Por si alguien busca lo mismo, al final llegue a la conclusión que el método connect no permite hacer ese tipo de filtro puesto el trafico https llego solo como dominio o subdominio nunca pude hacer que leyera sufijos d la url
Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
Menú Mostrar Mensajeslocal master = no
workgroup = CORP.NCONSULT
security = ads
realm = CORP.NCONSULT.COM
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
Citarauth_param ntlm program /usr/bin/ntlm_auth --diagnostics --helper-protocol=squid-2.5-ntlmssp --domain=CORP.NCONSULT
auth_param ntlm children 256 startup=5 idle=1
auth_param ntlm keep_alive off
Citarexternal_acl_type ldap_group children-max=30 %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -b "dc=CORP.NCONSULT,dc=COM" -D "usuario@CORP.NCONSULT.COM" -w "password" -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,OU=Grupos Navegacion,OU=aqui los grupos ,dc=CORP.NCONSULT,dc=COM))" -h dc1.CORP.NCONSULT.COM (prefiero la ip)
auth_param basic program /usr/lib/squid3/basic_ldap_auth -R -b "dc=mydominio,dc=.co" -D "proxyusuario@mydominio.co" -w "clave2017" -f sAMAccountName=%s -h 192.168.0.12
auth_param basic children 300
auth_param basic realm Internet Proxy
auth_param basic credentialsttl 180 minute
external_acl_type ldap_users %LOGIN /usr/lib/squid3/ext_ldap_group_acl -R -b "dc=mydominio,dc=co" -D "proxyusuario@mydominio.co" -w "clave2017" -f"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,OU=Grupos Navegacion,OU=Operacion,DC=mydominio,DC=co))" -h 192.168.0.12
acl poderes src 192.168.0.76 192.168.0.13 192.168.0.28
#regla de AD
acl g_regla1 external ldap_users g_regla1
acl g_regla2 external ldap_users g_regla2
# Lista de Dominios
acl url_g_regla1 dstdomain "/etc/squid3/sitios/url_g_regla1.acl"
acl url_g_regla2 dstdomain "/etc/squid3/sitios/url_g_regla2.acl"
acl restringidas dstdomain "/etc/squid3/sitios/restringidas.acl"
# SUMINISTRADOS POR SQUIDGUARD
#acl pornosotros dstdomain "/var/lib/squidguard/db/porn/domains"
#acl viruliento dstdomain "/var/lib/squidguard/db/virusinfected/domains"
# COMODIN
#acl comodin url_regex \.flv$ \.wmv$ \.mpeg$ \.rar$ \.3gp$ \.zip$ \.mpg$ \.avi$ \.mp4$ \.mp3$ \.rmvp$ \.torrent$ \.iso$ \.ngr$
#acl comodin2 url_regex \.bat$ \.msi$ \.exe$
# HORARIOS DE NAVEGACION
#acl dia time MTWHF 07:00-12:30
#acl noche time MTWHF 14:00-19:00
# USUARIO ARRANCARA
#cache_effective_user proxy
#cache_effective_group proxy
# NO CACHE
#acl nocache dstdomain .google.com .akamaihd.net .verisign.com .comodoca.com
#no_cache deny nocache
acl SSL_ports port 443 5000 18080 18081 18082 18083 18084 18085 18086 18087 18088 18089 18090 444 8880
acl Safe_ports port 5000 # http
acl Safe_ports port 8888 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 38080 # http
acl Safe_ports port 444 # http
acl Safe_ports port 75 # http
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 18152 # http
acl Safe_ports port 587 # smtp
acl CONNECT method CONNECT
#dns_nameservers isp
#tcp_outgoing_address isp
http_access allow poderes
http_access allow g_regla1 url_g_regla1
http_access allow g_g_regla2 url_g_regla2
http_access allow g_regla2 !restringidas
#Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
icp_access deny all
htcp_access deny all
#reply_body_max_size 30 MB g_nousada
#reply_body_max_size 600 MB g_nousada
http_port 3138
# no cache
hierarchy_stoplist cgi-bin ? google.com.co akamaihd.net verisign.com comodoca.com gmail.com
# RAM
cache_mem 2 GB
## Maximo tamaño de archivo en cache de memoria
maximum_object_size_in_memory 50 MB
# Procesadores
workers 4
#cache disco
cpu_affinity_map process_numbers=1,2,3,4 cores=1,2,3,4
cache_dir aufs /var/spool/squid3/1 2500 16 256 max-size=838860800
cache_dir aufs /var/spool/squid3/2 2500 16 256 max-size=838860800
cache_dir aufs /var/spool/squid3/3 2500 16 256 max-size=838860800
cache_dir aufs /var/spool/squid3/4 2500 16 256 max-size=838860800
minimum_object_size 0 KB
maximum_object_size 100000 KB
# objetos recientes y pequeños
cache_replacement_policy heap LFUDA
memory_replacement_policy heap LFUDA
#limpieza
cache_swap_low 92
cache_swap_high 99
logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt %lp %>a %la %ul %ui %tl
# logs
access_log stdio:/var/log/squid3/access.log squid
logfile_rotate 40
# Estandar de actualización de cache 1 mes = 10080 mins, 1 dia = 1440 mins
refresh_pattern -i .(avi|iso|wav|mid|mp?|mpe?g?|mpeg|mov|3gp|wm?|flv|x-flv|axd)$ 14400 80% 43200
refresh_pattern -i .(qtm?|viv|au|ram?|snd|sit|hqx|arj|lzh|lha|txt|rtf|tex|latex|class|js|ico)$ 14400 80% 43200
refresh_pattern -i \.a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.r[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.css$ 10 20% 4320
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 20% 4320
#nombre para mostrar
visible_hostname navegar.mydomiio.co
#Pool
delay_pools 3 # 3
delay_class 1 2 # pool 1 class 2 or 1
delay_class 2 2 # pool 2 class 2
delay_class 3 2 # pool 3 class 2
# ancho de banda
delay_parameters 1 400000/500000 40000/50000
delay_parameters 2 400000/500000 40000/50000
delay_parameters 3 400000/500000 40000/50000
#delay_parameters 3 400000/500000 40000/50000
#delay_parameters 4 400000/500000 40000/50000
#delay_parameters 5 400000/500000 40000/50000
#Relacionar
delay_access 1 allow g_regla1
delay_access 1 deny all
delay_access 2 allow g_regla2
delay_access 2 deny all
delay_access 3 allow poderes
delay_access 3 deny all
#
delay_initial_bucket_level 50
icp_port 3129
## RAM
memory_pools off
memory_pools_limit 758 MB
#peticiones TCP
half_closed_clients off
#
coredump_dir /var/spool/squid3
#resolucion
dns_v4_first on
#
forward_max_tries 40
#cache_mgr
reload_into_ims on
#