nesses últimos 3 dias tenho percebido algo estranho no meu squid.conf. As vzs quando dou um reload no squid ou quando dou um reboot no BFW, percebo algumas alterações no arquivo. Vou postar o squid.conf ok e com alteração depois de um reload ou reboot.
squid.conf ok:
- Código: Selecionar todos
http_port 3128
icp_port 0
#SquidCacheAux ACL start
acl store_rewrite_list urlpath_regex \/(get_video\?|videodownload\?|videoplayback.*id)
acl store_rewrite_list_orkut dstdomain .orkut.com .orkut.com.br
cache allow store_rewrite_list_orkut
acl QUERY2 urlpath_regex get_video\? videoplayback\? videodownload\?
cache allow QUERY2
acl youtube dstdomain .youtube.com
cache allow youtube
#SquidCacheAux ACL end
acl video_cache dstdomain -i "/usr/local/squid/etc/cache.flt"
cache allow video_cache
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_mem 600 MB
maximum_object_size 256000 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 64 KB
cache_dir diskd /partition/squid/cache 5120 16 256 Q1=72 Q2=64
access_log /partition/squid/logs/access.log
cache_log /partition/squid/logs/cache.log
cache_store_log none
cache_effective_user nobody
cache_effective_group nogroup
pid_filename /var/run/squid.pid
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
memory_pools on
buffered_logs on
pipeline_prefetch on
dns_retransmit_interval 15 seconds
#cache_swap_low 70
#cache_swap_high 90
#SquidCacheAux URL_REWRITE start
url_rewrite_program /etc/SquidCacheAux/redir.pl
url_rewrite_children 5
#SquidCacheAux URL_REWRITE end
#SquidCacheAux refresh_pattern start
refresh_pattern windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern orkut.com/.* 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern orkut.com.br/.* 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern (get_video\?|videoplayback\?|videodownload\?) 5259487 99999999% 5259487 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern ytimg\.com.*\.jpg 129600 999999% 129600 override-expire ignore-reload
#SquidCacheAux refresh_pattern end
refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml)$ 1440 80% 999999
refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png)$ 1440 80% 999999 ignore-reload
refresh_pattern -i ^http://.*\.(ace|adt|arj|asf|avi|bin|bz2|bzip|cab|dat|dll|doc|dot|exe|fla|flv|gz|iso|lha|log|lzh|mdb|mid|mov|mp3|mpeg|mpg|msi|mso|ogg|pps|ppt|rar|rm|rtf|shs|src|sys|swf|tgz|tif|ttf|wav|wma|wri|wmv|vpu|vpaa|vqf|vob|zip)$ 43200 100% 999999 ignore-reload
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
#acl to_localhost dst 127.0.0.1/32
######Controle de Download######
acl controle1 url_regex -i src 192.168.0.0/24
acl controle2 url_regex -i \.exe$ \.mp3$ \.mp2$ \.mpeg$ \.mpg$ \.mov$ \.zip$ \.rar$ \.avi$ \.iso$ \.wav$ \.7z$ \.wma$ \.wmv$ \.mp4$ \.001$ \.002$ \.003$ \.3gp$ \.rm$ \.rmvb$
acl controle3 urlpath_regex get_video\? videoplayback\? videodownload\? watch\?
acl controle4 url_regex -i src 4shared.com
delay_pools 4
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow controle1
delay_class 2 2
delay_parameters 2 -1/-1 10240/10240
delay_access 2 allow controle2
delay_class 3 2
delay_parameters 3 -1/-1 38000/38000
delay_access 3 allow controle3
delay_class 4 2
delay_parameters 4 -1/-1 10240/10240
delay_access 4 allow controle4
######Fim do Controle de Download######
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 8180
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl manager proto cache_object
acl PURGE method PURGE
acl CONNECT method CONNECT
http_access allow PURGE localhost
http_access allow manager localhost
http_access deny PURGE
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl filterneg dstdom_regex "/usr/local/squid/etc/filter.flt"
acl internal_net src "/usr/local/squid/etc/ipaccess.yes"
acl no_proxy dstdom_regex -i "/usr/local/squid/etc/ipaccess.no"
#Access deny to Squid ident. header
header_access Via deny all
header_access X-Forwarded-For deny all
header_access Proxy-Connection deny all
header_access Accept-Encoding deny all
always_direct allow no_proxy
http_access deny filterneg
http_access allow internal_net
http_access deny all
#http_reply_access allow all
#icp_access allow all
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname brazilfw
coredump_dir /partition/squid/cache
error_directory /usr/local/squid/share/errors/Portuguese
#SquidCacheAux STOREURL start
storeurl_access allow store_rewrite_list
storeurl_access allow store_rewrite_list_orkut
storeurl_access deny all
storeurl_rewrite_program /etc/SquidCacheAux/storeurl.pl
storeurl_rewrite_children 5
storeurl_rewrite_concurrency 5
#SquidCacheAux STOREURL end
squid.conf com alteração:
- Código: Selecionar todos
http_port 3128
icp_port 0
acl video_cache dstdomain -i "/usr/local/squid/etc/cache.flt"
cache allow video_cache
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_mem 600 MB
maximum_object_size 256000 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 64 KB
cache_dir diskd /partition/squid/cache 5120 16 256 Q1=72 Q2=64
access_log /partition/squid/logs/access.log
cache_log /partition/squid/logs/cache.log
cache_store_log none
cache_effective_user nobody
cache_effective_group nogroup
pid_filename /var/run/squid.pid
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
memory_pools on
buffered_logs on
pipeline_prefetch on
dns_retransmit_interval 15 seconds
#cache_swap_low 70
#cache_swap_high 90
#SquidCacheAux URL_REWRITE start
url_rewrite_program /etc/SquidCacheAux/redir.pl
url_rewrite_children 5
#SquidCacheAux URL_REWRITE end
#SquidCacheAux refresh_pattern start
refresh_pattern windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims
refresh_pattern orkut.com/.* 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern orkut.com.br/.* 10080 100% 43200 override-expire override-lastmod reload-into-ims ignore-reload
refresh_pattern (get_video\?|videoplayback\?|videodownload\?) 5259487 99999999% 5259487 override-expire override-lastmod reload-into-ims ignore-reload ignore-no-cache ignore-private
refresh_pattern (get_video\?|videoplayback\?|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern (get_video\?|videoplayback\?id|videoplayback.*id|videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern -i (get_video\?|videoplayback\?id|videoplayback.*id||videodownload\?|\.flv?) 129600 999999% 129600 ignore-no-cache ignore-private override-expire override-lastmod reload-into-ims
refresh_pattern ytimg\.com.*\.jpg 129600 999999% 129600 override-expire ignore-reload
#SquidCacheAux refresh_pattern end
refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml)$ 1440 80% 999999
refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png)$ 1440 80% 999999 ignore-reload
refresh_pattern -i ^http://.*\.(ace|adt|arj|asf|avi|bin|bz2|bzip|cab|dat|dll|doc|dot|exe|fla|flv|gz|iso|lha|log|lzh|mdb|mid|mov|mp3|mpeg|mpg|msi|mso|ogg|pps|ppt|rar|rm|rtf|shs|src|sys|swf|tgz|tif|ttf|wav|wma|wri|wmv|vpu|vpaa|vqf|vob|zip)$ 43200 100% 999999 ignore-reload
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
#acl to_localhost dst 127.0.0.1/32
######Controle de Download######
acl controle1 url_regex -i src 192.168.0.0/24
acl controle2 url_regex -i \.exe$ \.mp3$ \.mp2$ \.mpeg$ \.mpg$ \.mov$ \.zip$ \.rar$ \.avi$ \.iso$ \.wav$ \.7z$ \.wma$ \.wmv$ \.mp4$ \.001$ \.002$ \.003$ \.3gp$ \.rm$ \.rmvb$
acl controle3 urlpath_regex get_video\? videoplayback\? videodownload\? watch\?
acl controle4 url_regex -i src 4shared.com
delay_pools 4
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow controle1
delay_class 2 2
delay_parameters 2 -1/-1 10240/10240
delay_access 2 allow controle2
delay_class 3 2
delay_parameters 3 -1/-1 38000/38000
delay_access 3 allow controle3
delay_class 4 2
delay_parameters 4 -1/-1 10240/10240
delay_access 4 allow controle4
######Fim do Controle de Download######
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 8180
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl manager proto cache_object
acl PURGE method PURGE
acl CONNECT method CONNECT
http_access allow PURGE localhost
http_access allow manager localhost
http_access deny PURGE
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl filterneg dstdom_regex "/usr/local/squid/etc/filter.flt"
acl internal_net src "/usr/local/squid/etc/ipaccess.yes"
acl no_proxy dstdom_regex -i "/usr/local/squid/etc/ipaccess.no"
#Access deny to Squid ident. header
header_access Via deny all
header_access X-Forwarded-For deny all
header_access Proxy-Connection deny all
header_access Accept-Encoding deny all
always_direct allow no_proxy
http_access deny filterneg
http_access allow internal_net
http_access deny all
#http_reply_access allow all
#icp_access allow all
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname brazilfw
coredump_dir /partition/squid/cache
error_directory /usr/local/squid/share/errors/Portuguese
Geralmente são as linhas a partir de "#SquidCacheAux ACL start" até "#SquidCacheAux ACL end" e também da "#SquidCacheAux STOREURL start" até "#SquidCacheAux STOREURL end" que somem.
Lembrando que a única alteração que fiz no squid.conf é através do arquivo squid_2.tpl com as linha de Delay pool e que no BFW tenho marcado o "Não" para "Desabilitar criação do squid.conf:", ou seja, ele é criado automaticamente.
Se puderem me dá uma luz, agradeço!