BFW Firewall & Router

[Horus]

holas...

alguien me puede facilitar el codigo que viene en el Squid.conf (predeterminado), ya que lo modifique para usar el SCA y quiero volver al archivo original :P


saludos..

[niraseco]

Hola, Horus,
Acá lo tenés:

Código: Selecionar todos

acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl pc_blanca src "/argentobr/squid/pc_blanca"
acl pc_negra src "/argentobr/squid/pc_negra"
acl NO_cache dstdomain -i "/argentobr/squid/no_cache"
acl sitios_prohibidos url_regex -i "/argentobr/squid/sitios_prohibidos"
acl sitios_inocentes url_regex -i "/argentobr/squid/sitios_inocentes"
acl lista_extensiones urlpath_regex -i "/argentobr/squid/lista_extensiones"

#server_persistent_connections off
#tcp_outgoing_address 192.168.1.20 localnet


#
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443      # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
##########################

hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny NO_cache
no_cache deny QUERY
acl normal_service_net src 192.168.1.66
acl good_service_net src 192.168.1.47
tcp_outgoing_tos 0x00 normal_service_net
tcp_outgoing_tos 0x08 good_service_net
http_access allow pc_negra sitios_inocentes
http_access allow pc_negra !sitios_prohibidos
http_access deny pc_negra
http_access allow pc_blanca
#http_access allow localnet
http_access deny all

icp_access allow pc_blanca
icp_access deny all

http_port 8080 transparent

cache_mem 8 MB
maximum_object_size_in_memory 64 KB

cache_replacement_policy heap LFUDA
cache_dir aufs /partition/cache 10 16 256

max_open_disk_fds 0
minimum_object_size 0 KB
maximum_object_size 40096 KB
cache_swap_low 90
cache_swap_high 95
max_stale 4 week

update_headers on

access_log /partition/squidlog/access.log squid
cache_log /partition/squidlog/cache.log
cache_store_log /partition/squidlog/store.log

logfile_rotate 4

quick_abort_min 0 KB
quick_abort_max 0 KB
log_icp_queries off
client_db off
buffered_logs on
half_closed_clients off

refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern -i (/cgi-bin/|\?) 0   0%   0
refresh_pattern .      0   20%   4320
#windows update
refresh_pattern .windowsupdate.com/.*\.(cab|exe) 4320 100% 43200 reload-into-ims


acl shoutcast rep_header X-HTTP09-First-Line ^ICY\s[0-9]
upgrade_http0.9 deny shoutcast

# Apache mod_gzip and mod_deflate known to be broken so don't trust
# Apache to signal ETag correctly on such responses
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache


#
cache_effective_user nobody

#dns_nameservers 10.0.0.1 192.172.0.4

error_directory /partition/squid/share/errors/English

check_hostnames off

hosts_file /etc/hosts

memory_pools off
memory_pools_limit 5 MB
server_persistent_connections off
zph_mode tos
zph_local 0x10


#delay_pools 1 #1
#delay_class 1 2 #1 2
#delay_parameters 1 -1/-1 20000/20000
#acl descargas urlpath_regex -i \.(iso|cab|dll|exe|arj|rar|tar|zip|7z|lzh|lha|png|bmp|mp3|mpga|wav|ra|ram|rm|mov|movie|mpeg|mpg|mpe|wmv|avi|rpm|gz|bz2|deb|ogg|ppt|swf|flv|flash)$
#delay_access 1 allow descargas

# snmp_access allow snmppublic localhost
# snmp_access deny all
#
#Default:
# snmp_access deny all

#  TAG: tcp_outgoing_tos
#   Allows you to select a TOS/Diffserv value to mark outgoing
#   connections with, based on the username or source address
#   making the request.
#
#   tcp_outgoing_tos ds-field [!]aclname ...
#
#   Example where normal_service_net uses the TOS value 0x00
#   and good_service_net uses 0x20
#
#   acl normal_service_net src 10.0.0.0/255.255.255.0
#   acl good_service_net src 10.0.1.0/255.255.255.0
#   tcp_outgoing_tos 0x00 normal_service_net
#   tcp_outgoing_tos 0x20 good_service_net
#
#   TOS/DSCP values really only have local significance - so you should
#   know what you're specifying. For more information, see RFC2474 and
#   RFC3260.
#
#   The TOS/DSCP byte must be exactly that - a octet value  0 - 255, or
#   "default" to use whatever default your host has. Note that in
#   practice often only values 0 - 63 is usable as the two highest bits
#   have been redefined for use by ECN (RFC3168).
#
#   Processing proceeds in the order specified, and stops at first fully
#   matching line.
#
#   Note: The use of this directive using client dependent ACLs is
#   incompatible with the use of server side persistent connections. To
#   ensure correct results it is best to set server_persisten_connections
#   to off when using this directive in such configurations.
#
#Default:
# none

#  TAG: tcp_outgoing_address
#   Allows you to map requests to different outgoing IP addresses
#   based on the username or source address of the user making
#   the request.
#
#   tcp_outgoing_address ipaddr [[!]aclname] ...
#
#   Example where requests from 10.0.0.0/24 will be forwarded
#   with source address 10.1.0.1, 10.0.2.0/24 forwarded with
#   source address 10.1.0.2 and the rest will be forwarded with
#   source address 10.1.0.3.
#
#   acl normal_service_net src 10.0.0.0/24
#   acl good_service_net src 10.0.1.0/24 10.0.2.0/24
#   tcp_outgoing_address 10.1.0.1 normal_service_net
#   tcp_outgoing_address 10.1.0.2 good_service_net
#   tcp_outgoing_address 10.1.0.3
#
#   Processing proceeds in the order specified, and stops at first fully
#   matching line.
#
#   Note: The use of this directive using client dependent ACLs is
#   incompatible with the use of server side persistent connections. To
#   ensure correct results it is best to set server_persistent_connections
#   to off when using this directive in such configurations.
#
#Default:
# none

#  TAG: zph_mode
#   This option enables packet level marking of HIT/MISS responses,
#   either using IP TOS or socket priority.
#       off      Feature disabled
#       tos      Set the IP TOS/Diffserv field
#       priority   Set the socket priority (may get mapped to TOS by OS,
#         otherwise only usable in local rulesets)
#       option   Embed the mark in an IP option field. See also
#             zph_option.
#
#   See also tcp_outgoing_tos for details/requirements about TOS usage.
#
#Default:
#zph_mode on

#  TAG: zph_local
#   Allows you to select a TOS/Diffserv/Priority value to mark local hits.
#   Default: 0 (disabled).
#
#Default:
# zph_local 0

#  TAG: zph_sibling
#   Allows you to select a TOS/Diffserv/Priority value to mark sibling hits.
#   Default: 0 (disabled).
#
#Default:
# zph_sibling 0

#  TAG: zph_parent
#   Allows you to select a TOS/Diffserv/Priority value to mark parent hits.
#   Default: 0 (disabled).
#
#Default:
# zph_parent 0

#  TAG: zph_option
#   The IP option to use when zph_mode is set to "option". Defaults to
#   136 which is officially registered as "SATNET Stream ID".
#
#Default:
# zph_option 136

#  TAG: emulate_httpd_log   on|off
#   The Cache can emulate the log file format which many 'httpd'
#   programs use.  To disable/enable this emulation, set
#   emulate_httpd_log to 'off' or 'on'.  The default
#   is to use the native log format since it includes useful
#   information Squid-specific log analyzers use.
#
#Default:
# emulate_httpd_log off

#  TAG: log_ip_on_direct   on|off
#   Log the destination IP address in the hierarchy log tag when going
#   direct. Earlier Squid versions logged the hostname here. If you
#   prefer the old way set this to off.
#
#Default:
# log_ip_on_direct on


#  TAG: mail_program
#   Email program used to send mail if the cache dies.
#   The default is "mail". The specified program must comply
#   with the standard Unix mail syntax:
#     mail-program recipient < mailfile
#
#   Optional command line options can be specified.
#
#Default:
# mail_program mail



[Horus]

gracias... ya me funciona nuevamente el squid (los bloqueos de paginas)


saludos..