Manuel Encarnacion
Aug 17, 2016, 4:02:09 PM8/17/16
to LinuxCabal
Saludos,
Estoy instalando un proxy con squid en CentOS7, lo que pasa es que no me esta filtrando el contenido que le solicito que bloquee.
En fin, no esta bloqueando el contenido
aqui mi configuracion de squid, favor diganme que linea estan mala
***********************************************************************************************************************************************************
acl localnet src 192.168.0.0/23
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl rules url_regex "/etc/squid/rules" # --> Aqui alunas palabras pornograficas para bloquear
acl block_download urlpath_regex "/etc/squid/block_download" # --> aqui tengo algunas extensiones para bloquear ejemplo: .avi$ .mpg$ .mpeg$ .exe$ .bat$ .mp3$
http_access deny facebook block_download
http_access allow Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
dns_v4_first on
cache_dir ufs /var/spool/squid 100 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
*********************************************************************************************
GRACIAS DE ANTEMANOS....
Omar
Aug 17, 2016, 4:24:25 PM8/17/16
to linux...@googlegroups.com
ahora casi todo el trafico va por https y hasta donde recuerdo squid no puede filtrar https, saludos
--
Has recibido este mensaje porque estás suscrito al grupo "LinuxCabal" de Grupos de Google.
Para anular la suscripción a este grupo y dejar de recibir sus mensajes, envía un correo electrónico a linuxcabal+unsubscribe@googlegroups.com.
Para publicar en este grupo, envía un correo electrónico a linux...@googlegroups.com.
Para ver esta conversación en el sitio web, visita https://groups.google.com/d/msgid/linuxcabal/9201ac94-1f72-4032-a081-7da6d175e61e%40googlegroups.com.
Para acceder a más opciones, visita https://groups.google.com/d/optout.
 | Carlos Omar Briseño Gutierrez Software Engineering Cell:(214) 797-7702 oma...@pixelab.com.mx http://pixelab.com.mx f t |  |
Manuel Encarnacion
Aug 17, 2016, 4:34:38 PM8/17/16
to linux...@googlegroups.com
Si, pero no me esta filtrando nada y el servicio esta funcionando correctamente. Tengo el forwarding de paquetes activo y todo y no me funciona.
--
Has recibido este mensaje porque estás suscrito a un tema del grupo "LinuxCabal" de Grupos de Google.
Para anular la suscripción a este tema, visita https://groups.google.com/d/topic/linuxcabal/6uIw8kGAbbQ/unsubscribe.
Para anular la suscripción a este grupo y a todos sus temas, envía un correo electrónico a linuxcabal+unsubscribe@googlegroups.com.
Para publicar en este grupo, envía un correo electrónico a linux...@googlegroups.com.
Para ver esta conversación en el sitio web, visita https://groups.google.com/d/msgid/linuxcabal/CAPcVVYoxeAzaX5tF5tH_4p6swFB5w0V%3D_i642BqcSFUxdQEgFg%40mail.gmail.com.
Omar
Aug 17, 2016, 4:44:32 PM8/17/16
to linux...@googlegroups.com
Te adjunto el que tengo yo en mi casa y esta funcionando, yo tengo un aparato con muy pocos recursos asi que tengo varias cosas tuneadas para que no utiliza muchos recursos pero tengo unas listas implementadas de bloqueo funcionando, espero te ayude
hosts_file /etc/hosts
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.10.0/24
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 192.168.10.0/24
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 13000-13200 # Uplay
acl Safe_ports port 14000-14025 # Uplay
acl Safe_ports port 10000-10099 # Uplay
acl Safe_ports port 1935 # Uplay
acl Safe_ports port 3470-3480 # Uplay
acl Safe_ports port 3074 # Uplay
acl Safe_ports port 2074 # Uplay
acl Safe_ports port 27014-27050 # Uplay
acl Safe_ports port 50000-60000 # Uplay
acl Safe_ports port 14000-14025 # Uplay
acl Safe_ports port 10000-10099 # Uplay
acl Safe_ports port 1935 # Uplay
acl Safe_ports port 3470-3480 # Uplay
acl Safe_ports port 3074 # Uplay
acl Safe_ports port 2074 # Uplay
acl Safe_ports port 27014-27050 # Uplay
acl Safe_ports port 50000-60000 # Uplay
acl Safe_ports port 32300-32500 # Plex
acl Safe_ports port 8324 # Plex
acl CONNECT method CONNECT
#Block pages
acl blacklist dstdom_regex -i "/etc/squid3/blacklist"
http_access deny blacklist
#Block Ads
acl blacklist_ads dstdom_regex -i "/etc/squid3/ad_block.txt"
acl blacklist_ads2 dstdom_regex -i "/etc/squid3/ad_block2.txt"
acl blacklist_ads3 dstdom_regex -i "/etc/squid3/lists/blacklists/ads/expressions"
acl blacklist_ads4 dstdom_regex -i "/etc/squid3/lists/blacklists/ads/domains"
http_access deny blacklist_ads
http_access deny blacklist_ads2
http_access deny blacklist_ads3
http_access deny blacklist_ads4
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Damos permisos para utilizar solo en red local
acl Safe_ports port 8324 # Plex
acl CONNECT method CONNECT
#Block pages
acl blacklist dstdom_regex -i "/etc/squid3/blacklist"
http_access deny blacklist
#Block Ads
acl blacklist_ads dstdom_regex -i "/etc/squid3/ad_block.txt"
acl blacklist_ads2 dstdom_regex -i "/etc/squid3/ad_block2.txt"
acl blacklist_ads3 dstdom_regex -i "/etc/squid3/lists/blacklists/ads/expressions"
acl blacklist_ads4 dstdom_regex -i "/etc/squid3/lists/blacklists/ads/domains"
http_access deny blacklist_ads
http_access deny blacklist_ads2
http_access deny blacklist_ads3
http_access deny blacklist_ads4
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Damos permisos para utilizar solo en red local
http_access allow localnet
http_access allow localhost
http_access allow localhost
http_reply_access allow localnet
http_port 81 transparent
#Negamos a todos los que no esten en la lista
http_access deny all
http_reply_access deny all
maximum_object_size 4 MB
minimum_object_size 20 KB
maximum_object_size_in_memory 128 KB
memory_replacement_policy heap LFUDA
cache_mem 512 MB
tcp_recv_bufsize 256 KB # 64 KB jala muy bien
# OPTIONS FOR TUNING THE CACHE
cache allow all
# OPTIONS INFLUENCING REQUEST FORWARDING
always_direct allow all
# MISCELLANEOUS
memory_pools off
ipcache_size 1638
ipcache_low 90
ipcache_high 95
cache_swap_low 92
cache_swap_high 93
http_port 81 transparent
#Negamos a todos los que no esten en la lista
http_access deny all
http_reply_access deny all
maximum_object_size 4 MB
minimum_object_size 20 KB
maximum_object_size_in_memory 128 KB
memory_replacement_policy heap LFUDA
cache_mem 512 MB
tcp_recv_bufsize 256 KB # 64 KB jala muy bien
# OPTIONS FOR TUNING THE CACHE
cache allow all
# OPTIONS INFLUENCING REQUEST FORWARDING
always_direct allow all
# MISCELLANEOUS
memory_pools off
ipcache_size 1638
ipcache_low 90
ipcache_high 95
cache_swap_low 92
cache_swap_high 93
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern ^gopher: 1440 0% 1440
memory_pools off
ignore_unknown_nameservers off
client_persistent_connections on
server_persistent_connections on
client_db off # Si se quita esta linea todo vale verga todo
## timeouts
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 seconds
request_timeout 30 seconds
persistent_request_timeout 1 minute
client_lifetime 20 hours
## general options
forwarded_for off
half_closed_clients off
httpd_suppress_version_string on
retry_on_error on
strip_query_terms off
## disable multicast icp
icp_port 0
icp_access deny all
## disable ident lookups
ident_lookup_access deny all
ignore_unknown_nameservers off
client_persistent_connections on
server_persistent_connections on
client_db off # Si se quita esta linea todo vale verga todo
## timeouts
forward_timeout 30 seconds
connect_timeout 30 seconds
read_timeout 30 seconds
request_timeout 30 seconds
persistent_request_timeout 1 minute
client_lifetime 20 hours
## general options
forwarded_for off
half_closed_clients off
httpd_suppress_version_string on
retry_on_error on
strip_query_terms off
## disable multicast icp
icp_port 0
icp_access deny all
## disable ident lookups
ident_lookup_access deny all
Para ver esta conversación en el sitio web, visita https://groups.google.com/d/msgid/linuxcabal/CAKBgnMJjHwpBrgW%3DP_AyXHE99umwRgkAjY2jMSB8z_hQvokdUA%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages