.d/squid reload
# utilize tail –f /var/log/squid/access.log # você poderá monitorar ou até mesmo utilizar para analisar um endereço específico.
SQUID.CONF
# Proxy
# Owner: Rafael Duarte
############################
#Create date: 01/02/2007
http_port 192.168.0.2:8088
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
#Manager cache proxy
cache_mem 64 MB
cache_dir diskd /var/spool/squid 512 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
#ACL — Acesso exclusivo rede 192.168.0.0/24
acl LanEMP src 192.168.0.0/255.255.255.0
#ACL — EMP…
#Ips com acesso ao MSN Messenger
acl MsnAllow src 192.168.0.28/255.255.255.255
acl MsnAllow src 192.168.0.111/255.255.255.255
acl MsnAllow src 192.168.0.14/255.255.255.255
acl MsnAllow src 192.168.0.12/255.255.255.255
acl sites dstdomain .talkx.l.google.com .talk.google.com .cervejazul.com.br
.inutilidades.hex.com.br .video.google.com .meebo.com .inutilidades.com.br
.meebo.com.br .portaldovt.com.br .imaginarlo.com .ninjaproxy.com
.playboy.com.br .sexy.com .video.msn.com .video.globo.com .orkut.com
acl extensoes urlpath_regex .wma$ .asf$ .mov$ .mpg$ .mpeg$ .avi$
.mp3$ .wav$ .mid$ .pps$ .bat$ .scr$ .exe$
acl palavras url_regex -i talkx talk koolim mathtunnel safehazard meebo google-talk googletalk thecrims radiotuner iloveim msnanywhere proxify mastaline screensaver linkblog messbrasil ilovemessenger canalmsn meiobit mmclient centova tutorials1 contabilsantaizabel msnpiki msnfanatic youtube messengerfx sexo putaria filetransferenabled
acl MsnDominiosIP dst 216.32.66.235/255.255.255.255 72.21.057.0/255.255.255.0 207.46.110.0/255.255.255.0 62.116.121.0/255.255.255.0 64.12.163.0/255.255.255.0 205.188.179.0/255.255.255.0 205.188.213.0/255.255.255.0 62.116.83.62/255.255.255.255 69.36.226.0/255.255.255.0 216.129.112.0/255.255.255.0 216.129.113.0/255.255.255.0 65.216.115.0/255.255.255.0 85.184.4.0/255.255.255.0 193.238.160.0/255.255.255.0 72.36.146.0/255.255.255.0 209.34.241.0/255.255.255.0 64.92.172.108/255.255.255.255
acl MsnDominios dstdomain .imessenger.com .messenger.msn.com .messenger.hotmail.com
.realtunnel.com .webmessenger.msn.com .webmessenger.com.br .e-messenger.com.br
.e-messenger.net .msnmessenger.com .webmessenger.com .emessenger.com
.iloveim.com .iloveim.com.br .ilovemessenger.com .akamai.net .akamaitech.net
.hopster.com .meebo.com .meebo.com.br .wm.jabbernet.dk .imessenger.com.br
.webmessenger.blitzaffe.com .leamonde.net .msngamecenter.com .msn2go.com
.msnger.com .messenger.yahoo.com .cresce.net .messengerfx.com
#ACL — Deny all other access
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
#Recommend minimum configuration
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
#Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
#Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
#Deny requests to unknown ports
http_access deny !Safe_ports
#Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#Police — EMP –
http_access deny palavras
http_access deny sites
http_access deny extensoes
http_access allow MsnAllow
http_access deny MsnDominiosIP
http_access deny MsnDominios
#Police — Acesso exclusivo local 127.0.0.1/255.255.255.255
http_access allow localhost
#Police — Acesso exclusivo rede LanEMP 192.168.0.0/24
http_access allow LanEMP
#Deny All other access
http_access deny all
#Limpeza automática do cache
reference_age 1 week
#Definição para que não seja feito cachê de páginas seguras SSL
no_cache deny SSL_ports
