[gitec] Restrição de sites - 1a parte

Angelo Marcondes de Oliveira Neto angelomarcondes em gmail.com
Segunda Dezembro 17 09:22:48 BRST 2007


Edimar,

1 - A primeira coisa que vc vai ter que fazer =E9 intalar o squid, no servi=
dor
que =E9 o gateway da sua rede. Para isso v=E1 at=E9 o terminal e digite o c=
omando:


$ sudo apt-get install squid

2 - Posteriormente, vc ir=E1 fazer a edi=E7=E3o do arquivo squid.conf, para=
 isso
v=E1 at=E9 o terminal e digite:

$ sudo gedit /etc/squid/squid.conf

Apague todo o conte=FAdo e substitua pelo conte=FAdo abaixo:

###############################################

http_port 3128
visible_hostname cho

cache_mem 512 MB
maximum_object_size_in_memory 64 KB
maximum_object_size 1024 MB
minimum_object_size 50 KB
cache_swap_low 90
cache_swap_high 95
cache_dir ufs /var/spool/squid 10240 16 256
cache_access_log /var/log/squid/access.log
refresh_pattern ^ftp: 15 20% 2280
refresh_pattern ^gopher: 15 0% 2280
refresh_pattern . 15 20% 2280
error_directory /usr/share/squid/errors/Portuguese

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1863 # MSN
acl Safe_ports port 5222 # GAIM
acl Safe_ports port 8280 # SAPL
acl Safe_ports port 8080 # SAAP
acl Safe_ports port 8180 # Portal
acl Safe_ports port 631 # CUPS
acl purge method PURGE
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

############# DECLARANDO AS ACLs ############# NOVO

# IPs com acesso total
acl ip_acesso_total src "/etc/squid/ip_acesso_total"

# IPs com acesso restrito
acl ip_acesso_restrito src "/etc/squid/ip_acesso_restrito"

# Lista de extens=F5es bloqueadas para download (.avi .exe .wmv)
acl download_block url_regex -i "/etc/squid/download_block"

# Lista para bloqueio de sites
acl site_bloqueado url_regex -i "/etc/squid/site_bloqueado"

# Lista de exce=E7=F5es aos bloqueios
acl site_liberado url_regex -i "/etc/squid/site_liberado"

#Lista de macs com resti=E7=F5es a sites
acl mac_bloq arp "/etc/squid/mac_bloq"

#Lista de sites para regra anterior
acl mac_site_bloq url_regex -i "/etc/squid/mac_site_bloq"

############# ATIVANDO AS ACLs #############

http_access allow ip_acesso_total
http_access allow site_liberado
http_access deny download_block
http_access deny site_bloqueado
http_access allow ip_acesso_restrito !mac_bloq
http_access deny mac_site_bloq
http_access allow mac_bloq
http_access deny all

############# DIVISAO DE BANDA #############

# Crie outra acl com os IPs que ser=E3o aplicados =E0 regra
#acl chefes src 10.10.10.86 10.10.10.87
#acl resto src 10.10.10.0/255.255.255.0

#delay_pools 2
# Significa que teremos dois controles de banda

# Primeiro controle
#delay_class 1 2

# -1/-1 significa que n=E3o teremos limites para a delay pool 1
#delay_parameters 1 -1/-1 -1/-1
#delay_access 1 allow chefes

# Segundo controle
#delay_class 2 2

# Limita a sua banda para +- 64Kbits
#delay_parameters 2 100000/100000 100000/100000
#delay_access 2 allow resto

acl redelocal src 10.3.150.0/255.255.255.192
http_access allow localhost
http_access allow redelocal
http_access deny all

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on

#############################################


-- =

Angelo Marcondes de Oliveira Neto.
Assessor de inform=E1tica.
C=E2mara Municipal de Carneirinho.
www.cmcarneirinho.mg.gov.br
angelomarcondes em gmail.com - (34) 91414287
"Quis custodiet ipsos custodes?"
-------------- Pr=F3xima Parte ----------
Um anexo em HTML foi limpo...
URL: http://listas.interlegis.gov.br/pipermail/gitec/attachments/20071217/1=
9de2b84/attachment.htm


Mais detalhes sobre a lista de discussão GITEC