[Gutl-l] Re: Squid Urgente

Wed, 01 Jul 2020 10:01:12 -0700 

El 01/07/2020 a las 12:14, Josvany Hernández Ortega escribió:


Aquí va completo.

========================

Josvany Hernández Ortega.

Administrador de Red.

Telf. +53 7 682 3279

Pizz. +53 7 682 9563 al 70

Ext. 108

josvan...@centis.edu.cu <mailto:josvan...@centis.edu.cu>

========================

*De:*Micky <maikel.man...@ipi.cm.rimed.cu>
*Enviado el:* miércoles, 1 de julio de 2020 12:04
*Para:* gutl-l@listas.jovenclub.cu
*Asunto:* [Gutl-l] Re: Squid Urgente


Dejame hacerte una pregunta esto es todo el conf de tu squid??? te 
pregunto por que no veo ninguna acl para la autenticacion y supongo 
que tengas conexion directa


El 1/7/20 a las 10:58, Josvany Hernández Ortega escribió:

    Estoy teniendo problemas con esto necesito que alguien me revise
    el orden la las acl y la sintaxis de las mismas, por favor estoy
    volviéndome loco con respecto a este tema. Aquí les dejo mis acl,
    Esto es Squid 5.0.2.  las cosas que están repetidas y comentadas
    he sido yo tratando de dar pie con bolas.

    #Squid ACL

    acl localhost src 172.16.1.220/32

    acl localnet src 172.16.0.0/22

    acl SSL_ports port 443             # HTTPS

    acl SSL_ports port 563             # SNEWS

    acl SSL_ports port 873             # RSYNC

    acl Safe_ports port 21             # FTP

    acl Safe_ports port 22             # SSH

    acl Safe_ports port 25             # SMTP

    acl Safe_ports port 70             # GOPHER

    acl Safe_ports port 80             # HTTP

    acl Safe_ports port 110            # POP3

    acl Safe_ports port 210            # WAIS

    acl Safe_ports port 280            # HTTP-MGMT

    acl Safe_ports port 443            # HTTPS

    acl Safe_ports port 488            # GSS-HTTP

    acl Safe_ports port 591            # FILEMAKER

    acl Safe_ports port 631            # CUPS

    acl Safe_ports port 777            # MULTILING HTTP

    acl Safe_ports port 873            # RSYNC

    acl Safe_ports port 901            # SWAT

    acl Safe_ports port 5222           # JABBER

    acl Safe_ports port 1025-65535     # UNREGISTERED PORTS

    acl Safe_ports port 53    # DNS

    acl Safe_ports port 7071 # Zimbra WebAdmin

    acl Safe_ports port 9090 # Jabber Admin

    acl Safe_ports port 123    # NTP

    ## Methods allowed

    acl Safe_method method CONNECT GET HEAD POST

    http_access deny !Safe_method

    ## Protocols allowed

    #acl Safe_proto proto HTTP SSL

    #http_access deny !Safe_proto

    # Deny requests to certain unsafe ports

    http_access deny !Safe_ports

    # Only allow cachemgr access from localhost

    http_access allow localhost localnet

    # Time limitations[from 830am to 430pm, weekly working time]

    acl workingtime time MTWHF 08:30-16:30

    acl not_work_domains dstdomain "/etc/squid/denied/not_allowed"

    http_access deny workingtime not_work_domains !Nav_full !Rsocial

    ## Autenticacion

    acl pc-int src "/etc/squid/pcinternet/pc"

    acl cuba dstdomain .cu

    http_access allow Squid_Login pc-int Nav_Int

    http_access allow Squid_Login cuba localnet

    # Only 20 connection threads per ip[EXAMPLE but works]

    acl limitreq maxconn 20

    http_access deny limitreq !Nav_full

    # Denegar Videos

    acl deny_rep_mime_flashvideo rep_mime_type video/flv

    #EVITAR NAVEGACION POR IP

    acl NAVEGACION_IP dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$

    # Limite en cantidad de veces q puede estar uno logueado

    acl max-maq-por-usuario max_user_ip -s 1

    #EVITAR BURLAS A GOOGLE

    acl mocks_gl url_regex google.com[\.[A-Z][a-z]]/gwt

    acl mocks_gl url_regex google.com.cu/gwt

    acl mocks_gl url_regex google.com.cu/xhtml

    acl mocks_gl url_regex google.com.cu/m

    acl mocks_gl url_regex google.com.cu/pda

    # Whitelisting sites

    acl whitelist dstdomain "/etc/squid/allowed/whitelist"

    # Allowing whitelisting

    http_access allow whitelist

    # Blacklisted stuff Porno

    acl blacklist_domain_porn dstdomain "/etc/squid/porn/domains"

    acl blacklist_urls_porn url_regex "/etc/squid/porn/regularexpressions"

    # Politics related

    acl blacklist_domain_politic dstdomain "/etc/squid/politic/domains"

    # Chat

    acl blacklist_domain_chat dstdomain "/etc/squid/chat/domains"

    # Anonymous proxies

    acl blacklist_domain_proxy dstdomain "/etc/squid/proxy/domains"

    # Weird domains

    acl blacklist_domain_suspect dstdomain "/etc/squid/suspect/domains"

    # ADS

    acl ads_url url_regex "/etc/squid/ads/regularexpressions"

    acl ads_domain dstdomain "/etc/squid/ads/domains"

    # Blacklisted Socialnet

    acl blacklist_domain_socialnet dstdomain
    "/etc/squid/socialnet/domains"

    acl blacklist_urls_socialnet url_regex "/etc/squid/socialnet/urls"

    # Blacklisted Music

    acl blacklist_domain_music dstdomain "/etc/squid/music/domains"

    acl blacklist_urls_music url_regex "/etc/squid/music/urls"

    # Blacklisted Webmail

    acl blacklist_domain_webmail dstdomain "/etc/squid/webmail/domains"

    acl blacklist_urls_webmail url_regex "/etc/squid/webmail/urls"

    # Denying blacklisted

    http_access deny max-maq-por-usuario

    http_access deny mocks_gl

    http_access deny NAVEGACION_IP !Nav_full

    http_access deny blacklist_domain_porn

    http_access deny blacklist_urls_porn

    http_access deny blacklist_domain_politic

    http_access deny blacklist_domain_chat !Nav_full

    http_access deny blacklist_domain_proxy

    http_access deny blacklist_domain_suspect

    http_access deny ads_url

    http_access deny ads_domain

    http_access deny blacklist_domain_socialnet !Nav_full !Rsocial

    http_access deny blacklist_urls_socialnet !Nav_full !Rsocial

    http_access deny blacklist_domain_music !Nav_full

    http_access deny blacklist_urls_music !Nav_full

    http_access deny blacklist_domain_webmail !Nav_full

    http_access deny blacklist_urls_webmail !Nav_full

    http_reply_access deny deny_rep_mime_flashvideo !Nav_full

    # Time limitations[from 830am to 430pm, weekly working time]

    #acl workingtime time MTWHF 08:30-16:30

    #acl not_work_domains dstdomain "/etc/squid/denied/not_allowed"

    #http_access deny workingtime not_work_domains !Nav_full !Rsocial

    #################################

    #http_access allow Squid_Login pc-int Nav_Int

    #http_access allow Squid_Login cuba localnet

    #http_access deny !Squid_Login

    #################################

    # Denegar Todo

    http_access deny all

    icp_access deny all

    ========================

    Josvany Hernández Ortega.

    Administrador de Red.

    Telf. +53 7 682 3279

    Pizz. +53 7 682 9563 al 70

    Ext. 108

    josvan...@centis.edu.cu <mailto:josvan...@centis.edu.cu>

    ========================



    _______________________________________________

    Gutl-l mailing list --gutl-l@listas.jovenclub.cu  
<mailto:gutl-l@listas.jovenclub.cu>

    To unsubscribe send an email togutl-l-le...@listas.jovenclub.cu  
<mailto:gutl-l-le...@listas.jovenclub.cu>


_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu


por arriba veo esto:


"dc=centis,dc=cu" -D "cn=administrator,cn=users,dc=centis,dc=cu" -w 
"11111" -f saMAccountName=%s -h 172.168.1.205

auth_param basic children 5

 tu dominio es centis.edu.cu y estas poniendo solo dc=centis,dc=cu 
cuando debe ser dc=centis,dc=edu,dc=cu


--
Juan Carlos Hernández Gallardo
Esp. C en Ciencias Informáticas
UPI Pedraplén Sur Ciego de Ávila
Email: jua...@psurcav.co.cu


_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu






















					Responder a