Search squid archive

Re: Proxy Parent

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Quieres que te hagan el trabajo :) jejeje

mandame email

Luis Daniel Lucio Quiroz
CISSP, CISM, CISA
Linux, VoIP and much more fun
www.okay.com.mx

Need LCR? Check out LCR for FusionPBX with FreeSWITCH
Need Billing? Check out Billing for FusionPBX with FreeSWITCH

2015-06-12 15:27 GMT-04:00 Jonathan Filogna <jonathan.filogna@xxxxxxxxxxxx>:
Hi all, here's my new situation (still on squid 2.7)

i want to send by DIRECT uservipstr, uservip
i want to send by PARENT userti, userlimitado, user200mb, userinternet

i want to send by DIRECT all the NTLM users that don't belong to any list of above

(ikr, my english sucks)

i want to block streaming (blockstr, blockstr2, audyvid, vidyaud) for all but uservipstr

if i remove the line "always_direct allow ntlm" DIRECT/PARENT tules works but doesn't streaming rules

if i let that line, streaming works but doesn't DIRECT/PARENT

here's my squid.conf. I'll put here all because can't find where's my error


########################

##NOMBRE VISIBLE DEL PROXY

visible_hostname prana

##NTLM
#
##DECLARADO

auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5
auth_param ntlm keep_alive off

##DECLARACION DE NTLM EXTERNO PARA BLOQUEO DE DESCARGA DE ARCHIVOS
##BALANCEO DE CARGA Y TAMAÑOS DE ARCHIVOS DESCARGADOS
#
##DECLARADO

external_acl_type ntlm_group ttl=3600 children=100 %LOGIN /usr/lib/squid/wbinfo_group.pl

##ACA DECLARO LISTAS DE ACCESO DE ROEMMERS
#
##DECLARADO

acl porno url_regex -i "/etc/squid/listas/porno.lst"
acl permitidos dstdomain -i "/etc/squid/listas/permitidos.lst"
acl directo url_regex -i "/etc/squid/listas/direct.lst"
acl vidyaud rep_mime_type -i "/etc/squid/listas/blockstr.lst"
acl useragent browser -i "/etc/squid/blockejec/browser.lst"
acl blockstr req_mime_type -i "/etc/squid/blockejec/blocstreaming.lst"
acl blockejec url_regex -i "/etc/squid/blockejec/blockejec.lst"
acl audyvid req_mime_type -i "/etc/squid/listas/blockstr.lst"
acl blockstr2 rep_mime_type -i "/etc/squid/blockejec/blocstreaming.lst"
acl destinolimitado dstdomain -i "/etc/squid/listas/limitado.lst"

###ACL DE SKYPE
acl skype external ntlm_group "/etc/squid/listas/skype.lst"
acl numeric_ips dstdom_regex ^(([0-9]+.[0-9]+.[0-9]+.[0-9]+)|([([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?])):443
acl skype_ua browser ^skype
acl validuseragent browser \S+
#
##DECLARADO
acl all src all
acl CONNECT method CONNECT
##DECLARO SQSTAT
##ACL SQSTAT
acl manager proto cache_object
http_access allow manager webserver
http_reply_access allow manager webserver
http_access deny manager

#REGLAS DE NAVEGACION
http_access deny porno all
http_reply_access deny porno all
acl uservipstr external ntlm_group "/etc/squid/listas/uservipstr.lst"
http_access deny blockejec uservipstr
http_access allow uservipstr
http_reply_access allow uservipstr
http_access deny blockstr !uservipstr all
http_reply_access deny blockstr !uservipstr all
http_access deny blockstr2 !uservipstr all
http_reply_access deny blockstr2 !uservipstr all
http_access deny audyvid !uservipstr all
http_access deny vidyaud !uservipstr all
http_reply_access deny audyvid !uservipstr all
http_reply_access deny vidyaud !uservipstr all
reply_body_max_size 9999999999999999999999999999999 deny uservipstr
acl uservip external ntlm_group "/etc/squid/listas/uservip.lst"
http_access deny blockejec uservip
http_access allow uservip
reply_body_max_size 9999999999999999999999999999999 deny uservip
http_reply_access allow uservip
always_direct allow uservip
acl userti external ntlm_group "/etc/squid/listas/userti.lst"
http_access deny blockejec !userti
http_access allow userti
http_reply_access allow userti

reply_body_max_size 9999999999999999999999999999999 deny userti
acl user200mb external ntlm_group "/etc/squid/listas/user200mb.lst"
http_access allow user200mb
http_reply_access allow user200mb
reply_body_max_size 500000000 deny user200mb
acl userinternet external ntlm_group "/etc/squid/listas/userinternet.lst"
http_access allow userinternet
http_reply_access allow userinternet
reply_body_max_size 45000000 deny userinternet
acl userlimitado external ntlm_group "/etc/squid/listas/userlimitado.lst"
http_access deny userlimitado !destinolimitado
http_reply_access deny userlimitado !destinolimitado
never_direct allow userlimitado
#deny
reply_body_max_size 45000000 deny userlimitado
##DECLARO LISTAS DE ACCESO EXTRAS



##LISTO

##ACL COMUNES
acl localnet src 192.168.0.0/16
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 78 69 #Spotify

##SRC'S DECLARADAS
#
##ACA DECLARO ACCESOS HTTP Y FILTRADO POR GRUPO DE AD



# Deny requests to unknown ports
#http_access allow Safe_ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
##ACCESOS HTTP DECLARADOS
#
##ACA INICIA SSO
acl ntlm proxy_auth REQUIRED
#http_access deny !ntlm
########################################## DESCOMENTAR SI VAMOS CON BLACKLIST
http_access deny numeric_ips !skype
http_access deny skype_ua !skype
http_access deny !validuseragent !skype
##########################################
http_access allow permitidos ntlm
http_reply_access allow permitidos ntlm
http_access allow permitidos !userlimitado
http_reply_access allow permitidos !userlimitado
http_access deny all
http_reply_access deny all
reply_body_max_size 500000 deny all
##ACA TERMINA
#
##Allow ICP queries from local networks only
icp_access allow localnet
icp_access deny all
##
#
## Squid normally listens to port 3128
http_port 3128
##PUERTO SQUID DECLARADO
#
##LOG
access_log /var/log/squid/access.log squid
##HECHO
#
#LIMITANDO DESCARGA A 40 MB
#reply_body_max_size 0 allow userti
#reply_body_max_size 0 allow uservip
#reply_body_max_size 0 allow uservipstr
#reply_body_max_size 4000000 allow user200mb
#reply_body_max_size 4000  allow userinternet
#reply_body_max_size 4000 allow userlimitado
#reply_body_max_size 0 deny all
##HECHO

##PROXY PARENT!! EN CASO DE QUE SE CAIGA EL PROXY PARENT
## O AL MOMENTO DE REEMPLAZAR EL FIREWALL POR UN ACTIVO-ACTIVO
##COMENTAR ESTAS LINEAS
cache_peer 192.168.26.15 parent 3128 0 no-digest proxy-only no-delay no-query

dead_peer_timeout 30 seconds
#
#HECHO

##EN QUE CASOS ES DIRECT?
##
##EL RESTO NAVEGARA POR PARENT
always_direct allow uservipstr
always_direct allow uservip
always_direct allow directo
always_direct allow blockejec
always_direct deny blockstr
always_direct allow permitidos all
never_direct allow blockstr
never_direct allow userti
always_direct allow ntlm
always_direct deny all
never_direct allow all


##LLAMADO A SQUIDGUARD
url_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.conf
url_rewrite_children 50

##############################

Thanks for your attention
--
Jonathan Filogna
It Senior
Tasso SRL
4702 1910

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux