Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Squid BRFW

    Загружено:

    EduardoTortorelliPinheiro
    5 просмотров4 страницы
    Squid BRFW

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    TXT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    Squid BRFW

    Авторское право:

    © All Rights Reserved
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    5 просмотров4 страницы

    Squid BRFW

    Загружено:

    EduardoTortorelliPinheiro
    Squid BRFW

    Авторское право:

    © All Rights Reserved
    Скачайте в формате TXT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 4

    http_port 8080 transparent

    icp_port 0
    hierarchy_stoplist cgi-bin ?
    acl QUERY urlpath_regex cgi-bin \?
    cache deny QUERY
    acl video_cache dstdomain -i "/usr/local/squid/etc/cache.flt"
    cache allow video_cache
    #cache_replacement_policy heap LRU
    cache_replacement_policy heap LFUDA
    memory_replacement_policy heap GDSF
    cache_mem 750 MB
    maximum_object_size 40000 KB
    minimum_object_size 4 KB
    maximum_object_size_in_memory 128 KB
    cache_dir diskd /partition/squid/cache 100000 16 256 Q1=72 Q2=64
    cache_access_log none
    cache_store_log none
    cache_effective_user nobody
    cache_effective_group nogroup
    pid_filename /var/run/squid.pid
    half_closed_clients off
    memory_pools off
    server_persistent_connections off
    client_persistent_connections off
    buffered_logs on
    pipeline_prefetch on
    #cache_swap_low 70
    #cache_swap_high 90
    refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml)$ 1440 80% 9
    99999
    refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png)$ 1440 80% 999999 i
    gnore-reload
    refresh_pattern -i ^http://.*\.(ace|adt|arj|asf|avi|bin|bz2|bzip|cab|dat
    |dll|doc|dot|exe|fla|flv|gz|iso|lha|log|lzh|mdb|mid|mov|mp3|mpeg|mpg|msi|mso|ogg
    |pps|ppt|rar|rm|rtf|shs|src|sys|swf|tgz|tif|ttf|wav|wma|wri|wmv|vpu|vpaa|vqf|vob
    |zip)$ 43200 100% 999999 ignore-reload
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320
    acl apache rep_header Server ^Apache
    broken_vary_encoding allow apache
    visible_hostname madnet
    coredump_dir /partition/squid/cache
    error_directory /usr/local/squid/share/errors/Portuguese
    server_persistent_connections off
    zph_mode tos
    zph_local 0x30
    # acl - Recomendadas
    acl SSL_ports port 443 563
    acl SSL_ports port 873
    acl Safe_ports port 80
    acl Safe_ports port 21
    acl Safe_ports port 443 563
    acl Safe_ports port 70
    acl Safe_ports port 210
    acl Safe_ports port 1025-65535

    #
    #
    #
    #
    #
    #
    #
    #

    https, snews
    rsync
    http
    ftp
    https, snews
    gopher
    wais
    unregistered ports

    acl
    acl
    acl
    acl
    acl
    acl
    acl
    acl
    acl

    Safe_ports port 280


    Safe_ports port 488
    Safe_ports port 591
    Safe_ports port 777
    Safe_ports port 631
    Safe_ports port 873
    Safe_ports port 901
    purge method PURGE
    CONNECT method CONNECT

    #
    #
    #
    #
    #
    #
    #

    http-mgmt
    gss-http
    filemaker
    multiling http
    cups
    rsync
    SWAT

    # *** Define portas liberadas


    acl Safe_ports port 3050 # Interbase/Firebird
    acl Safe_ports port 23000 # Serpro
    acl Safe_ports port 13352 # SIRF
    acl Safe_ports port 500 # FAP Digital
    acl Safe_ports port 8180
    # acl - Personalizadas
    acl admin arp "/etc/brazilfw/custom/regras/admin.txt"
    # *** Define PC(s) com privilegios de Administrador
    acl gerentes arp "/etc/brazilfw/custom/regras/gerentes.txt"
    # *** Define PC(s) com privilegios de Gerentes
    acl usuarios arp "/etc/brazilfw/custom/regras/usuarios.txt"
    # *** Define Pc(s) com privilegio de Usuarios

    .txt"

    acl bloqueados url_regex -i "/etc/brazilfw/custom/regras/bloqueados.txt"


    # *** Define a lista de sites bloqueados (Lista Negra)
    acl dominio_bloqueados dstdomain "/etc/brazilfw/custom/regras/bloqueados
    # *** Define a lista de sites bloqueados (Lista Negra)

    acl permitidos url_regex -i "/etc/brazilfw/custom/regras/permitidos.txt"


    # *** Define a lista de sites permitidos (Lista Branca)
    acl antivirus url_regex -i "/etc/brazilfw/custom/regras/antivirus.txt"
    # *** Define a lista de atualizacao do antivirus do computadores clientes
    acl msn url_regex -i "/etc/brazilfw/custom/regras/msn.txt"
    # *** Define os sites e dominios bloqueados para o msn essas regras trabalham em
    conjunto com o DansGuardian, se o mesmo estiver
    acl dominio_msn dstdomain "/etc/brazilfw/custom/regras/msn.txt"
    # habilitado (filtro de contedo)
    acl conectividade src "/etc/brazilfw/custom/regras/conectividade.txt"
    # *** Define ips e dominios liberados para a Conectividade Social
    acl conectividade1 dstdomain "/etc/brazilfw/custom/regras/conectividade1
    .txt" # *** Define ips e dominios liberados para a Conectividade Social
    acl castigo arp "/etc/brazilfw/custom/regras/castigo.txt"
    # *** Define PC(s) sem acesso a Internet (bloqueados) 24h/dia
    acl all src 0.0.0.0/0.0.0.0
    acl manager proto cache_object
    acl localhost src 127.0.0.1/255.255.255.255
    acl filterneg dstdom_regex "/usr/local/squid/etc/filter.flt"
    acl downloads_blocked urlpath_regex -i \.scr$ \.bat$ \.pif$ \.cmd$\.rmvb
    $\.3gp.rar$\.avi$
    acl internal_net src "/usr/local/squid/etc/ipaccess.yes"
    # http_access - Personalizadas

    acl conexoes maxconn 5


    http_access
    http_access
    http_access
    http_access
    http_access
    http_access

    allow manager localhost


    deny manager
    deny !Safe_ports
    deny CONNECT !SSL_ports
    allow PURGE localhost
    deny purge

    http_access allow admin


    # *** Libera sites para o grupo Administrador
    http_access allow antivirus
    # *** Libera atualizacao para o antivirus dos computadores cliente
    http_access
    # *** Libera acesso
    http_access
    # *** Libera acesso

    allow conectividade
    a Conectividade Social
    allow conectividade1
    a Conectividade Social

    http_access allow permitidos


    # *** Libera sites permitidos
    http_access allow gerentes !bloqueados !dominio_bloqueados
    # *** Nega os sites bloqueados para o grupo Gerentes (Lista Negra)
    http_access deny msn !admin !gerentes
    # *** Nega msn para usuarios, liberado somente para Administrador e Gerentes ess
    a regra s funciona se em /etc/brazilfw/custom/rc.local
    header_access Accept-Encoding deny dominio_msn !admin !gerentes
    # forem liberados os IP no filtro Layer 7
    http_access deny usuarios !permitidos
    # *** Libera os permitidos para o grupo Usuarios (Lista Branca)
    http_access deny bloqueados !admin
    # *** Nega bloqueados para todos, exceto para Administrador
    http_access deny dominio_bloqueados !admin
    # *** Nega bloqueados para todos, exceto para Administrador
    http_access deny !admin !gerentes !usuarios
    # *** Nega Internet para quem nao esta na lista
    http_access allow internal_net
    http_access deny filterneg
    http_reply_access deny downloads_blocked
    http_access deny castigo
    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)
    url_rewrite_program /usr/bin/redirector.pl
    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)
    redirect_children 12
    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)
    acl bfwcache_lst url_regex -i "/etc/brazilfw/custom/bfwcache.acl"
    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)
    cache deny bfwcache_lst
    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)
    cache_peer 127.0.0.1 parent 8080 0 proxy-only no-digest
    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)
    dead_peer_timeout 2 seconds

    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)


    cache_peer_access 127.0.0.1 allow bfwcache_lst
    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)
    cache_peer_access 127.0.0.1 deny all
    # *** Nega PC(s) sem acesso a internet (pc(s) bloqueados)
    http_access deny all

    Вам также может понравиться