SQUID.CONF preparado para acessar o Active Directory da Microsoft

auth_param basic realm [PENSELINUX - Proxy Monitorado]
auth_param ntlm program /usr/bin/ntlm_auth PENSELINUX/SERVERAD --helper-protocol=squid-2.5-ntlmssp
auth_param ntlm children 20 startup=0 idle=1
auth_param negotiate keep_alive on

auth_param basic program /usr/bin/ntlm_auth --helper-protocol=squid-2.5-basic
auth_param basic children 20 startup=0 idle=1
auth_param basic credentialsttl 2 hours

acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32

acl teste src 10.20.30.0/24
http_access allow teste

acl rede_local src 192.168.0.0/24

acl SSL_ports port 8081
acl SSL_ports port 8082
acl SSL_ports port 443
acl SSL_ports port 8443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 8080 # SMS SICS
acl Safe_ports port 8081 # SMS SICS
acl Safe_ports port 10000 # Porta de acesso ao WEBMIN

acl sites_liberados_full url_regex -i "/etc/squid3/sites_liberados_full"
http_access allow sites_liberados_full

acl sites_bloqueados_full url_regex -i "/etc/squid3/sites_bloquedos_full"
http_access deny sites_bloqueados_full

acl acesso proxy_auth REQUIRED
acl CONNECT method CONNECT

external_acl_type Grupos_AD children=10 %LOGIN /usr/lib/squid3/wbinfo_group.pl

acl net_diretoria external Grupos_AD net_diretoria
acl net_geral external Grupos_AD net_geral
acl net_compras external Grupos_AD net_compras
acl net_restritivo external Grupos_AD net_restritivo
acl net_rh external Grupos_AD net_rh

acl ipsliberados src "/etc/squid3/ipsliberados"
http_access allow ipsliberados

http_access allow net_diretoria

acl net_geral_blacklist url_regex -i "/etc/squid3/net_geral_blacklist"
http_access allow net_geral !net_geral_blacklist

acl net_compras_blacklist url_regex -i "/etc/squid3/net_compras_blacklist"
http_access allow net_compras !net_compras_blacklist

acl net_rh_blacklist url_regex -i "/etc/squid3/net_rh_blacklist"
http_access allow net_rh !net_rh_blacklist

acl net_restritivo_whitelist url_regex -i "/etc/squid3/net_restritivo_whitelist"
http_access allow net_restritivo net_restritivo_whitelist

# Bloqueio de tudo que não foi previamente liberado
http_access deny all

http_reply_access allow all

http_port 3128

# We recommend you to use at least the following line.
cache_mem 1 GB

maximum_object_size_in_memory 512 KB

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid3 1024 16 256

minimum_object_size 0 KB

maximum_object_size 50 MB

access_log /var/log/squid3/access.log squid

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3

# add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320

visible_hostname fw01.penselinux.local

error_directory /usr/share/squid3/errors/pt-br/
error_default_language pt-br

hosts_file /etc/hosts

Retirado de: http://penselinux.com.br/2014/07/15/integrando-o-squid-ao-ad/

Em : 03/07/2015 - 06:02