Quieres que te hagan el trabajo :) jejeje
mandame email
Luis Daniel Lucio Quiroz
CISSP, CISM, CISA
Linux, VoIP and much more fun
www.okay.com.mx
Need LCR? Check out LCR for FusionPBX with FreeSWITCH
Need Billing? Check out Billing for FusionPBX with FreeSWITCH
CISSP, CISM, CISA
Linux, VoIP and much more fun
www.okay.com.mx
Need LCR? Check out LCR for FusionPBX with FreeSWITCH
Need Billing? Check out Billing for FusionPBX with FreeSWITCH
2015-06-12 15:27 GMT-04:00 Jonathan Filogna <jonathan.filogna@xxxxxxxxxxxx>:
Hi all, here's my new situation (still on squid 2.7)i want to send by DIRECT uservipstr, uservipi want to send by PARENT userti, userlimitado, user200mb, userinterneti want to send by DIRECT all the NTLM users that don't belong to any list of above(ikr, my english sucks)i want to block streaming (blockstr, blockstr2, audyvid, vidyaud) for all but uservipstrif i remove the line "always_direct allow ntlm" DIRECT/PARENT tules works but doesn't streaming rulesif i let that line, streaming works but doesn't DIRECT/PARENThere's my squid.conf. I'll put here all because can't find where's my error##########################NOMBRE VISIBLE DEL PROXYvisible_hostname prana##NTLM###DECLARADOauth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5auth_param ntlm keep_alive off##DECLARACION DE NTLM EXTERNO PARA BLOQUEO DE DESCARGA DE ARCHIVOS##BALANCEO DE CARGA Y TAMAÑOS DE ARCHIVOS DESCARGADOS###DECLARADOexternal_acl_type ntlm_group ttl=3600 children=100 %LOGIN /usr/lib/squid/wbinfo_group.pl##ACA DECLARO LISTAS DE ACCESO DE ROEMMERS###DECLARADOacl porno url_regex -i "/etc/squid/listas/porno.lst"acl permitidos dstdomain -i "/etc/squid/listas/permitidos.lst"acl directo url_regex -i "/etc/squid/listas/direct.lst"acl vidyaud rep_mime_type -i "/etc/squid/listas/blockstr.lst"acl useragent browser -i "/etc/squid/blockejec/browser.lst"acl blockstr req_mime_type -i "/etc/squid/blockejec/blocstreaming.lst"acl blockejec url_regex -i "/etc/squid/blockejec/blockejec.lst"acl audyvid req_mime_type -i "/etc/squid/listas/blockstr.lst"acl blockstr2 rep_mime_type -i "/etc/squid/blockejec/blocstreaming.lst"acl destinolimitado dstdomain -i "/etc/squid/listas/limitado.lst"###ACL DE SKYPEacl skype external ntlm_group "/etc/squid/listas/skype.lst"acl numeric_ips dstdom_regex ^(([0-9]+.[0-9]+.[0-9]+.[0-9]+)|([([0-9af]+)?:([0-9af:]+)?:([0-9af]+)?])):443acl skype_ua browser ^skypeacl validuseragent browser \S+###DECLARADOacl all src allacl CONNECT method CONNECT##DECLARO SQSTAT##ACL SQSTATacl manager proto cache_objectacl webserver src 192.168.8.121/255.255.255.255http_access allow manager webserverhttp_reply_access allow manager webserverhttp_access deny manager#REGLAS DE NAVEGACIONhttp_access deny porno allhttp_reply_access deny porno alldeny_info http://www.pranaglobal.com.ar/restringidos/roemmers pornodeny_info http://www.pranaglobal.com.ar/restringidos/roemmers pornoacl uservipstr external ntlm_group "/etc/squid/listas/uservipstr.lst"http_access deny blockejec uservipstrhttp_access allow uservipstrhttp_reply_access allow uservipstrhttp_access deny blockstr !uservipstr allhttp_reply_access deny blockstr !uservipstr allhttp_access deny blockstr2 !uservipstr allhttp_reply_access deny blockstr2 !uservipstr allhttp_access deny audyvid !uservipstr allhttp_access deny vidyaud !uservipstr allhttp_reply_access deny audyvid !uservipstr allhttp_reply_access deny vidyaud !uservipstr allreply_body_max_size 9999999999999999999999999999999 deny uservipstracl uservip external ntlm_group "/etc/squid/listas/uservip.lst"http_access deny blockejec userviphttp_access allow uservipreply_body_max_size 9999999999999999999999999999999 deny userviphttp_reply_access allow uservipalways_direct allow uservipacl userti external ntlm_group "/etc/squid/listas/userti.lst"http_access deny blockejec !usertihttp_access allow usertihttp_reply_access allow usertireply_body_max_size 9999999999999999999999999999999 deny usertiacl user200mb external ntlm_group "/etc/squid/listas/user200mb.lst"http_access allow user200mbhttp_reply_access allow user200mbreply_body_max_size 500000000 deny user200mbacl userinternet external ntlm_group "/etc/squid/listas/userinternet.lst"http_access allow userinternethttp_reply_access allow userinternetreply_body_max_size 45000000 deny userinternetacl userlimitado external ntlm_group "/etc/squid/listas/userlimitado.lst"http_access deny userlimitado !destinolimitadohttp_reply_access deny userlimitado !destinolimitadonever_direct allow userlimitado#denydeny_info http://www.pranaglobal.com.ar/restringidos/roemmers destinolimitadoreply_body_max_size 45000000 deny userlimitado##DECLARO LISTAS DE ACCESO EXTRAS##LISTO##ACL COMUNESacl localnet src 192.168.0.0/16acl SSL_ports port 443 # httpsacl SSL_ports port 563 # snewsacl SSL_ports port 873 # rsyncacl Safe_ports port 80 # httpacl Safe_ports port 21 # ftpacl Safe_ports port 443 # httpsacl Safe_ports port 70 # gopheracl Safe_ports port 210 # waisacl Safe_ports port 1025-65535 # unregistered portsacl Safe_ports port 280 # http-mgmtacl Safe_ports port 488 # gss-httpacl Safe_ports port 591 # filemakeracl Safe_ports port 777 # multiling httpacl Safe_ports port 631 # cupsacl Safe_ports port 873 # rsyncacl Safe_ports port 901 # SWATacl Safe_ports port 78 69 #Spotify##SRC'S DECLARADAS###ACA DECLARO ACCESOS HTTP Y FILTRADO POR GRUPO DE AD# Deny requests to unknown ports#http_access allow Safe_portshttp_access deny !Safe_ports# Deny CONNECT to other than SSL portshttp_access deny CONNECT !SSL_ports##ACCESOS HTTP DECLARADOS###ACA INICIA SSOacl ntlm proxy_auth REQUIRED#http_access deny !ntlm########################################## DESCOMENTAR SI VAMOS CON BLACKLISThttp_access deny numeric_ips !skypehttp_access deny skype_ua !skypehttp_access deny !validuseragent !skype##########################################http_access allow permitidos ntlmhttp_reply_access allow permitidos ntlmhttp_access allow permitidos !userlimitadohttp_reply_access allow permitidos !userlimitadohttp_access deny allhttp_reply_access deny allreply_body_max_size 500000 deny all##ACA TERMINA###Allow ICP queries from local networks onlyicp_access allow localneticp_access deny all##### Squid normally listens to port 3128http_port 3128##PUERTO SQUID DECLARADO###LOGaccess_log /var/log/squid/access.log squid##HECHO##LIMITANDO DESCARGA A 40 MB#reply_body_max_size 0 allow userti#reply_body_max_size 0 allow uservip#reply_body_max_size 0 allow uservipstr#reply_body_max_size 4000000 allow user200mb#reply_body_max_size 4000 allow userinternet#reply_body_max_size 4000 allow userlimitado#reply_body_max_size 0 deny all##HECHO##PROXY PARENT!! EN CASO DE QUE SE CAIGA EL PROXY PARENT## O AL MOMENTO DE REEMPLAZAR EL FIREWALL POR UN ACTIVO-ACTIVO##COMENTAR ESTAS LINEAScache_peer 192.168.26.15 parent 3128 0 no-digest proxy-only no-delay no-querydead_peer_timeout 30 seconds##HECHO##EN QUE CASOS ES DIRECT?####EL RESTO NAVEGARA POR PARENTalways_direct allow uservipstralways_direct allow uservipalways_direct allow directoalways_direct allow blockejecalways_direct deny blockstralways_direct allow permitidos allnever_direct allow blockstrnever_direct allow usertialways_direct allow ntlmalways_direct deny allnever_direct allow all##LLAMADO A SQUIDGUARDurl_rewrite_program /usr/bin/squidGuard -c /etc/squidguard/squidGuard.confurl_rewrite_children 50##############################Thanks for your attention--Jonathan FilognaIt SeniorTasso SRL
4702 1910
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users