My squid (3.5.21) conf file: http_port 192.168.10.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE http_port 5.5.5.1:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem capath=/usr/local/share/certs/ cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE icp_port 0 dns_v4_first on pid_filename /var/run/squid/squid.pid cache_effective_user squid cache_effective_group proxy error_default_language es icon_directory /usr/local/etc/squid/icons visible_hostname chcs cache_mgr chca@xxxxxxxxxxx access_log /var/squid/logs/access.log cache_log /var/squid/logs/cache.log cache_store_log none netdb_filename /var/squid/logs/netdb.state pinger_enable on pinger_program /usr/local/libexec/squid/pinger sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db -M 4MB -b 2048 sslcrtd_children 5 sslproxy_capath /usr/local/share/certs/ sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE sslproxy_cipher EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS logfile_rotate 10 debug_options rotate=10 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src 192.168.10.0/24 5.5.5.0/24 forwarded_for on via off httpd_suppress_version_string on uri_whitespace strip acl dynamic urlpath_regex cgi-bin \? cache deny dynamic cache_mem 1200 MB maximum_object_size_in_memory 256 KB memory_replacement_policy heap GDSF cache_replacement_policy heap LFUDA minimum_object_size 0 KB maximum_object_size 50 MB cache_dir aufs /var/squid/cache 128000 32 256 offline_mode off cache_swap_low 90 cache_swap_high 95 cache allow all # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 # Setup some default acls # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. # acl localhost src 127.0.0.1/32 acl allsrc src all acl safeports port 21 70 80 210 280 443 acl sslports port 443 563 8500 443 563 # From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in. #acl manager proto cache_object acl purge method PURGE acl connect method CONNECT # Define protocols used for redirects acl HTTP proto HTTP acl HTTPS proto HTTPS acl allowed_subnets src 192.168.10.0/24 5.5.5.0/24 http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports request_body_max_size 0 KB delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 delay_access 1 allow allsrc always_direct allow all # Determina IPs para todopermitido acl todopermitido src "/usr/local/etc/squid/reglas/todopermitido.ips" # Determina IPs para parcialpermitido acl parcialpermitido src "/usr/local/etc/squid/reglas/parcialpermitido.ips" # Determina IPs para dhcp_lanwifi acl dhcp_lanwifi src "/usr/local/etc/squid/reglas/dhcp_lanwifi.ips" # Reglas para permitidos acl permitidos dstdomain "/usr/local/etc/squid/reglas/permitidos.acl" # Reglas para no permitidos acl nopermitidos dstdomain "/usr/local/etc/squid/reglas/nopermitidos.acl" # Determina archivos no permitidos para descargar acl extNO urlpath_regex -i "/usr/local/etc/squid/reglas/extNO.acl" # Accesos # Permisos para IPs "todopermitido" # http_reply_access allow todopermitido skype # http_reply_access allow todopermitido skypeIP http_access deny todopermitido sxl http_access deny todopermitido adsNO http_reply_access allow todopermitido all # Permisos para IPs "parcialpermitido" http_access deny parcialpermitido adsNO http_access deny parcialpermitido extNO http_reply_access allow parcialpermitido permitidos http_reply_access deny parcialpermitido nopermitidos # Permisos para IPs "dhcp_lanwifi" http_access deny dhcp_lanwifi adsNO http_access deny dhcp_lanwifi extNO http_reply_access allow dhcp_lanwifi permitidos http_reply_access deny dhcp_lanwifi nopermitidos # Sitios no SSL interceptados acl step1 at_step SslBump1 acl excludeSSL ssl::server_name_regex "/usr/local/etc/squid/reglas/nossl.acl" ssl_bump peek step1 ssl_bump splice todopermitido excludeSSL ssl_bump splice parcialpermitido excludeSSL ssl_bump splice dhcp_lanwifi excludeSSL ssl_bump bump all # Deniega todo por defecto http_reply_access deny all -- View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/How-to-block-www-infobae-com-tp4680601p4680612.html Sent from the Squid - Users mailing list archive at Nabble.com. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
