Uso o BFW 2.32.2, com squid transparente, fiz alguns bloqueios com acls, estão funcionando, mas só tem um problema, as maquinas que tem o acesso restrito, ou seja, que so navega nos sites cadastrados no arquivo liberado carrega a pagina, mas completamente desformatada,não sei se esse é o termo correto, será que está faltando alguma coisa no squid.conf??? no arquivo eu cadastrei da sequinte maneira, por exemplo banco do brasil: .bb. sites do governo: .gov. e assim por diante.
segue o squid.conf
- Código: Selecionar todos
http_port 8080 transparent
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
cache_mem 256 MB
maximum_object_size 10000 KB
minimum_object_size 4 KB
maximum_object_size_in_memory 64 KB
cache_dir diskd /partition/squid/cache 2500 16 256 Q1=72 Q2=64
access_log /partition/squid/logs/access.log
cache_log /partition/squid/logs/cache.log
cache_store_log none
cache_effective_user nobody
cache_effective_group nogroup
pid_filename /var/run/squid.pid
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
memory_pools on
buffered_logs on
pipeline_prefetch on
dns_retransmit_interval 15 seconds
#cache_swap_low 70
#cache_swap_high 90
refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml)$ 1440 80% 999999
refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png)$ 1440 80% 999999 ignore-reload
refresh_pattern -i ^http://.*\.(ace|adt|arj|asf|avi|bin|bz2|bzip|cab|dat|dll|doc|dot|exe|fla|flv|gz|iso|lha|log|lzh|mdb|mid|mov|mp3|mpeg|mpg|msi|mso|ogg|pps|ppt|rar|rm|rtf|shs|src|sys|swf|tgz|tif|ttf|wav|wma|wri|wmv|vpu|vpaa|vqf|vob|zip)$ 43200 100% 999999 ignore-reload
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
#acl to_localhost dst 127.0.0.1/32
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 8180
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl Safe_ports port 901
acl manager proto cache_object
acl PURGE method PURGE
acl CONNECT method CONNECT
#Regras Personalizadas
#Acesso Total
acl acesso_total src "/usr/local/squid/etc/acesso_total"
#Acesso Restrito
acl acesso_restrito src "/usr/local/squid/etc/acesso_restrito"
#Sites Liberados
acl liberado url_regex -i "/usr/local/squid/etc/liberado
http_access allow PURGE localhost
http_access allow manager localhost
http_access deny PURGE
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#Bloqueios
http_access allow acesso_total
http_access allow liberado
http_access deny acesso_restrito
http_access deny all
acl downloads_blocked urlpath_regex -i \.scr$ \.bat$ \.pif$ \.cmd$
acl internal_net src "/usr/local/squid/etc/ipaccess.yes"
#Access deny to Squid ident. header
header_access Via deny all
header_access X-Forwarded-For deny all
header_access Proxy-Connection deny all
header_access Accept-Encoding deny all
http_reply_access deny downloads_blocked
acl CONEXOES maxconn 50
http_access deny CONEXOES internal_net
http_access allow internal_net
http_access deny all
#http_reply_access allow all
#icp_access allow all
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache
visible_hostname brazilfw
coredump_dir /partition/squid/cache
error_directory /usr/local/squid/share/errors/Portuguese
Alguem sabe pq os sites liberados são carregados desformatados???
Obrigado