Here is the squid.conf ######################################## # ARQUIVOS DE CONFIGURACAO DO SQUID # ######################################## http_port 3128 hierarchy_stoplist cgi-bin ? acl QUERY urlpath_regex cgi-bin \? no_cache deny QUERY cache_dir ufs /var/cache/squid 10 16 256 cache_access_log /var/log/squid/access.log ftp_user Squid@xxxxxxxxxxxxxxx cache_mgr palula@xxxxxxxxxx ######################################## # CONFIGURACAO DE ACCESS LISTS # ######################################## acl all src 0/0 acl minha_rede src 192.168.100.0/24 acl bad_strings url_regex "/etc/squid/bad_strings.acl" acl bad_ips dst "/etc/squid/bad_ips.acl" acl bad_sites dstdomain "/etc/squid/bad_sites.acl" acl bad_files urlpath_regex "/etc/squid/bad_files.acl" acl good_strings url_regex "/etc/squid/good_strings.acl" acl good_sites dstdomain "/etc/squid/permitted.acl" acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl ssl_ports port 443 563 acl safe_ports port 80 # http acl safe_ports port 21 # ftp acl safe_ports port 443 563 # https, snews acl safe_ports port 70 # gopher acl safe_ports port 210 # wais acl safe_ports port 1025-65535 # unregistered ports acl safe_ports port 280 # http-mgmt acl safe_ports port 488 # gss-http acl safe_ports port 591 # filemaker acl safe_ports port 777 # multiling http ######################################## # SEGURANCA DE HEADERS # ######################################## header_access Via deny all header_access X-Forwarded-For deny all header_access Proxy-Connection deny all header_access Accept-Encoding deny all header_access User-Agent deny all header_replace Via Stealthed header_replace X-Forwarded-For Unknown header_replace User-Agent Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.6+) Gecko/20011122 ######################################## # PERMISSOES # ######################################## acl CONNECT method CONNECT http_access deny bad_sites !good_sites http_access deny bad_strings !good_strings http_access deny bad_ips http_access deny bad_files http_access deny CONNECT !ssl_ports http_access allow safe_ports http_access allow manager localhost http_access deny manager http_access allow minha_rede http_access deny all visible_hostname netradio.com.br coredump_dir /var/cache/squid httpd_accel_host virtual httpd_accel_port 80 httpd_accel_with_proxy on httpd_accel_uses_host_header on ------ And here is the content of each ACL file. bad_files.acl ######################################### # EXTENSOES DE ARQUIVOS BLOQUEADOS # ######################################### \.(pif)$ \.(scr)$ \.(vbs)$ #\.(mp3)$ #\.(wav)$ #\.(aif)$ #\.(wma)$ #\.(wmv)$ #\.(avi)$ #\.(mpg)$ bad_ips.acl ######################################### # LISTA DE IP'S BLOQUEADOS # ######################################### 200.140.108.246 bad_sites.acl ######################################### # LISTA DE SITES BLOQUEADOS # ######################################### .parperfeito.com.br .sexy.com.br .sexo.com.br .cracks.am .bps.uol.com.br .batepapo.uol.com.br .astalavista.box.sk .flogbrasil.terra.com.br .bangbus.com .blackbroswhitehoes.com .circuspenis.com .bangbros.com .monstersofcock.com .voxcards.ig.com.br .mipagina.americaonline.com.mx .rapidupload.com .bogojevic.com .emoction.webcindario.com .forum.reset.ru .tuscaloosa.al.us .mulherespetacular.t35.com .tiscali.cz .gratisweb.com .tufos.com.br .sexlog.com.br .icomcity.com .feias.com .garotasbrasileiras.com.ar .macstar.com.br .mileninha.com .tanaonda.net bad_strings.acl ######################################### # LISTA DE PALAVRAS BLOQUEADAS # ######################################### # Palavras de conteudo pornografico sex porn cum fuck bitch dick puta putinha rola pau caralho buceta ninfeta gostosa bunda anal safad mulheresnuas mulhernu mulheresnuas mulhernua siririca punheta bordel boquete piroca brasileirinhas # Palavras de ceonteudo duvidoso warez crack hack serial good_strings.acl ################################## # PALAVRAS PERMITIDAS # ################################## computador permitted.acl ################################## # DOMINIOS PERMITIDOS # ################################## .uol.com.br ----- Original Message ----- From: "Christoph Haas" <email@xxxxxxxxxxxxxxxxx> To: <squid-users@xxxxxxxxxxxxxxx> Sent: Wednesday, December 21, 2005 12:51 PM Subject: Re: Good/Bad string problem... On Wednesday 21 December 2005 13:25, Palula Brasil wrote: > The syntax looks very nice to me. In fact I changed all the two lined > permissions with exceptions within my squid.conf but still... > > When I put canal on the good_strings file, the word anal can now be > accessed all over the place... Can you post the configuration and the two good/bad_strings files here unless they are extremely huge? Christoph -- ~ ~ ".signature" [Modified] 2 lines --100%-- 2,41 All
