Sites sem autenticacao Debian jessie squid 3.4.8

Sites sem autenticacao Debian jessie squid 3.4.8 - Versão para Impressão

+- Fórum Debian (http://www.forumdebian.com.br)
+-- Fórum: Debian (/forum-4.html)
+--- Fórum: Redes (/forum-17.html)
+--- Tópico: Sites sem autenticacao Debian jessie squid 3.4.8 (/thread-28015.html)

Sites sem autenticacao Debian jessie squid 3.4.8 - marduk28 - 18/04/2017 00:26

Boa noite pessoal!!
Estou com um problema já alguns dias para a criação de uma regra para sites sem autenticação, ja li vários exemplos de regras mais nem uma funcionou comigo no no squid 3.4.8 (Debian Jessie) , em versões anteriores do squid a acl funcionou, porem nesta versão ele libera os sites mais pede autenticação ai eu clico em cancelar na janela de autenticação o site abre normalmente, porem a tela de autenticação do proxy sempre aparece, segue abaixo o meu squid.conf.
Desde já Agradeco a ajuda do fórum!!!! (proxy autenticado)

################################################

##### Porta, Nome e Cache #####

################################################

#

http_port 3128

icp_port 3130

visible_hostname Solsta

#

cache_mem 64 MB

maximum_object_size_in_memory 64 KB

maximum_object_size 128 MB

minimum_object_size 0 KB

cache_swap_low 85

cache_swap_high 95

refresh_pattern ^ftp: 15 20% 2280

refresh_pattern ^gopher: 15 0% 2280

refresh_pattern . 15 20% 2280

#

################################################

##### Log #####

################################################

#

cache_access_log /var/log/squid3/access.log

cache_store_log /var/log/squid3/store.log

cache_log /var/log/squid3/cache.log

cache_dir ufs /var/spool/squid3 20000 16 256

#

################################################

##### ACLs #####

################################################

#

acl all src

#acl manager proto cache_object

#acl localhost src 127.0.0.1/32::1

#acl SSL_ports port port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 901 # swat

acl Safe_ports port 1025-65535 # portas altas

acl purge method PURGE

acl CONNECT method CONNECT

#
acl SSL_ports port 443
acl SSL_ports port 465
acl SSL_ports port 563
acl SSL_ports port 873
acl SSL_ports port 995

################################################

###############bypass############
acl url_livre dstdomain -i "/etc/squid3/lista/url_livre"
acl http proto http
acl port_80 port 80
acl port_443 port 443
acl CONNECT method CONNECT

#### rules allowing non-authenticated users
http_access allow http port_80 url_livre
http_access allow CONNECT port_443 url_livre
http_access allow url_livre
always_direct allow url_livre

acl disable dstdomain "/etc/squid3/lista/url_livre"
cache deny disable

##############liberacao local#############

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

#

##############Sites Livres de autenticação#############

##acl sitel url_regex -i ("/etc/squid3/lista/url_livre")
##http_access allow sitel

################################################

## USANDO NCSA_AUTH ##

################################################

#

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd

auth_param basic realm Santa Isabel. Entre com seu usuario e Senha.

auth_param basic children 5000

#

################################################

## AUTENTICAÇÃO ##

################################################

acl usuarios proxy_auth REQUIRED

acl acesso_livre proxy_auth "/etc/squid3/lista/usr_livre"

http_access allow usuarios acesso_livre

#
acl acesso_restrito proxy_auth "/etc/squid3/lista/usr_restrito"
acl url_bloqueado url_regex -i "/etc/squid3/lista/url_bloqueado"
#
http_access deny url_bloqueado
http_access allow acesso_restrito !url_bloqueado
http_access allow CONNECT port_443 acesso_restrito !url_bloqueado
#
acl acesso_bloqueado proxy_auth "/etc/squid3/lista/usr_bloqueado"
acl url_liberado url_regex -i "/etc/squid3/lista/url_liberado"
#

http_access allow url_liberado
http_access deny acesso_bloqueado !url_liberado
http_access allow CONNECT port_443 url_liberado

http_access allow usuarios acesso_restrito
http_access allow usuarios acesso_bloqueado

################################################

## BLOQUEAR PALAVRAS ##

################################################

#
acl redelocal src 192.168.20.0/24

http_access allow localhost

http_access allow redelocal

#
error_directory /usr/share/squid3/errors/pt-br

http_access deny all

RE: Sites sem autenticacao Debian jessie squid 3.4.8 - Carlos Nascimento - 16/05/2017 14:00

O problema tá de lógica, vc tá liberando a rede total ou seja (acl redelocal src 192.168.20.0/24

http_access allow redelocal ) comente essas acl. Já que está bloqueando site e outros antes. Verifique após comentar faça o teste depois de comentar pode até ser que esteja certo o que vc fez.Teste.

RE: Sites sem autenticacao Debian jessie squid 3.4.8 - Carlos Nascimento - 14/06/2017 14:06

(18/04/2017 00:26)marduk28 Escreveu: Boa noite pessoal!!
Estou com um problema já alguns dias para a criação de uma regra para sites sem autenticação, ja li vários exemplos de regras mais nem uma funcionou comigo no no squid 3.4.8 (Debian Jessie) , em versões anteriores do squid a acl funcionou, porem nesta versão ele libera os sites mais pede autenticação ai eu clico em cancelar na janela de autenticação o site abre normalmente, porem a tela de autenticação do proxy sempre aparece, segue abaixo o meu squid.conf.
Desde já Agradeco a ajuda do fórum!!!! (proxy autenticado)

################################################

##### Porta, Nome e Cache #####

################################################

#

http_port 3128

icp_port 3130

visible_hostname Solsta

#

cache_mem 64 MB

maximum_object_size_in_memory 64 KB

maximum_object_size 128 MB

minimum_object_size 0 KB

cache_swap_low 85

cache_swap_high 95

refresh_pattern ^ftp: 15 20% 2280

refresh_pattern ^gopher: 15 0% 2280

refresh_pattern . 15 20% 2280

#

################################################

##### Log #####

################################################

#

cache_access_log /var/log/squid3/access.log

cache_store_log /var/log/squid3/store.log

cache_log /var/log/squid3/cache.log

cache_dir ufs /var/spool/squid3 20000 16 256

#

################################################

##### ACLs #####

################################################

#

acl all src

#acl manager proto cache_object

#acl localhost src 127.0.0.1/32::1

#acl SSL_ports port port 443

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl Safe_ports port 901 # swat

acl Safe_ports port 1025-65535 # portas altas

acl purge method PURGE

acl CONNECT method CONNECT

#
acl SSL_ports port 443
acl SSL_ports port 465
acl SSL_ports port 563
acl SSL_ports port 873
acl SSL_ports port 995

################################################

###############bypass############
acl url_livre dstdomain -i "/etc/squid3/lista/url_livre"
acl http proto http
acl port_80 port 80
acl port_443 port 443
acl CONNECT method CONNECT

#### rules allowing non-authenticated users
http_access allow http port_80 url_livre
http_access allow CONNECT port_443 url_livre
http_access allow url_livre
always_direct allow url_livre

acl disable dstdomain "/etc/squid3/lista/url_livre"
cache deny disable

##############liberacao local#############

http_access allow manager localhost

http_access deny manager

http_access allow purge localhost

http_access deny purge

#

##############Sites Livres de autenticação#############

##acl sitel url_regex -i ("/etc/squid3/lista/url_livre")
##http_access allow sitel

################################################

## USANDO NCSA_AUTH ##

################################################

#

auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/passwd

auth_param basic realm Santa Isabel. Entre com seu usuario e Senha.

auth_param basic children 5000

#

################################################

## AUTENTICAÇÃO ##

################################################

acl usuarios proxy_auth REQUIRED

acl acesso_livre proxy_auth "/etc/squid3/lista/usr_livre"

http_access allow usuarios acesso_livre

#
acl acesso_restrito proxy_auth "/etc/squid3/lista/usr_restrito"
acl url_bloqueado url_regex -i "/etc/squid3/lista/url_bloqueado"
#
http_access deny url_bloqueado
http_access allow acesso_restrito !url_bloqueado
http_access allow CONNECT port_443 acesso_restrito !url_bloqueado
#
acl acesso_bloqueado proxy_auth "/etc/squid3/lista/usr_bloqueado"
acl url_liberado url_regex -i "/etc/squid3/lista/url_liberado"
#

http_access allow url_liberado
http_access deny acesso_bloqueado !url_liberado
http_access allow CONNECT port_443 url_liberado

http_access allow usuarios acesso_restrito
http_access allow usuarios acesso_bloqueado

################################################

## BLOQUEAR PALAVRAS ##

################################################

Se você está usando proxy autenticado, não precisa mais de REDE LOCAL vai ficar assim: comente a rede local, depois da um RESOLVIDO se realmente resolveu.

#
#acl redelocal src 192.168.20.0/24

http_access allow localhost

#http_access allow redelocal

#
error_directory /usr/share/squid3/errors/pt-br

http_access deny all