sexta-feira, 6 de dezembro de 2013

Exemplo Squid.conf Proxy Autenticado



http_port 192.168.1.1:3128
http_port 192.168.30.1:3128
http_port 127.0.0.1:3128
http_port 127.0.0.1:80 transparent
icp_port 0

pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_directory /usr/local/etc/squid/errors/English
icon_directory /usr/local/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/log/access.log
cache_log /var/squid/log/cache.log
cache_store_log none
logfile_rotate 10
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.1.0/255.255.255.0 192.168.30.0/255.255.255.0 127.0.0.0/255.0.0.0
uri_whitespace strip

cache_mem 8 MB
maximum_object_size_in_memory 32 KB
memory_replacement_policy heap LFUDA
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 3000 16 256
minimum_object_size 0 KB
maximum_object_size 4 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95
acl donotcache dstdomain "/var/squid/acl/donotcache.acl"
cache deny donotcache
# No redirector configured



# Setup some default acls
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 939 3128 1025-65535 873 1025-65535 1863 7777 7778 4444 4443 8088
acl sslports port 443 563 939 873 10000 1863 3303 4444 4443
acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECT
acl dynamic urlpath_regex cgi-bin \?
acl allowed_subnets src 10.11.5.0/24 10.11.4.0/24 192.168.1.0/24 192.168.50.0/24 192.168.30.0/24 192.168.2.0/24 10.0.2.0/24 192.168.10.0/24 
acl whitelist dstdom_regex -i "/var/squid/acl/whitelist.acl"
acl blacklist dstdom_regex -i "/var/squid/acl/blacklist.acl"
cache deny dynamic
http_access allow manager localhost
# Always allow access to whitelist domains
http_access allow whitelist
# Block access to blacklist domains
http_access deny blacklist
  
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

# Always allow localhost connections
http_access allow localhost

acl noauth src 192.168.30.0/24
auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -R -v 3 -b "DC=unialco,DC=local" -D "CN=Proxy Auth,CN=Users,DC=USINA,DC=local" -w AquiSenha -f "sAMAccountName=%s" -u uid -P 192.168.1.8:389
auth_param  children 35
                        
auth_param basic realm Por favor, insira seus dados de acesso
auth_param basic credentialsttl 60 minutes
acl password proxy_auth REQUIRED
http_access allow noauth
http_access allow password localnet
http_access allow password allowed_subnets
# Custom options
redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squidGuard/squidGuard.conf
redirector_bypass on
redirect_children 3

quick_abort_min 0 KB
quick_abort_max 0 KB
request_body_max_size 0 KB
reply_body_max_size 0 deny all
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow all
# Default block all to be sure
http_access deny all



Nenhum comentário:

Postar um comentário