-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kinkie ha scritto: > > Bisognerebbe vedere la configurazione del tuo squid (le linee acl e > http_access per lo meno) > > giusto... sorry avrei dovuto pensarci prima ma si vede che sono propriopiu' stordito del solito vecchiaia e interventi non aiutano certo. - -- Mario Vittorio Guenzi E-mail jclark@xxxxxxxxxx Si vis pacem, para bellum -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk1mJCsACgkQm6qs1ZkNrIrKOwCdEbOlauWobdjr+h3oXx1+3kSn QZIAn2c9xpBzcCSQovYFnmIDRjcAy5xJ =6zb7 -----END PGP SIGNATURE-----
### test per java acl Java browser Java/1.4 Java/1.5 Java/1.6 http_access allow Java ### fine test auth_param ntlm program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic auth_param basic children 5 auth_param basic realm Squid proxy-caching web server auth_param basic credentialsttl 2 hours auth_param basic casesensitive off authenticate_cache_garbage_interval 1 hour authenticate_ttl 1 hour ### windows update prima di autenticazione acl wu dstdomain .windowsupdate.com .microsoft.com .windows.com .public-trust.com http_access allow wu ### avast update prima di autenticazione acl avast dstdomain .avast.com http_access allow avast ### disperato tentativo per adobe acl adobe dstdomain .adobe.com http_access allow adobe #acl my_lan src 192.168.2.0/24 #acl macaddress arp 09:00:2b:23:45:67 #acl myexample dst_as 1241 acl password proxy_auth REQUIRED #acl fileupload req_mime_type -i ^multipart/form-data$ acl javascript rep_mime_type -i ^application/x-javascript$ # #Default: #acl all src 0.0.0.0/0.0.0.0 # #Recommended minimum configuration: acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 # # acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS acl my_lan src 192.168.2.0/24 acl gator browser Gator/5.0 acl blacklist url_regex "/jumper/etc/blacklist.txt" acl malware_block_list url_regex -i "/jumper/etc/malware_block_list.txt" acl reqmsn req_mime_type -i ^application/x-msn-messenger acl repmsn rep_mime_type -i ^application/x-msn-messenger http_access deny blacklist http_access deny malware_block_list deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list http_access deny gator http_access deny reqmsn http_reply_access deny repmsn http_access allow localhost http_access allow password http_access deny blacklist http_access deny malware_block_list deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list http_access deny gator http_access deny reqmsn http_access allow localhost # And finally deny all other access to this proxy http_access deny all # none http_reply_access deny repmsn http_reply_access allow all icp_access deny all htcp_access deny all htcp_clr_access deny all # Squid normally listens to port 3128 http_port 3128 # none cache_peer_access 127.0.0.1 allow password hierarchy_stoplist cgi-bin ? #Default: cache_mem 8 MB #cache_mem 512 MB maximum_object_size_in_memory 8 KB memory_replacement_policy lru cache_replacement_policy lru cache_dir aufs /cache 22000 16 256 store_dir_select_algorithm least-load max_open_disk_fds 0 minimum_object_size 0 KB maximum_object_size 4096 KB logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh access_log jumper/var/log/squid3/access.log squid cache_log /jumper/var/log/squid3/cache.log cache_store_log jumper/var/log/squid3/store.log logfile_rotate 0 emulate_httpd_log off log_ip_on_direct on mime_table /usr/share/squid3/mime.conf log_mime_hdrs off pid_filename /var/run/squid3.pid debug_options ALL,1 log_fqdn on buffered_logs on ftp_user Squid@ ftp_list_width 32 ftp_passive on ftp_sanitycheck on ftp_telnet_protocol on diskd_program /usr/lib/squid3/diskd unlinkd_program /usr/lib/squid3/unlinkd refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern (cgi-bin|\?) 0 0% 0 refresh_pattern . 0 20% 4320 quick_abort_min 16 KB quick_abort_max 16 KB quick_abort_pct 95 read_ahead_gap 16 KB positive_dns_ttl 6 hours negative_dns_ttl 1 minutes range_offset_limit 0 KB minimum_expiry_time 60 seconds store_avg_object_size 13 KB store_objects_per_bucket 20 request_header_max_size 20 KB reply_header_max_size 20 KB request_body_max_size 0 KB ie_refresh on relaxed_header_parser on forward_timeout 4 minutes connect_timeout 1 minute request_timeout 5 minutes persistent_request_timeout 2 minutes client_lifetime 600 minutes half_closed_clients on pconn_timeout 1 minute ident_timeout 10 seconds shutdown_lifetime 30 seconds cache_mgr webmaster mail_from squid@proxy mail_program mail cache_effective_user proxy cache_effective_group proxy httpd_suppress_version_string on visible_hostname proxy #Default: client_persistent_connections on server_persistent_connections on persistent_connection_after_error off snmp_port 3401 icp_port 3130 icon_directory /usr/share/squid3/icons global_internal_static on error_directory /usr/share/squid3/errors/Italian email_err_data on acl FTP proto FTP always_direct allow FTP check_hostnames on allow_underscore on dns_retransmit_interval 5 seconds dns_timeout 2 minutes dns_defnames off dns_nameservers 192.168.2.10 hosts_file /etc/hosts ignore_unknown_nameservers on ipcache_size 1024 ipcache_low 90 ipcache_high 95 fqdncache_size 1024 memory_pools on memory_pools_limit 5 MB forwarded_for on client_db on coredump_dir jumper/var/spool/squid3