Segue o squid.conf: #################################################################### http_port 3128 icp_port 0
cache_dir aufs /usr/local/squid/cache 10000 16 256 cache_access_log /usr/local/squid/logs/access.log cache_log /usr/local/squid/logs/cache.log cache_log /dev/null cache_store_log /usr/local/squid/logs/store.log cache_store_log /dev/null cache_swap_log /usr/local/squid/logs/cache_swap.log access_log /usr/local/squid/logs/access.log squid cache_replacement_policy heap LFUDA memory_replacement_policy heap GDSF hierarchy_stoplist cgi-bin ? refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9] acl apache rep_header Server ^Apache coredump_dir /usr/local/squid/cache cache_mem 1200 MB cache_swap_low 80 cache_swap_high 85 maximum_object_size 2000 KB minimum_object_size 0 maximum_object_size_in_memory 256 KB ipcache_size 1024 fqdncache_size 1024 ipcache_low 90 ipcache_high 95 auth_param ntlm program /usr/local/libexec/squid/ntlm_auth xxxxxx.com.br/servidor-ad auth_param ntlm children 100 authenticate_ttl 2 hours auth_param ntlm keep_alive off authenticate_ip_ttl 3600 seconds authenticate_cache_garbage_interval 1 hour #external_acl_type NT_global_group %LOGIN /usr/local/libexec/squid/ wbinfo_group.pl redirect_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf error_directory /usr/local/etc/squid/errors/Portuguese acl all src all acl QUERY urlpath_regex cgi-bin \? acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 acl rede_interna src 10.1.1.0/8 # RFC1918 Rede Interna acl rede_servidores src 10.1.1.5 10.1.1.152 # Servidor AD /BD acl int_almoco time 12:00-14:00 acl int_noite time 18:00-19:00 #acl block_arq urlpath_regex -i .com$ .scr$ .mpeg$ .wma$ .avi$ .pif$ .rmvb$ .wmv$ .rar$ .iso$ .mp3$ .mp4$ .torrent$ #acl Java browser Java/1.4 Java/1.5 Java/1.6 acl autenticados proxy_auth REQUIRED acl chats url_regex -i "/usr/local/etc/squid/acls/chats/chats.txt" acl downloads url_regex -i "/usr/local/etc/squid/acls/downloads/downloads.txt" acl jogos url_regex -i "/usr/local/etc/squid/acls/jogos/jogos.txt" acl multimidia url_regex -i "/usr/local/etc/squid/acls/multimidia/multimidia.txt" acl porn url_regex -i "/usr/local/etc/squid/acls/porn/porn.txt" acl redes_sociais url_regex -i "/usr/local/etc/squid/acls/redes_sociais/redes_sociais.txt" acl tvs_radios_filmes url_regex -i "/usr/local/etc/squid/acls/tvs_radios_filmes/tvs_radios_filmes.txt" acl youtube url_regex -i "/usr/local/etc/squid/acls/youtube/youtube.txt" acl sites_gov url_regex -i "/usr/local/etc/squid/acls/sites_gov/sites_gov.txt" acl sites_liberados url_regex -i "/usr/local/etc/squid/acls/sites_liberados/sites_liberados.txt" acl sites_bancos url_regex -i "/usr/local/etc/squid/acls/sites_bancos/sites_bancos.txt" acl usuarios_restritos_msn proxy_auth "/usr/local/etc/squid/grupos/usuarios_restritos_com_msn.txt" acl usuarios_restritos proxy_auth "/usr/local/etc/squid/grupos/usuarios_restritos.txt" acl usuarios_liberados proxy_auth "/usr/local/etc/squid/grupos/usuarios_liberados.txt" acl usuarios_bloqueados proxy_auth "/usr/local/etc/squid/grupos/usuarios_bloqueados.txt" acl ips_liberados src "/usr/local/etc/squid/grupos/ips_liberados.txt" acl ips_proibidos src "/usr/local/etc/squid/grupos/ips_proibidos.txt" #acl numeric_IPs urlpath_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ reply_body_max_size 314572800 deny !usuarios_liberados request_body_max_size 314572800 deny !usuarios_liberados acl emailsd dstdomain "/usr/local/etc/squid/acls/emailsd/emailsd.txt" acl msn-dll url_regex -i gateway.dll sqmserver.dll ADSAdClient31.dll acl msn-web dst 212.26.216.247/32 82.98.251.0/24 212.26.216.242/32 85.184.4.3/32 65.54.175.250/32 acl msnd url_regex loginnet.passport.com e-messenger.net rad.msn.com tdy.br.msn.com udc.msn.com messenger.hotmail.com messenger.live.com messenger.services.live.com messenger.msn.com gateway.messenger.hotmail.com config.messenger.msn.com .contacts.msn.com webmessenger.msn.com cs.yahoo.com csa.yahoo.com csb.yahoo.com scsa.yahoo.com go.icq.com login.icq.com acl msnapp req_mime_type application/x-msn-messenger acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl purge method PURGE acl CONNECT method CONNECT no_cache deny QUERY http_access allow manager localhost http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow rede_servidores http_access allow sites_liberados http_access allow sites_gov http_access allow sites_bancos no_cache deny sites_bancos http_access deny !autenticados !Safe_ports !SSL_ports http_access deny usuarios_bloqueados http_access allow usuarios_liberados http_access allow usuarios_restritos_msn !downloads !jogos !multimidia !porn !redes_sociais !tvs_radios_filmes !youtube !chats http_access allow usuarios_restritos_gtalk !downloads !jogos !multimidia !porn !redes_sociais !tvs_radios_filmes !youtube !chats !msn-dll !msnd !msnapp !msn-web http_access allow usuarios_restritos !downloads !jogos !multimidia !porn !redes_sociais !tvs_radios_filmes !youtube !chats !msn-dll !msnd !msnapp !msn-web !gtalk #http_access deny connect numeric_IPs http_access allow msn-dll msnd msnapp msn-web chats gtalk emailsd http_access deny all pid_filename /var/run/squid.pid debug_options ALL,1 log_fqdn off connect_timeout 120 seconds read_timeout 15 minutes request_timeout 30 seconds client_lifetime 1 day pconn_timeout 120 seconds shutdown_lifetime 30 seconds cache_effective_user squid cache_mgr [email protected] visible_hostname Proxy logfile_rotate 0 #################################################################### Em 4 de setembro de 2012 08:32, Saul Figueiredo <[email protected]>escreveu: > Em 3 de setembro de 2012 23:52, Welinaldo Lopes Nascimento < > [email protected]> escreveu: > > > Olá pessoal, > > > > Tenho servidores com squid autenticando ao AD, mas frequentemente, > > dependendo do site, abre-se a caixinha de login para autenticação; > > Verificando o access.log, mesmo com usuário tendo permissões de acesso > > total ainda ocorre o erro TCP_DENIED/407, que se refere a autenticação; > > Inclusive, até na regra que bloqueia tudo o que não for autenticado, > > informei também exceções para !Safe_ports !SSL_ports mas o problema > > persiste. > > O que estou fazendo de errado? > > > > -- > > > > > > .ılı..ılı. > > * > > * > > ------------------------- > > Histórico: http://www.fug.com.br/historico/html/freebsd/ > > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > > > > > Opa! > > Mande-nos seu squid.conf pra gente dar uma olhada. > > -- > "Deve-se aprender sempre, até mesmo com um inimigo." > (Isaac Newton) > > Atenciosamente, > Saul Figueiredo > Analista FreeBSD/Linux > Linux Professional Institute Certification Level 2 > Linux User: #554651 > [email protected] > <[email protected]> > ------------------------- > Histórico: http://www.fug.com.br/historico/html/freebsd/ > Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd > -- .ılı..ılı. *Welinaldo Lopes Nascimento* Estudante de Desenvolvimento de Sistemas FreeBSD Community Member #BSD/OS *P Antes de imprimir pense em seu compromisso com o Meio Ambiente.* ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
