You are on page 1of 4

####################################################### # Virgos TI - squid.

conf ####################################################### error_directory /usr/share/squid/errors/Portuguese/ httpd_suppress_version_string on dns_defnames on ## Proxy transparente ## #httpd_accel_host 80 #httpd_accel_host virtual #httpd_accel_with_proxy on #httpd_accel_uses_host_header on #arquivo de log do squid access_log /var/log/squid/access.log squid pid_filename /var/run/squid.pid visible_hostname firewall.alcoa #portas do squid http_port 2120 http_port 3128 transparent https_port 3130 transparent cert=/etc/chaves/server.crt key=/etc/chaves/server.k ey cache_effective_user squid cache_mgr administrador@alcoa.com.br hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? ## nao faz cache acl NOCACHE dstdomain "/etc/squid/nocache-dom" no_cache deny QUERY no_cache deny NOCACHE ## refresh_pattern ^ftp: refresh_pattern ^gopher: refresh_pattern . 1440 1440 0 20% 0% 20% 10080 1440 4320

# # Default ACLs (Regras padro do squid) # acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 563 acl Safe_ports port 80 8081 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 563 # https, snews acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker

acl acl acl acl

Safe_ports port 777 # multiling http Safe_ports port 10000 # webmin Safe_ports port 995 587 # imap CONNECT method CONNECT

## # Autenticacao ## auth_param auth_param auth_param auth_param auth_param auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp ntlm children 5 basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic basic children 5 basic realm Squid proxy-caching web server basic credentialsttl 5 hour

## ## Custom ACLs ## #Tempo que squid guarda o IP utilizado pelo usuario #authenticate_ip_ttl #Bloqueia o acesso de um usuario atraves de varios Desktops #acl FOO max_user_ip 2 # proxy aberto para as redes abaixo acl alcoa src 192.168.0.0/24 # redes permitidas sem autenticacao acl intra-ip dst 200.9.84.0/24 200.136.235.0/24 acl intra-dom dstdomain ufscar acl intra-ports port 443 80 25 110 143 #Regra para incluso de Aplicativos/Extens es acl notworkrelated-mime_req req_mime_type "/etc/squid/mime_proibidos.txt" acl notworkrelated-mime_rep rep_mime_type "/etc/squid/mime_proibidos.txt" # Torrrent acl notworkrelated-mime rep_mime_type "/etc/squid/notworkrelated-mime" ## Regras basicas Palavras e dominios #dominios nao permitidos ex. 4shared, megaupload acl notworkrelated-dom dstdomain "/etc/squid/notworkrelated-dom" # expressoes nao permitidas acl notworkrelated-regex url_regex "/etc/squid/notworkrelated-regex" # expressoes permitidas acl workrelated-regex url_regex "/etc/squid/workrelated-regex" #dominios permitidos acl workrelated-dom dstdomain "/etc/squid/workrelated-dom" ##dominios redes sociais acl redessociais-dom dstdomain "/etc/squid/redessociais" ## ## dominios proxys acl proxys-dom dstdomain "/etc/squid/proxys-dom" ## ## ## Regra MSN (incluso de dominios relacionados ao MSN) acl msn_dom dstdomain "/etc/squid/msn-dom" acl msn_regex url_regex "/etc/squid/msn-regex" ###

## Regras de Horario acl manha time MTWHF 8:00-12:00 acl tarde time MTWHF 14:00-18:00 ## Regras de ips # IPs liberados acl ip_irrestrito src "/etc/squid/ip_irrestrito" #usuarios irrestritos acl auth_irrestrito proxy_auth teste #usuarios comuns acl auth_restrito proxy_auth REQUIRED ## ## Aplicando as regras ## http_access allow manager localhost http_access deny manager http_access allow auth_irrestrito # Acesso irrestrito http_access allow ip_irrestrito http_access allow auth_irrestrito # Bloqueio de portas http_access deny !Safe_ports http_access deny CONNECT !SSL_ports !Safe_ports # Libera acesso local e dominios locais http_access allow localhost http_access allow intra-ip intra-ports http_access allow intra-dom intra-ports http_access allow workrelated-dom # Bloqueio Sites Downloads e Torrent http_access deny notworkrelated-dom http_access deny notworkrelated-mime # Bloqueio por Palavras http_access deny notworkrelated-regex !workrelated-dom # Bloqueio MSN http_access deny http_access deny http_access deny http_access deny Horario msn_dom manha msn_dom tarde msn_regex manha msn_regex tarde

# Bloqueio Redes Sociais http_access deny redessociais-dom manha http_access deny redessociais-dom tarde # Bloqueio Proxy Reversos http_access deny proxys-dom manha http_access deny proxys-dom tarde # Acesso da rede Alcoa - Restrito a regra de horario http_access allow alcoa http_access allow auth_restrito

# Bloqueia os demais acessos http_access deny all # Bloqueio de MIME(Aplicativos ) http_reply_access deny notworkrelated-mime_rep http_reply_access deny notworkrelated-mime_req http_reply_access allow all icp_access allow all coredump_dir /var/spool/squid # debug - cache.log debug_options ALL,1 33,2