Squid 3

Iniciado por lilam, 06 de Março de 2013, 08:58

tópico anterior - próximo tópico


Bom dia companheiros, estou configurando meu squid, mas está apresentando os seguintes erros, e não sei o que fazer. Abaixo segue o erro e o squid completo

root@servernet02:~# squid3 -k reconfigure
2013/03/06 08:50:58| WARNING: Netmasks are deprecated. Please use CIDR masks instead.
2013/03/06 08:50:58| WARNING: IPv4 netmasks are particularly nasty when used to compare IPv6 to IPv4 ranges.
2013/03/06 08:50:58| WARNING: For now we will assume you meant to write /32
FATAL: getpwnam failed to find userid for effective user 'squid'
Squid Cache (Version 3.1.19): Terminated abnormally.
CPU Usage: 0.040 seconds = 0.028 user + 0.012 sys
Maximum Resident Size: 70832 KB
Page faults with physical i/o: 0

##################### SQUID ########################

http_port 3128 transparent
maximum_icp_query_timeout 2000
cache_mem 2048 MB
cache_swap_low 90
cache_swap_high 95
##manual do squid pede pra por isso pra ajudar no windows update
#range_offset_limit -1
#quick_abort_min -1
maximum_object_size 600 MB
minimum_object_size 10 KB
maximum_object_size_in_memory 100 KB
##cache_replacement_policy heap GDSF
##memory_replacement_policy heap GDSF
##otimisacoes novas
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
## off para o squid fechar conexoes
half_closed_clients off
##fim otimizacoes novas

cache_dir ufs /var/spool3/squid 30000 128 128
cache_access_log /var/log/squid3/access.log.1
cache_log /var/log/squid3/cache.log.1
cache_store_log none
emulate_httpd_log off
mime_table /etc/squid3/mime.conf
pid_filename /var/run/squid.pid
debug_options ALL,1
hosts_file /etc/hosts

#fazer cache do windows update
refresh_pattern windowsupdate.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern download.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern www.microsoft.com/.*\.(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern au.download.windowsupdate.com/.*\.(cab|exe|dll|msi) 4320 100% 43200 reload-into-ims
refresh_pattern msgruser.dlservice.microsoft.com/.*.(cab|exe|msi) 10080 100% 43200 reload-into-ims

#faz o cache dos arquivos do anti-virus Kaspersky
refresh_pattern dnl-/.*\.(xml|stt|dll|dat|avc|dif|exe|cab|fad) 10080 100% 43200 reload-into-ims

#cache dos videos do youtube mas acho que nao funciona
#refresh_pattern -i \.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
#acl youtube dstdomain .youtube.com
#cache allow youtube

cache_effective_user squid
cache_effective_group squid
visible_hostname intranet.rafitec.com.br
visible_hostname suporte.rafitec.com.br
logfile_rotate 10
icon_directory /usr/local/share/icons
#error_directory /usr/local/share/errors/Portuguese
error_directory /etc/squid3/ErrosPersonalizados
coredump_dir /var/squid3/cache

refresh_pattern ^ftp:      1440   20%   10080
refresh_pattern ^gopher:   1440   0%   1440
refresh_pattern .      0   20%   4320
acl manager proto cache_object
acl localhost src   
acl SSL_ports port 443 563
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443 563      # https, snews
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http

#dstdom_regex se a palavra estiver no dominio da url
#url_regex se a palavra estiver na url
#urpath_regex se a palavra estiver

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

acl proibir_ip_local src "/etc/squid3/proibir_ip_local"
acl proibir_dominios dstdom_regex -i "/etc/squid3/proibir_dominios"

#acl proibir_downloads url_regex #estava assim antes, proibindo em toda a url, foi adicionado .com
acl proibir_downloads urlpath_regex -i \.com$ \.vbs$ \.bat$ \.avi$ \.mp3$ \.scr$ \.cmd$ \.rmvb$ \.wmv$ \.wma$ \.mpg$ \.mpeg$ \.mp4$ \.iso$ \.zip$ \.rar$ \.cab$ \.rpm$ \.tar$ \.gz$ \.tgz.$ \.tgz$  \.exe$ \.msi$ \.flv$ \.pls$ \.cpl$

#acl proibir_downloads_compactados url_regex -i \.iso$ \.rar$ \.cab$ \.rpm$ \.tar$ \.gz$ \.tgz.$ \.tgz$ \.jar$ 
#acl proibir_downloads_virus url_regex -i \.com$ \.vbs$ \.bat$ \.scr$ \.cmd$ \.exe$ \.msi$ .cpl$
#acl proibir_downloads_audio url_regex -i \.mp3$ \.wma$ \.ogg$ \.pls$
#acl proibir_downloads_video url_regex -i \.avi$ \.rmvb$ \.wmv$ \.mpg$ \.mpeg$ \.mp4$ \.flv$

acl streaming rep_mime_type ^video/x-ms-asf
acl music urlpath_regex -i \.aif$ \.aifc$ \.aiff$ \.asf$ \.asx$ \.avi$ \.au$ \.m3u$ \.med$ \.mp3$ \.m1v$ \.mp2$ \.mp2v$ \.mpa$ \.mov$ \.mpe$ \.mpg$ \.mpeg$ \.ogg$ \.pls$ \.ram$ \.ra$ \.ram$ \.snd$ \.wma$ \.wmv$ \.wvx$ \.mid$ \.midi$ \.rmi$

acl proibir_atualizacoes_horario time MTWHF 07:00-09:30
acl proibir_atualizacoes_sites dstdom_regex -i "/etc/squid3/proibir_atualizacoes_sites"

################### LIBERAR ACESSO AO YOUTUBE PARA CERTOS IP ################################

acl ip_youtube src   #JOANES_WIRELESS
acl ip_youtube src   #PAULO
acl ip_youtube src   #SONIA
acl ip_youtube src   #JOANES
acl ip_youtube src   #ALEXANDRE_MANUTENCAO   
acl ip_youtube src   #JOSIANE_COMERCIAL
acl ip_youtube src   #JULIANO_TI
acl ip_youtube src   #JARBAS_TI
acl ip_youtube src   #ISLEY_MANUTENCAO
acl ip_youtube src   #MICHEL_MANUTENCAO

acl proibir_youtube dstdom_regex -i "/etc/squid3/proibir_youtube"
http_access allow ip_youtube proibir_youtube

acl proibir_palavras_na_url url_regex -i "/etc/squid3/proibir_palavras_na_url"
#criar ACL para proibir palavras somente do dominio em diante
#urlpath_regex: semelhante ao url_regex, mas exclui o protocolo e o domínio na busca
acl proibir_palavras_no_dominio dstdom_regex -i "/etc/squid3/proibir_palavras_no_dominio"
acl proibir_ip_remoto dst "/etc/squid3/proibir_ip_remoto"
acl proibir_malware url_regex -i "/etc/squid3/proibir_malware"
acl proibir_possiveis_virus dstdom_regex -i "/etc/squid3/proibir_possiveis_virus"
acl proibir_temporario dstdom_regex -i "/etc/squid3/proibir_temporario"
acl proibir_youtube dstdom_regex -i "/etc/squid3/proibir_youtube"
acl proibir_imcontrol url_regex -i "/etc/squid3/proibir_imcontrol"
acl liberar_imcontrol url_regex -i "/etc/squid3/liberar_imcontrol"
acl liberar_palavras_na_url url_regex -i "/etc/squid3/liberar_palavras_na_url"
acl liberar_palavras_no_dominio dstdom_regex -i "/etc/squid3/liberar_palavras_no_dominio"
acl liberar_downloads_nos_sites dstdom_regex -i "/etc/squid3/liberar_downloads_nos_sites"
acl liberar_updates dstdom_regex -i "/etc/squid3/liberar_updates"
acl liberar_site_full_temporario dstdom_regex -i "/etc/squid3/liberar_site_full_temporario"
acl liberar_root src "/etc/squid3/liberar_root"
acl liberar_acesso_ip_limitado src "/etc/squid3/liberar_acesso_ip"

#acl liberar_acesso_total_horario src "/etc/squid3/liberar_acesso_total_horario"
#acl liberar_acesso18h time MTWHF 18:10-23:49
#acl liberar_acesso_total_root time MTWHF 07:45-18:15
acl liberar_acesso_total_root time MTWHF 07:45-22:00
acl liberar_acesso_horario time MTWHF 07:45-18:00
acl ip_horario_comercial src "/etc/squid3/liberar_acesso_ip_horario"

acl liberar_ip_remoto dst "/etc/squid3/liberar_ip_remoto"
acl NOCACHE dstdomain -i "/etc/squid3/proibir_cache"
acl liberar_dominios dstdom_regex -i "/etc/squid3/liberar_dominios"

acl webserver src
http_access allow manager webserver

################# PROIBIR TEMPORARIOS E YOUTUBE PARA OS ROOTS #######################
http_access deny proibir_youtube
http_access deny proibir_temporario
http_access deny proibir_imcontrol !liberar_imcontrol

#proibir acesso total de ips locais para não fazer nem atualizacao
http_access deny proibir_ip_local

#no_cache deny NOCACHE
http_access allow manager localhost

http_access allow liberar_root liberar_acesso_total_root

################## PROIBIR ATUALIZACAO DAS 7:00 AS 9:00 #############################################
http_access deny proibir_atualizacoes_sites proibir_atualizacoes_horario
################## HABILITAR ATUALIZACOES E DESABILITAR QUANDO NECESSARIO ###########################
###http_access deny proibir_temporario
http_access allow liberar_updates
http_access allow liberar_site_full_temporario
http_access allow liberar_dominios
http_access allow liberar_ip_remoto
http_access deny proibir_malware
http_access deny proibir_downloads !liberar_downloads_nos_sites
http_access deny proibir_possiveis_virus
#http_access allow liberar_acesso_total_horario liberar_acesso18h
http_access deny proibir_palavras_na_url !liberar_palavras_na_url
http_access deny proibir_palavras_no_dominio !liberar_palavras_no_dominio
http_access deny proibir_ip_remoto
##http_access deny proibir_youtube

http_access deny music
http_reply_access deny music

http_access deny streaming
http_reply_access deny streaming

http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny proibir_dominios
http_access allow liberar_acesso_ip_limitado
http_access allow liberar_acesso_horario ip_horario_comercial

http_reply_access allow all
http_access deny all

#delay_pools 2
#delay_class 1 3
#delay_class 2 3
#delay_access 1 allow copa
#delay_access 2 allow liberar_acesso_ip_limitado
#delay_parameters 1 -1/-1 -1/-1 -1/-1
#delay_parameters 2 80000/80000 40000/40000 5000/5000