On 2/14/08, Amos Jeffries <squid3@xxxxxxxxxxxxx> wrote: > > Here in my simple server, the squid works fine, but after post a > > message about radio, Amos sad: > > > > " Squid is actually an > > interceptor, not fully transparent. When they go down clients can expect > > 'Unable to Connect' errors. " > > > > And, this is true. When my squid go down, my clients can't be surf > > because squid is not working. > > > > I don't have anotherr server, and I don't need too. > > > > I need only control the navegation of my clients on the internet. > > > > So, if possible, I want if anyone can see my squid.conf and tell me if > > it is good or need improvement. > > > > Thanks for all. > > > > My squid.conf: > > > > http_port 10.0.0.250:3128 transparent > > > > icp_port 0 > > > > cache_mem 128 MB > > cache_swap_low 90 > > cache_swap_high 95 > > cache_dir ufs /usr/local/squid/var/cache 1024 16 256 > > cache_access_log /usr/local/squid/var/logs/access.log > > cache_log /usr/local/squid/var/logs/cache.log > > cache_store_log none > > maximum_object_size_in_memory 1 MB > > maximum_object_size 100 MB > > minimum_object_size 0 MB > > > > pid_filename /usr/local/squid/var/logs/squid.pid > > > > visible_hostname squid.provider.com.br > > > > cache_effective_user squidaemon > > cache_effective_group squid > > > > acl autologinDSA dst 10.0.0.250/32 > > > > acl diretor src 10.0.0.55/32 > > acl recepcao src 10.0.0.57/32 > > acl financeiro src 10.0.0.56/32 > > acl suporte src 10.0.0.248/32 > > acl suporte2 src 10.0.0.13/32 > > > > acl vip1 src 10.0.1.0/28 > > acl vip2 src 10.0.2.0/28 > > acl vip3 src 10.0.3.0/28 > > acl vip4 src 10.0.4.0/28 > > > > acl forbidden_words url_regex -i "/usr/local/squid/etc/forbidden_words" > > acl forbidden_down url_regex -i "/usr/local/squid/etc/forbidden_down" > > > > external_acl_type checkip children=40 % SRC > > /usr/local/mwsystem/squid/sbin/checkv2.sh > > no gap in " %SRC " > > > > > acl checkblock external checkip > > > > acl all src 0.0.0.0/0.0.0.0 > > acl localnet src 10.0.0.0/16 > > acl localhost src 127.0.0.0/32 > > acl method_control proto cache_object > > > > http_access allow method_control localhost > > http_access deny method_control > > > > http_access allow autologinDSa > > > > http_access deny checkblock !autologinDSA > > > > http_access allow diretor > > http_access allow diretor forbidden_down > > If s/he is allowed all access, no need to bother with regex. > > > > > http_access allow recepcao autologinDSA > > If s/he is allowed all access, no need to bother with some destinations. > > > http_access allow recepcao > > > > http_access deny financeiro > > > > http_access allow suporte > > http_access allow suporte2 > > > > http_access deny forbidden_words > > http_access deny forbidden_down > > > > http_access allow vip1 > > http_access allow vip2 > > http_access allow vip3 > > http_access allow vip4 > > > > http_access deny localnet !autologinDSA > > http_access deny all > > http_access deny localnet > > Only need the middle one there. > For some reason there is no allow for checkbolck people. > > They get authenticated, then nothing matches for them until the final > "deny all" > > Amos > > > Checkblock is a external program. It verify the ip machine and block if the ip is in a file configuration.
