народ, нужно чтоб отдельным пользователям доступ был только к 2-3 сайтам, адреса польз.-динамика, полисями выдается определенный порт на который нужно правило с ограничениями...
в Сквиде написал:
в файле allowed_urls список разрешенных сайтов
Помогите господа разобраться, не получается ограничение никак, клиентов по порту 8080 пропускает на все сайты.http_port 10.10.221.250:3128 #все, но без скачки файлов
http_port 10.10.221.250:8080 #пару сайтов перечисленных в allowed_urls
http_port 10.10.221.250:8081 #доступно абсолютно все
icp_port 0hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERYcache_mem 512 MB
cache_swap_low 90
cache_swap_high 95maximum_object_size 40096 KB
minimum_object_size 0 KBipcache_low 90
ipcache_high 95fqdncache_size 1024
#--------------------------------------------------------------
#LOGFILE PATHNAMES AND CACHE DIRECTORIES
#
cache_dir ufs /var/spool/squid 10000 26 356
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.logemulate_httpd_log on
mime_table /etc/squid/mime.conf
#--------------------------------------------------------------
#OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#ftp_user anonymous@
#ftp_list_width 64
#ftp_passive off
#ftp_sanitycheck on
#ftp_telnet_protocol onhosts_file /etc/hosts
redirect_children 5
redirect_rewrites_host_header onrefresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95negative_ttl 1 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minute
range_offset_limit 0 KB
half_closed_clients onauth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours#Recommended minimum configuration:
acl cz src 10.10.221.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl restricted myport 8080
acl free myport 3128
acl freeall myport 8081
http_access allow freeallacl allowed_urls url_regex "/etc/squid/etc/allowed_urls"
http_access allow restricted czins allowed_urlsacl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 1025-65535 # http
acl Safe_ports port 20 # ftp
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Squid Blocks
# http://www.hklc.com/squidblock/
#
acl squid_block_badlang url_regex -i "/etc/squid/squidblock/badlang.block.txt"
acl squid_unblock_badlang url_regex -i "/etc/squid/squidblock/badlang.unblock.txt"
acl squid_block_entertain url_regex -i "/etc/squid/squidblock/entertain.block.txt"
acl squid_unblock_entertain url_regex -i "/etc/squid/squidblock/entertain.unblock.txt"
acl squid_block_games url_regex -i "/etc/squid/squidblock/games.block.txt"
acl squid_unblock_games url_regex -i "/etc/squid/squidblock/games.unblock.txt"
acl squid_block_pirate url_regex -i "/etc/squid/squidblock/pirate.block.txt"
acl squid_block_mp3 url_regex -i "/etc/squid/squidblock/mp3.block.txt"
acl squid_unblock_pirate url_regex -i "/etc/squid/squidblock/pirate.unblock.txt"
acl squid_block_porn url_regex -i "/etc/squid/squidblock/porn.block.txt pron.block.txt"
http_access deny squid_block_badlang !squid_unblock_badlang
http_access deny squid_block_entertain !squid_unblock_entertain
http_access deny squid_block_games !squid_unblock_games
http_access deny squid_block_porn
http_access deny squid_block_pirate !squid_unblock_pirate
http_access deny squid_block_mp3
#http_access deny porndomain
#http_access deny pornurls
#acl porndomain url_regex "/etc/squid/squidblock/porndomain"
#acl pornurls url_regex "/etc/squid/squidblock/pornurls"#-------------------------------------------------------------
#acl DenyBadMime rep_mime_type -i ^audio/ ^video
#acl DenyBad url_regex -i \.aif$ \.aifc$ \aiff$ \.au$ \.kar$ \.mid$ \midi$ \.mp2$ \.mpga$ \.ra$ \.ram$ \.rm$ \.ram$ \.rm$ \.snd$ \wav$ \.avi$ \.mov$ \.movie$ \.mpe$ \.mpeg$ \.mpg$ \.mxu$ \.qt$ \.asf$ \.asx$
#http_access deny DenyBadMime
#http_access deny DenyBad
#-------------------------------------------------------------
#acl wifi myport 8082
#http_access allow wifi
#acl NOT url_regex -i "/etc/squid/etc/NOT"
#http_access deny NOT
#acl NOFILES urlpath_regex -i "/etc/squid/etc/NOFILES "
#http_access deny NOFILES
#acl BANNER url_regex banner reklama linkexch banpics us\.yimg\.com[\./]ad[s]?[\./]
#http_access deny BANNERacl allowed_urls url_regex "/etc/squid/etc/allowed_urls"
http_access allow restricted czins allowed_urlshttp_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow Safe_ports
http_access allow free czhttp_access deny all
icp_access allow all
#-------------------------------------------------------------
cache_mgr root
cache_effective_user squid
cache_effective_group squid
logfile_rotate 5
forwarded_for off
client_db on
Почисть свой конфиг от всякого гавна
читать невозможно!
>народ, нужно чтоб отдельным пользователям доступ был только к 2-3 сайтам, адреса
>польз.-динамика, полисями выдается определенный порт на который нужно правило с ограничениями...
>
>в Сквиде написал:
>в файле allowed_urls список разрешенных сайтов
> Помогите господа разобраться, не получается ограничение никак, клиентов по порту
>8080 пропускает на все сайты.
>
>http_port 10.10.221.250:3128 #все, но без скачки файлов
>http_port 10.10.221.250:8080 #пару сайтов перечисленных в allowed_urls
>http_port 10.10.221.250:8081 #доступно абсолютно все
>icp_port 0
>
>hierarchy_stoplist cgi-bin ?
>acl QUERY urlpath_regex cgi-bin \?
>no_cache deny QUERY
>
>cache_mem 512 MB
>cache_swap_low 90
>cache_swap_high 95
>
>maximum_object_size 40096 KB
>minimum_object_size 0 KB
>
>ipcache_low 90
>ipcache_high 95
>
>fqdncache_size 1024
>
>#--------------------------------------------------------------
>#LOGFILE PATHNAMES AND CACHE DIRECTORIES
>#
> cache_dir ufs /var/spool/squid 10000 26 356
> cache_access_log /var/log/squid/access.log
> cache_log /var/log/squid/cache.log
> cache_store_log /var/log/squid/store.log
>
>emulate_httpd_log on
>
>mime_table /etc/squid/mime.conf
>#--------------------------------------------------------------
>#OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
>#
>
>ftp_user anonymous@
>#ftp_list_width 64
>#ftp_passive off
>#ftp_sanitycheck on
>#ftp_telnet_protocol on
>
>hosts_file /etc/hosts
>
>redirect_children 5
>redirect_rewrites_host_header on
>
>refresh_pattern ^ftp: 1440 20% 10080
>refresh_pattern ^gopher: 1440 0% 1440
>refresh_pattern . 0 20% 4320
>
> quick_abort_min 16 KB
> quick_abort_max 16 KB
> quick_abort_pct 95
>
> negative_ttl 1 minutes
> positive_dns_ttl 6 hours
> negative_dns_ttl 5 minute
> range_offset_limit 0 KB
>
>half_closed_clients on
>
>
>
>auth_param basic children 5
>auth_param basic realm Squid proxy-caching web server
>auth_param basic credentialsttl 2 hours
>
>#Recommended minimum configuration:
>
>acl cz src 10.10.221.0/255.255.255.0
>acl all src 0.0.0.0/0.0.0.0
>acl restricted myport 8080
>acl free myport 3128
>acl freeall myport 8081
>http_access allow freeall
>
>acl allowed_urls url_regex "/etc/squid/etc/allowed_urls"
>http_access allow restricted czins allowed_urls
-------------^ 1-й!!
>
>
>
>acl manager proto cache_object
>acl localhost src 127.0.0.1/255.255.255.255
>acl to_localhost dst 127.0.0.0/8
>acl SSL_ports port 443 563
>acl Safe_ports port 80 # http
>acl Safe_ports port 1025-65535 # http
>acl Safe_ports port 20 # ftp
>acl Safe_ports port 21 # ftp
>acl Safe_ports port 443 563 # https, snews
>acl Safe_ports port 70 # gopher
>acl Safe_ports port 210 # wais
>acl Safe_ports port 1025-65535 # unregistered ports
>acl Safe_ports port 280 # http-mgmt
>acl Safe_ports port 488 # gss-http
>acl Safe_ports port 591 # filemaker
>acl Safe_ports port 777 # multiling http
>acl CONNECT method CONNECT
>#
># Squid Blocks
># http://www.hklc.com/squidblock/
>#
>acl squid_block_badlang url_regex -i "/etc/squid/squidblock/badlang.block.txt"
>acl squid_unblock_badlang url_regex -i "/etc/squid/squidblock/badlang.unblock.txt"
>acl squid_block_entertain url_regex -i "/etc/squid/squidblock/entertain.block.txt"
>acl squid_unblock_entertain url_regex -i "/etc/squid/squidblock/entertain.unblock.txt"
>acl squid_block_games url_regex -i "/etc/squid/squidblock/games.block.txt"
>acl squid_unblock_games url_regex -i "/etc/squid/squidblock/games.unblock.txt"
>acl squid_block_pirate url_regex -i "/etc/squid/squidblock/pirate.block.txt"
>acl squid_block_mp3 url_regex -i
>"/etc/squid/squidblock/mp3.block.txt"
>acl squid_unblock_pirate url_regex -i "/etc/squid/squidblock/pirate.unblock.txt"
>acl squid_block_porn url_regex -i "/etc/squid/squidblock/porn.block.txt
>pron.block.txt"
>http_access deny squid_block_badlang !squid_unblock_badlang
>http_access deny squid_block_entertain !squid_unblock_entertain
>http_access deny squid_block_games !squid_unblock_games
>http_access deny squid_block_porn
>http_access deny squid_block_pirate !squid_unblock_pirate
>http_access deny squid_block_mp3
>#http_access deny porndomain
>#http_access deny pornurls
>
>
>#acl porndomain url_regex "/etc/squid/squidblock/porndomain"
>#acl pornurls url_regex "/etc/squid/squidblock/pornurls"
>
>#-------------------------------------------------------------
>
>#acl DenyBadMime rep_mime_type -i ^audio/ ^video
>#acl DenyBad url_regex -i \.aif$ \.aifc$ \aiff$ \.au$ \.kar$ \.mid$ \midi$ \.mp2$
>\.mpga$ \.ra$ \.ram$ \.rm$ \.ram$ \.rm$ \.snd$ \wav$ \.avi$ \.mov$ \.movie$
>\.mpe$ \.mpeg$ \.mpg$ \.mxu$ \.qt$ \.asf$ \.asx$
>#http_access deny DenyBadMime
>#http_access deny DenyBad
>
>
>#-------------------------------------------------------------
>#acl wifi myport 8082
>#http_access allow wifi
>#acl NOT url_regex -i "/etc/squid/etc/NOT"
>#http_access deny NOT
>#acl NOFILES urlpath_regex -i "/etc/squid/etc/NOFILES "
>#http_access deny NOFILES
>#acl BANNER url_regex banner reklama linkexch banpics us\.yimg\.com[\./]ad[s]?[\./]
>#http_access deny BANNER
>
>acl allowed_urls url_regex "/etc/squid/etc/allowed_urls"
>http_access allow restricted czins allowed_urls-------------^ 2-й Это так надо 2-ва раза!
>
>http_access allow manager localhost
>http_access deny manager
>http_access deny !Safe_ports
>http_access deny CONNECT !SSL_ports
>http_access allow localhost
>http_access allow Safe_ports
>http_access allow free cz
>
>http_access deny all
>icp_access allow all
>#-------------------------------------------------------------
>cache_mgr root
>cache_effective_user squid
>cache_effective_group squid
> logfile_rotate 5
> forwarded_for off
> client_db on