[Gutl-l] Re: Squid Urgente

El 01/07/2020 a las 12:14, Josvany Hernández Ortega escribió: > > Aquí va completo. > >   > > ======================== > > Josvany Hernández Ortega. > > Administrador de Red. > > Telf. +53 7 682 3279 > > Pizz. +53 7 682 9563 al 70 > > Ext. 108 > > josvanyho(a)centis.edu.cu <mailto:josvanyho@centis.edu.cu> > > ======================== > >   > > *De:*Micky <maikel.manuel(a)ipi.cm.rimed.cu&gt; > *Enviado el:* miércoles, 1 de julio de 2020 12:04 > *Para:* gutl-l(a)listas.jovenclub.cu > *Asunto:* [Gutl-l] Re: Squid Urgente > >   > > Dejame hacerte una pregunta esto es todo el conf de tu squid??? te > pregunto por que no veo ninguna acl para la autenticacion y supongo > que tengas conexion directa > > El 1/7/20 a las 10:58, Josvany Hernández Ortega escribió: > > Estoy teniendo problemas con esto necesito que alguien me revise > el orden la las acl y la sintaxis de las mismas, por favor estoy > volviéndome loco con respecto a este tema. Aquí les dejo mis acl, > Esto es Squid 5.0.2.  las cosas que están repetidas y comentadas > he sido yo tratando de dar pie con bolas. > >   > > #Squid ACL > >   > > acl localhost src 172.16.1.220/32 > > acl localnet src 172.16.0.0/22 > >   > > acl SSL_ports port 443             # HTTPS > > acl SSL_ports port 563             # SNEWS > > acl SSL_ports port 873             # RSYNC > > acl Safe_ports port 21             # FTP > > acl Safe_ports port 22             # SSH > > acl Safe_ports port 25             # SMTP > > acl Safe_ports port 70             # GOPHER > > acl Safe_ports port 80             # HTTP > > acl Safe_ports port 110            # POP3 > > acl Safe_ports port 210            # WAIS > > acl Safe_ports port 280            # HTTP-MGMT > > acl Safe_ports port 443            # HTTPS > > acl Safe_ports port 488            # GSS-HTTP > > acl Safe_ports port 591            # FILEMAKER > > acl Safe_ports port 631            # CUPS > > acl Safe_ports port 777            # MULTILING HTTP > > acl Safe_ports port 873            # RSYNC > > acl Safe_ports port 901            # SWAT > > acl Safe_ports port 5222           # JABBER > > acl Safe_ports port 1025-65535     # UNREGISTERED PORTS > > acl Safe_ports port 53                      # DNS > > acl Safe_ports port 7071                  # Zimbra WebAdmin > > acl Safe_ports port 9090                  # Jabber Admin > > acl Safe_ports port 123                    # NTP > >   > >   > > ## Methods allowed > > acl Safe_method method CONNECT GET HEAD POST > > http_access deny !Safe_method > >   > > ## Protocols allowed > > #acl Safe_proto proto HTTP SSL > > #http_access deny !Safe_proto > >   > > # Deny requests to certain unsafe ports > > http_access deny !Safe_ports > >   > > # Only allow cachemgr access from localhost > > http_access allow localhost localnet > >   > > # Time limitations[from 830am to 430pm, weekly working time] > > acl workingtime time MTWHF 08:30-16:30 > > acl not_work_domains dstdomain "/etc/squid/denied/not_allowed" > > http_access deny workingtime not_work_domains !Nav_full !Rsocial > >   > > ## Autenticacion > > acl pc-int src "/etc/squid/pcinternet/pc" > > acl cuba dstdomain .cu > > http_access allow Squid_Login pc-int Nav_Int > > http_access allow Squid_Login cuba localnet > >   > > # Only 20 connection threads per ip[EXAMPLE but works] > > acl limitreq maxconn 20 > > http_access deny limitreq !Nav_full > >   > > # Denegar Videos > > acl deny_rep_mime_flashvideo rep_mime_type video/flv > >   > > #EVITAR NAVEGACION POR IP > > acl NAVEGACION_IP dstdom_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ > >   > > # Limite en cantidad de veces q puede estar uno logueado > > acl max-maq-por-usuario max_user_ip -s 1 > >   > > #EVITAR BURLAS A GOOGLE > > acl mocks_gl url_regex google.com[\.[A-Z][a-z]]/gwt > > acl mocks_gl url_regex google.com.cu/gwt > > acl mocks_gl url_regex google.com.cu/xhtml > > acl mocks_gl url_regex google.com.cu/m > > acl mocks_gl url_regex google.com.cu/pda > >   > > # Whitelisting sites > > acl whitelist dstdomain "/etc/squid/allowed/whitelist" > >   > > # Allowing whitelisting > > http_access allow whitelist > >   > > # Blacklisted stuff Porno > > acl blacklist_domain_porn dstdomain "/etc/squid/porn/domains" > > acl blacklist_urls_porn url_regex > "/etc/squid/porn/regularexpressions" > >   > > # Politics related > > acl blacklist_domain_politic dstdomain "/etc/squid/politic/domains" > >   > > # Chat > > acl blacklist_domain_chat dstdomain "/etc/squid/chat/domains" > >   > > # Anonymous proxies > > acl blacklist_domain_proxy dstdomain "/etc/squid/proxy/domains" > >   > > # Weird domains > > acl blacklist_domain_suspect dstdomain "/etc/squid/suspect/domains" > >   > > # ADS > > acl ads_url url_regex "/etc/squid/ads/regularexpressions" > > acl ads_domain dstdomain "/etc/squid/ads/domains" > >   > > # Blacklisted Socialnet > > acl blacklist_domain_socialnet dstdomain > "/etc/squid/socialnet/domains" > > acl blacklist_urls_socialnet url_regex "/etc/squid/socialnet/urls" > >   > > # Blacklisted Music > > acl blacklist_domain_music dstdomain "/etc/squid/music/domains" > > acl blacklist_urls_music url_regex "/etc/squid/music/urls" > >   > > # Blacklisted Webmail > > acl blacklist_domain_webmail dstdomain "/etc/squid/webmail/domains" > > acl blacklist_urls_webmail url_regex "/etc/squid/webmail/urls" > >   > > # Denying blacklisted > > http_access deny max-maq-por-usuario > > http_access deny mocks_gl > > http_access deny NAVEGACION_IP !Nav_full > > http_access deny blacklist_domain_porn > > http_access deny blacklist_urls_porn > > http_access deny blacklist_domain_politic > > http_access deny blacklist_domain_chat !Nav_full > > http_access deny blacklist_domain_proxy > > http_access deny blacklist_domain_suspect > > http_access deny ads_url > > http_access deny ads_domain > > http_access deny blacklist_domain_socialnet !Nav_full !Rsocial > > http_access deny blacklist_urls_socialnet !Nav_full !Rsocial > > http_access deny blacklist_domain_music !Nav_full > > http_access deny blacklist_urls_music !Nav_full > > http_access deny blacklist_domain_webmail !Nav_full > > http_access deny blacklist_urls_webmail !Nav_full > > http_reply_access deny deny_rep_mime_flashvideo !Nav_full > >   > > # Time limitations[from 830am to 430pm, weekly working time] > > #acl workingtime time MTWHF 08:30-16:30 > > #acl not_work_domains dstdomain "/etc/squid/denied/not_allowed" > > #http_access deny workingtime not_work_domains !Nav_full !Rsocial > >   > >   > > ################################# > > #http_access allow Squid_Login pc-int Nav_Int > > #http_access allow Squid_Login cuba localnet > > #http_access deny !Squid_Login > > ################################# > >   > > # Denegar Todo > > http_access deny all > > icp_access deny all > >   > > ======================== > > Josvany Hernández Ortega. > > Administrador de Red. > > Telf. +53 7 682 3279 > > Pizz. +53 7 682 9563 al 70 > > Ext. 108 > > josvanyho(a)centis.edu.cu <mailto:josvanyho@centis.edu.cu> > > ======================== > >   > > > > _______________________________________________ > > Gutl-l mailing list -- gutl-l(a)listas.jovenclub.cu <mailto:gutl-l@listas.jovenclub.cu> > > To unsubscribe send an email to gutl-l-leave(a)listas.jovenclub.cu <mailto:gutl-l-leave@listas.jovenclub.cu> > > > _______________________________________________ > Gutl-l mailing list -- gutl-l(a)listas.jovenclub.cu > To unsubscribe send an email to gutl-l-leave(a)listas.jovenclub.cu por arriba veo esto: "dc=centis,dc=cu" -D "cn=administrator,cn=users,dc=centis,dc=cu" -w "11111" -f saMAccountName=%s -h 172.168.1.205 auth_param basic children 5  tu dominio es centis.edu.cu y estas poniendo solo dc=centis,dc=cu cuando debe ser dc=centis,dc=edu,dc=cu -- Juan Carlos Hernández Gallardo Esp. C en Ciencias Informáticas UPI Pedraplén Sur Ciego de Ávila Email: juanca(a)psurcav.co.cu _______________________________________________ Gutl-l mailing list -- gutl-l(a)listas.jovenclub.cu To unsubscribe send an email to gutl-l-leave(a)listas.jovenclub.cu