[FUGSPBR] Bloquear downloads de alguns arquivos

[William David Armstrong]

pra completar

SQUID.CONF

http_port 0.0.0.0:3128
icp_port 3130
htcp_port 4827
udp_incoming_address 0.0.0.0
udp_outgoing_address 255.255.255.255
icp_query_timeout 0
maximum_icp_query_timeout 2000
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
hierarchy_stoplist cgi-bin
hierarchy_stoplist ?
no_cache Deny QUERY
cache_mem 8388608 bytes
cache_swap_low 90
cache_swap_high 95
maximum_object_size 30720000 bytes
minimum_object_size 0 bytes
maximum_object_size_in_memory 8192 bytes
ipcache_size 1024
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
cache_dir diskd /usr/local/squid/cache 140 16 256 Q1=64 Q2=72
cache_dir diskd /usr/local/squid/cache2 440 16 256 Q1=64 Q2=72
cache_dir diskd /usr/local/squid/cache3 600 16 256 Q1=64 Q2=72
cache_access_log /usr/local/squid/var/logs/access.log
cache_log /usr/local/squid/var/logs/cache.log
cache_store_log /usr/local/squid/var/logs/store.log
emulate_httpd_log off
log_ip_on_direct on
mime_table /usr/local/squid/etc/mime.conf
log_mime_hdrs off
pid_filename /usr/local/squid/var/logs/squid.pid
debug_options ALL,1
log_fqdn off
client_netmask 255.255.255.255
ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
dns_retransmit_interval 5 seconds
dns_timeout 300 seconds
hosts_file /etc/hosts
diskd_program /usr/local/squid/libexec/diskd
unlinkd_program /usr/local/squid/libexec/unlinkd
pinger_program /usr/local/squid/libexec/pinger
redirect_children 5
redirect_rewrites_host_header off
authenticate_cache_garbage_interval 3600 seconds
authenticate_ttl 3600 seconds
authenticate_ip_ttl 0 seconds
wais_relay_port 0
request_header_max_size 10240 bytes
request_body_max_size 0 bytes
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 300 seconds
positive_dns_ttl 21600 seconds
negative_dns_ttl 300 seconds
range_offset_limit 0 bytes
connect_timeout 120 seconds
peer_connect_timeout 30 seconds
read_timeout 900 seconds
request_timeout 300 seconds
persistent_request_timeout 60 seconds
client_lifetime 86400 seconds
half_closed_clients on
pconn_timeout 120 seconds
shutdown_lifetime 30 seconds
acl QUERY urlpath_regex cgi-bin
acl QUERY urlpath_regex \?
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1
acl cache src 10.0.1.1
acl SSL_ports port 443
acl SSL_ports port 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 563
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl httpdeny url_regex ads.icq.com/content
acl httpdeny url_regex banner
acl httpdeny url_regex desktop.kazaa.com
acl httpdeny url_regex web.icq.com/client
acl httpdeny url_regex orc.ezpornhost.com/freeporn.html
acl httpdeny url_regex pop-up
acl bionet1 src 10.0.1.0/255.255.255.0
acl bionet2 src 192.168.42.0/255.255.255.248
acl localclients1 src 10.0.1.0/255.255.255.0
acl localclients2 src 192.168.42.0/255.255.255.248
acl magic_words1 url_regex 10.0.1
acl magic_words1 url_regex 192.168.42
acl magic_words2 url_regex ftp
acl magic_words2 url_regex .exe
acl magic_words2 url_regex .mp3
acl magic_words2 url_regex .vqf
acl magic_words2 url_regex .tar.gz
acl magic_words2 url_regex .gz
acl magic_words2 url_regex .rpm
acl magic_words2 url_regex .zip
acl magic_words2 url_regex .rar
acl magic_words2 url_regex .avi
acl magic_words2 url_regex .mpeg
acl magic_words2 url_regex .mpe
acl magic_words2 url_regex .mpg
acl magic_words2 url_regex .qt
acl magic_words2 url_regex .ram
acl magic_words2 url_regex .rm
acl magic_words2 url_regex .iso
acl magic_words2 url_regex .raw
acl magic_words2 url_regex .wav
acl magic_words2 url_regex .mov
acl day time SMTWHFA 08:00-20:00
http_access Allow manager localhost
http_access Allow manager cache
http_access Deny manager
http_access Deny !Safe_ports
http_access Deny CONNECT !SSL_ports
http_access Allow httpallow
http_access Deny httpdeny
http_access Allow bionet1
http_access Allow bionet2
http_access Deny all
http_reply_access Allow all
icp_access Allow all
miss_access Allow localclients1
miss_access Allow localclients2
miss_access Deny !localclients1
miss_access Deny !localclients2
reply_body_max_size 0 Allow all
cache_mgr bio em bsd-unix.com.br
cache_effective_user nobody
cache_effective_group nobody
announce_period 31536000 seconds
announce_host tracker.ircache.net
announce_port 3131
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_single_host off
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
dns_testnames netscape.com
dns_testnames internic.net
dns_testnames nlanr.net
dns_testnames microsoft.com
logfile_rotate 10
tcp_recv_bufsize 0 bytes
err_html_text 
memory_pools on
memory_pools_limit 0 bytes
forwarded_for on
log_icp_queries on
icp_hit_stale off
minimum_direct_hops 4
minimum_direct_rtt 400
cachemgr_passwd XXXXXXXXXX all
store_avg_object_size 50 KB
store_objects_per_bucket 20
client_db on
netdb_low 900
netdb_high 1000
netdb_ping_period 300 seconds
query_icmp off
test_reachability off
buffered_logs on
icon_directory /usr/local/squid/share/icons
error_directory /usr/local/squid/share/errors/Portuguese
minimum_retry_timeout 5 seconds
maximum_single_addr_tries 3
snmp_port 3401
snmp_access Deny all
snmp_incoming_address 0.0.0.0
snmp_outgoing_address 255.255.255.255
as_whois_server whois.ra.net
wccp_router 10.0.1.1
wccp_version 4
wccp_incoming_address 0.0.0.0
wccp_outgoing_address 255.255.255.255
delay_pools 2
delay_class 1 2
delay_access 1 Allow magic_words1
delay_parameters 1 -1/-1 -1/-1
delay_class 2 2
delay_access 2 Allow day
delay_access 2 Deny !day
delay_access 2 Allow magic_words2
delay_parameters 2 5000/5000000 5000/4500000
delay_initial_bucket_level 50
incoming_icp_average 6
incoming_http_average 4
incoming_dns_average 4
min_icp_poll_cnt 8
min_dns_poll_cnt 8
min_http_poll_cnt 8
max_open_disk_fds 0
offline_mode off
uri_whitespace strip
nonhierarchical_direct on
prefer_direct off
strip_query_terms on
coredump_dir /dev/null
redirector_bypass off
ignore_unknown_nameservers on
digest_generation on
digest_bits_per_entry 5
digest_rebuild_period 3600 seconds
digest_rewrite_period 3600 seconds
digest_swapout_chunk_size 4096 bytes
digest_rebuild_chunk_percentage 10
client_persistent_connections on
server_persistent_connections on
pipeline_prefetch on
high_response_time_warning 0
high_page_fault_warning 0
high_memory_warning 0 bytes
store_dir_select_algorithm least-load
ie_refresh on
vary_ignore_expire off
sleep_after_fork 0




com este  script  ele  vai  bloquear

acl magic_words2 url_regex ftp
acl magic_words2 url_regex .exe
acl magic_words2 url_regex .mp3
acl magic_words2 url_regex .vqf
acl magic_words2 url_regex .tar.gz
acl magic_words2 url_regex .gz
acl magic_words2 url_regex .rpm
acl magic_words2 url_regex .zip
acl magic_words2 url_regex .rar
acl magic_words2 url_regex .avi
acl magic_words2 url_regex .mpeg
acl magic_words2 url_regex .mpe
acl magic_words2 url_regex .mpg
acl magic_words2 url_regex .qt
acl magic_words2 url_regex .ram
acl magic_words2 url_regex .rm
acl magic_words2 url_regex .iso
acl magic_words2 url_regex .raw
acl magic_words2 url_regex .wav
acl magic_words2 url_regex .mov

entre  9:00 - 20:00    modifique  este  conf  para que  ele  funcione 
 na  sua  rede

este  conf  esta  configurado  pra  usar  o  squid  2.5 stable 1 
 compilado  na seguinte  maneira


./configure --prefix=/usr/local/squid --enable-carp --with-pthreads  
--with-dl --with-aio --enable-storeio=diskd --enable-removal-policies=heap
 --enable-icmp --enable-referer-log --enable-useragent-log --enable-snmp 
--enable-cachemgr-hostname=cerberus --with-openssl
--enable-cache-digests --enable-default-err-language=Portuguese 
--enable-err-languages=Portuguese --disable-http-violations 
--enable-ipf-transparent
--enable-truncate --enable-underscores --enable-x-accelerator-vary 
--enable-kill-parent-hack --disable-ident-lookups --enable-htcp 
--enable-delay-pools
-enable-poll

-- 
-=-=-=-=-=-=-=-=-=-

     William David Armstrong
 System Administrator Bio Systems.

http://biohazard.kick-ass.org:8080/
bio em bsd-unix.com.br   bio_wolf em yahoo.com
ICQ 102537476     ICQ 27550645



-------------- Próxima Parte ----------
_______________________________________________________________
Sair da Lista: http://www2.fugspbr.org/mailman/listinfo/fugspbr
Historico: http://www4.fugspbr.org/lista/html/FUG-BR/