demostracion de que Squid si puede hacer cache HTTPS, alguna opinion

erick1405 · Septiembre 07, 2016, 11:56:33 PM

Buenas noches amigo , alguna plataforma recomendada para squid y que soporte 120 pc ?

firecold · Septiembre 08, 2016, 03:16:05 PM

Cita de: erick1405 en Septiembre 07, 2016, 11:56:33 PM
Buenas noches amigo , alguna plataforma recomendada para squid y que soporte 120 pc ?

A que te refieres con plataforma, ya que Squid funciona facilmente con una buena configuracion hasta 500 usuarios, eso si un buen equipo que lo respalde, a eso me refiero suficiente ram y un HDD en buen estado, Saludos

erick1405 · Septiembre 08, 2016, 03:29:07 PM

Lo que pasa es que quiero montar squid pero no c si hacerlo con debian 8 o con centos a eso me refiero . tienes alguna conf de squid3 basica para probarla en mi red. Te agradezco por responder

firecold · Septiembre 08, 2016, 03:47:49 PM

Cita de: erick1405 en Septiembre 08, 2016, 03:29:07 PM
Lo que pasa es que quiero montar squid pero no c si hacerlo con debian 8 o con centos a eso me refiero . tienes alguna conf de squid3 basica para probarla en mi red. Te agradezco por responder

En mi caso siento una enorme fasinacion por Ubuntu, pero nadie negar la estabilidad de Debian, te recomendaria Debian 7 si vas a usar Raptor, si no Debian 8, si necesitas una configuracion basica te recomendaria esta:

Código [Seleccionar]

#=====================================================================#
#                           Squid 3.x Conf                            #
#=====================================================================#
workers 2
cpu_affinity_map process_numbers=1 cores=1
cpu_affinity_map process_numbers=2 cores=2
http_port 3128 intercept
http_port 3129
visible_hostname proxy.com
icp_port 0
collapsed_forwarding on
connect_retries 10
retry_on_error on
#----------------------------------------------------------------------
#----------------------------------------------------------------------
acl blacklist url_regex -i "/etc/squid/blacklist.lst"
#----------------------------------------------------------------------
# Servidor DNS y Politica de Cambios
#----------------------------------------------------------------------
dns_nameservers 8.8.8.8 8.8.4.4
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
pinger_enable off
dns_v4_first on
cache_mem 2048 MB
maximum_object_size 100 MB
maximum_object_size_in_memory 100 MB
cache_swap_low 95
cache_swap_high 99
cache_dir aufs /var/spool/squid/${process_number} 10000 16 256 
#----------------------------------------------------------------------
acl admin src 192.168.2.1 
acl localnet src 192.168.2.0/24     # RFC 1918 possible internal network
#acl localnet src 192.168.1.0/24  # RFC 1918 possible internal network
#acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
#acl localnet src fc00::/7       # RFC 4193 local private network range
#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl CONNECT method CONNECT
acl Safe_ports port 80          # http
acl Safe_ports port 631         # Cups
acl Safe_ports port 443 5228    # https
acl SSL_ports port 443 5228     # https

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow admin
http_access allow localnet !blacklist
http_access deny all
#----------------------------------------------------------------------
coredump_dir /var/spool/squid
refresh_pattern -i .(gif|png|jp?g|ico|bmp|tiff?)$ 14400 80% 43200 reload-into-ims ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i .(swf|htm|html|shtm|shtml|nub)$ 14400 80% 43200 reload-into-ims ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i .(rpm|cab|deb|exe|msi|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 14400 80% 43200 ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i .(avi|iso|wav|mid|mp?|mpe?g?|mpeg|mov|3gp|wm?|flv|x-flv|axd)$ 14400 80% 43200 reload-into-ims ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i .(qtm?|viv|au|ram?|snd|sit|hqx|arj|lzh|lha|txt|rtf|tex|latex|class|js|ico)$ 14400 80% 43200 reload-into-ims ignore-no-store ignore-private ignore-auth refresh-ims
refresh_pattern -i \.a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.r[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.css$ 10 20% 4320
#----------------------------------------------------------------------
# Log de acessos 
#----------------------------------------------------------------------
logfile_rotate 7
access_log stdio:/var/log/squid/access.log
cache_log /var/log/squid/cache${process_number}.log
#access_log none
#----------------------------------------------------------------------
# Otras configuraciones
#----------------------------------------------------------------------
# Cantidad de RAM para almacenamiento Squid
memory_pools_limit 1024 MB
memory_pools off
cache_mgr raptor.os
shutdown_lifetime 2 seconds
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
max_filedescriptors 819200
client_request_buffer_max_size 10250 KB
request_header_max_size 10240 KB

Saludos

erick1405 · Septiembre 08, 2016, 03:53:47 PM

Gracias por el dato firecold sobre la estabilidad de debian , con esta conf adaptandola a mi red , podrá funcionar normalmente ? o tienes otra adicional puesto que son 120 pc amigo

firecold · Septiembre 08, 2016, 06:34:46 PM

Cita de: erick1405 en Septiembre 08, 2016, 03:53:47 PM
Gracias por el dato firecold sobre la estabilidad de debian , con esta conf adaptandola a mi red , podrá funcionar normalmente ? o tienes otra adicional puesto que son 120 pc amigo

Fijate que se me olvido algo, que version de Squid vallas a usar, cuando intales squid me avisas para cambiar un poco la configuracion, la otra es que esta configuracion te vendria de perlas, pero si te causa problemas, la podemos ajustar, de eso no te preocupes, primero pruebala y segun lo que me comentes se modifica si es necesario, si no no, Saludos

erick1405 · Septiembre 09, 2016, 04:57:02 PM

:)

erick1405 · Septiembre 10, 2016, 10:12:27 AM

Amigo ya solucione el problema que tenia , y ya me funciona , mi duda es la siguiente :

podria hacer que salga por el puerto 8080 el proxy a los clientes ?

Saludos

erick1405 · Septiembre 11, 2016, 10:47:26 AM

Firecold , tengo una duda , no me restringue las paginas , en mi squid , podras apoyarme? no logro bloquear ni http ni https

# WELCOME TO SQUID 3.4.8
# ----------------------------

#=====================================================================#

# Squid 3.x Conf #

#=====================================================================#

workers 2

cpu_affinity_map process_numbers=1 cores=1

cpu_affinity_map process_numbers=2 cores=2

http_port 3128 intercept

http_port 3129

visible_hostname proxy.com

icp_port 0

#collapsed_forwarding on

connect_retries 10

retry_on_error on

#----------------------------------------------------------------------

#----------------------------------------------------------------------

#----------------------------------------------------------------------

# Servidor DNS y Politica de Cambios

#----------------------------------------------------------------------

dns_nameservers 172.16.12.3

dns_nameservers 172.16.12.6

dns_retransmit_interval 5 seconds

dns_timeout 2 minutes

pinger_enable off

dns_v4_first on

cache_mem 2048 MB

maximum_object_size 100 MB

maximum_object_size_in_memory 100 MB

cache_swap_low 95

cache_swap_high 99

cache_dir aufs /var/spool/squid3/${process_number} 10000 16 256

#----------------------------------------------------------------------

acl admin src 172.16.12.8

#acl manager proto cache_object

#acl localhost src 127.0.0.1/32 ::1

acl localnet src 172.16.12.0/23

acl CONNECT method CONNECT

acl Safe_ports port 80 82 84 86 # http
acl Safe_ports port 21 # ftp
acl SSL_ports port 443
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1863 # MSN
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync

#----------------------------------------------------------------------

coredump_dir /var/spool/squid3

#refresh_pattern -i .(gif|png|jp?g|ico|bmp|tiff?)$ 14400 80% 43200

#Imagenes
refresh_pattern -i \.gif 2880 80% 43200
refresh_pattern -i \.tiff 2880 80% 43200
refresh_pattern -i \.bmp 2880 80% 43200
refresh_pattern -i \.ico 2880 80% 43200
refresh_pattern -i \.jp?g 2880 80% 43200
refresh_pattern -i \.jpeg 2880 80% 43200
refresh_pattern -i \.png 2880 80% 43200
refresh_pattern -i \.pict 14400 80% 43200

# Movies
#refresh_pattern -i .(avi|iso|wav|mid|mp?|mpe?g?|mpeg|mov|3gp|wm?|flv|x-flv|axd)$ 14400 80% 43200
refresh_pattern -i \.mov 1440 80% 43200
refresh_pattern -i \.mpeg 1440 80% 43200
refresh_pattern -i \.swf 2888 80% 57640
refresh_pattern -i \.flv 2888 80% 57640
refresh_pattern -i \.iso 2888 80% 57640
refresh_pattern -i \.axd 2888 80% 57640

# Sounds
refresh_pattern -i \.wav 1440 80% 43200
refresh_pattern -i \.mp3 28880 80% 57640

# Archives
refresh_pattern -i \.zip 14400 80% 43200
refresh_pattern -i \.hqx 14400 80% 43200
refresh_pattern -i \.exe 14400 80% 43200
refresh_pattern -i \.rar 14400 80% 43200
refresh_pattern -i \.tar 14400 80% 43200
refresh_pattern -i \.gz 14400 80% 43200
refresh_pattern -i \.z 14400 80% 43200
refresh_pattern -i \.a[0-9][0-9] 14400 80% 43200
refresh_pattern -i \.r[0-9][0-9] 14400 80% 43200

# Data files
refresh_pattern -i \.txt 14400 80% 43200
refresh_pattern -i \.pdf 14400 80% 43200
refresh_pattern -i \.doc 14400 80% 43200
refresh_pattern -i \.rtf 14400 80% 43200
refresh_pattern -i \.latex 14400 80% 43200

# Java-type objects
refresh_pattern -i \.class 14400 80% 43200
refresh_pattern -i \.js 14400 80% 43200
refresh_pattern -i \.class 14400 80% 43200
refresh_pattern -i \.aspx? 14400 80% 43200
refresh_pattern -i \.aspx 14400 80% 43200

refresh_pattern -i \.htm 14400 80% 43200
refresh_pattern -i \.html 14400 80% 43200
refresh_pattern -i \.jsp 14400 80% 43200

# Para evitar problemas con scripts .do
refresh_pattern -i \.do 0 0% 1440
#refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml) 1440 80% 999999
#refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png) 1440 80% 999999

#Fin
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

#refresh_pattern -i .(swf|htm|html|shtm|shtml|nub)$ 14400 80% 43200

#refresh_pattern -i .(rpm|cab|deb|exe|msi|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 14400 80% 43200

#refresh_pattern -i .(qtm?|viv|au|ram?|snd|sit|hqx|arj|lzh|lha|txt|rtf|tex|latex|class|js|ico)$ 14400 80% 43200

refresh_pattern -i \.a[0-9][0-9]$ 14400 80% 43200

refresh_pattern -i \.r[0-9][0-9]$ 14400 80% 43200

#refresh_pattern -i \.css$ 10 20% 4320

#----------------------------------------------------------------------

# Log de acessos

#----------------------------------------------------------------------

logfile_rotate 7

access_log stdio:/var/log/squid3/access.log

cache_log /var/log/squid3/cache${process_number}.log

#access_log none

#----------------------------------------------------------------------

##############################################> HORARIOS <############################################################################################################################

#>----------------------FONDO EDITORIAL------------------------------
acl horario-fondo1 time M T W H F 07:00-13:00

#>------------------- FONDO EDITORIAL------------------------------
acl fondo-asi1 src 172.16.13.201 #MAWEL
#
#
#
#>---------------------------CIS---------------------------------------
acl horario-cis time M T W H F A 11:00-13:00

acl horario_cis1_A time M 07:00-13:00
acl horario_cis1_B time T 14:00-18:00
acl horario_cis1_C time H F 14:00-18:00

acl horario-cis2 time M W F 09:00-12:00

acl horario-cis3 time M F 08:00-13:00

acl horario-cis4 time M T W H F A 08:00-19:00

#>----------------------------CIS--------------------------------------

acl practicante-cis src 172.16.13.228

acl giscard-cis src 172.16.13.234

acl bereche-cis src 172.16.13.230
acl ericsoon-cis src 172.16.12.245

acl gino-cis src 172.16.13.232
#
#
#
#>----------------------ACREDITACION----------------------------------
acl horario-acred time M T W H F A 09:00-11:00

#>----------------------ACREDITACION-----------------------------------
acl acreditacion-asi1 src 172.16.13.192
#
##>--------------------REGISTROS ACADEMICOS------------------------------
acl horario-ra time M T W H F A 10:00-12:00

#>--------------------REGISTROS ACADEMICOS-------------------------------
acl olivia-ra src 172.16.13.15
#
#
#
#>----------------------ESCUELA DE PSICOLOGIA----------------------------
acl horario-psicologia time M T W H F 14:00-18:00

#>----------------------ESCUELA DE PSICOLOGIA----------------------------
acl psicologia-asi1 src 172.16.13.222
#
#
#
#>------------------------CENTRO DE IDIOMAS-----------------------------
acl horario-cid time M T W H F A 13:00-16:00

#>------------------------CENTRO DE IDIOMAS-----------------------------
acl marianella-cid src 172.16.13.146

#>----------------------------COLEGIO HARVARD---------------------------
acl horario-harvard_A time M T W H F 09:00-13:00

#>----------------------LISTAS ESPECIALES-----------------------------

#acl acceso_total src "/etc/squid3/LISTAS/acceso_total.txt"
#acl acceso_especial src "/etc/squid/LISTAS/acceso_especial.txt"
#acl redsocial_user src "/etc/squid/LISTAS/redsocial_user.txt"
#acl youtube_user src "/etc/squid/LISTAS/youtube_user.txt"
#------------------------------------------------------------------------

#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>DECLARACION DE CATEGORIAS<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

acl transmision_secuencias url_regex -i "/etc/squid3/CATEGORIAS/transmision_secuencias.txt"
acl compartir_multimedia url_regex "/etc/squid3/CATEGORIAS/compartir_multimedia.txt"
acl comunidades_online url_regex -i "/etc/squid3/CATEGORIAS/comunidades_online.txt"
acl juegos url_regex -i "/etc/squid3/CATEGORIAS/juegos.txt"
acl porno url_regex -i "/etc/squid3/CATEGORIAS/porno.txt"
acl educacion_referencia url_regex -i "/etc/squid3/CATEGORIAS/educacion_referencia.txt"

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost
http_access deny manager all
http_access allow localhost
http_access allow admin

http_access allow localnet !compartir_multimedia !comunidades_online !juegos !transmision_secuencias

http_access deny all

#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><

# Cantidad de RAM para almacenamiento Squid

memory_pools_limit 1024 MB

memory_pools off

cache_mgr raptor.os

shutdown_lifetime 2 seconds

half_closed_clients off

server_persistent_connections off

client_persistent_connections off

quick_abort_min 0 KB

quick_abort_max 0 KB

quick_abort_pct 95

max_filedescriptors 819200

client_request_buffer_max_size 10250 KB

request_header_max_size 10240 KB

firecold · Septiembre 12, 2016, 04:40:53 PM

Cita de: erick1405 en Septiembre 11, 2016, 10:47:26 AM
Firecold , tengo una duda , no me restringue las paginas , en mi squid , podras apoyarme? no logro bloquear ni http ni https

# WELCOME TO SQUID 3.4.8
# ----------------------------

#=====================================================================#

# Squid 3.x Conf #

#=====================================================================#

workers 2

cpu_affinity_map process_numbers=1 cores=1

cpu_affinity_map process_numbers=2 cores=2

http_port 3128 intercept

http_port 3129

visible_hostname proxy.com

icp_port 0

#collapsed_forwarding on

connect_retries 10

retry_on_error on

#----------------------------------------------------------------------

#----------------------------------------------------------------------

#----------------------------------------------------------------------

# Servidor DNS y Politica de Cambios

#----------------------------------------------------------------------

dns_nameservers 172.16.12.3

dns_nameservers 172.16.12.6

dns_retransmit_interval 5 seconds

dns_timeout 2 minutes

pinger_enable off

dns_v4_first on

cache_mem 2048 MB

maximum_object_size 100 MB

maximum_object_size_in_memory 100 MB

cache_swap_low 95

cache_swap_high 99

cache_dir aufs /var/spool/squid3/${process_number} 10000 16 256

#----------------------------------------------------------------------

acl admin src 172.16.12.8

#acl manager proto cache_object

#acl localhost src 127.0.0.1/32 ::1

acl localnet src 172.16.12.0/23

acl CONNECT method CONNECT

acl Safe_ports port 80 82 84 86 # http
acl Safe_ports port 21 # ftp
acl SSL_ports port 443
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl Safe_ports port 1863 # MSN
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync

#----------------------------------------------------------------------

coredump_dir /var/spool/squid3

#refresh_pattern -i .(gif|png|jp?g|ico|bmp|tiff?)$ 14400 80% 43200

#Imagenes
refresh_pattern -i \.gif 2880 80% 43200
refresh_pattern -i \.tiff 2880 80% 43200
refresh_pattern -i \.bmp 2880 80% 43200
refresh_pattern -i \.ico 2880 80% 43200
refresh_pattern -i \.jp?g 2880 80% 43200
refresh_pattern -i \.jpeg 2880 80% 43200
refresh_pattern -i \.png 2880 80% 43200
refresh_pattern -i \.pict 14400 80% 43200

# Movies
#refresh_pattern -i .(avi|iso|wav|mid|mp?|mpe?g?|mpeg|mov|3gp|wm?|flv|x-flv|axd)$ 14400 80% 43200
refresh_pattern -i \.mov 1440 80% 43200
refresh_pattern -i \.mpeg 1440 80% 43200
refresh_pattern -i \.swf 2888 80% 57640
refresh_pattern -i \.flv 2888 80% 57640
refresh_pattern -i \.iso 2888 80% 57640
refresh_pattern -i \.axd 2888 80% 57640

# Sounds
refresh_pattern -i \.wav 1440 80% 43200
refresh_pattern -i \.mp3 28880 80% 57640

# Archives
refresh_pattern -i \.zip 14400 80% 43200
refresh_pattern -i \.hqx 14400 80% 43200
refresh_pattern -i \.exe 14400 80% 43200
refresh_pattern -i \.rar 14400 80% 43200
refresh_pattern -i \.tar 14400 80% 43200
refresh_pattern -i \.gz 14400 80% 43200
refresh_pattern -i \.z 14400 80% 43200
refresh_pattern -i \.a[0-9][0-9] 14400 80% 43200
refresh_pattern -i \.r[0-9][0-9] 14400 80% 43200

# Data files
refresh_pattern -i \.txt 14400 80% 43200
refresh_pattern -i \.pdf 14400 80% 43200
refresh_pattern -i \.doc 14400 80% 43200
refresh_pattern -i \.rtf 14400 80% 43200
refresh_pattern -i \.latex 14400 80% 43200

# Java-type objects
refresh_pattern -i \.class 14400 80% 43200
refresh_pattern -i \.js 14400 80% 43200
refresh_pattern -i \.class 14400 80% 43200
refresh_pattern -i \.aspx? 14400 80% 43200
refresh_pattern -i \.aspx 14400 80% 43200

refresh_pattern -i \.htm 14400 80% 43200
refresh_pattern -i \.html 14400 80% 43200
refresh_pattern -i \.jsp 14400 80% 43200

# Para evitar problemas con scripts .do
refresh_pattern -i \.do 0 0% 1440
#refresh_pattern -i ^http://.*\.(css|htm|html|ico|js|jsp|xml) 1440 80% 999999
#refresh_pattern -i ^http://.*\.(bmp|gif|jpeg|jpg|png) 1440 80% 999999

#Fin
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

#refresh_pattern -i .(swf|htm|html|shtm|shtml|nub)$ 14400 80% 43200

#refresh_pattern -i .(rpm|cab|deb|exe|msi|msu|zip|tar|xz|bz|bz2|lzma|gz|tgz|rar|bin|7z|doc?|xls?|ppt?|pdf|nth|psd|sis)$ 14400 80% 43200

#refresh_pattern -i .(qtm?|viv|au|ram?|snd|sit|hqx|arj|lzh|lha|txt|rtf|tex|latex|class|js|ico)$ 14400 80% 43200

refresh_pattern -i \.a[0-9][0-9]$ 14400 80% 43200

refresh_pattern -i \.r[0-9][0-9]$ 14400 80% 43200

#refresh_pattern -i \.css$ 10 20% 4320

#----------------------------------------------------------------------

# Log de acessos

#----------------------------------------------------------------------

logfile_rotate 7

access_log stdio:/var/log/squid3/access.log

cache_log /var/log/squid3/cache${process_number}.log

#access_log none

#----------------------------------------------------------------------

##############################################> HORARIOS <############################################################################################################################

#>----------------------FONDO EDITORIAL------------------------------
acl horario-fondo1 time M T W H F 07:00-13:00

#>------------------- FONDO EDITORIAL------------------------------
acl fondo-asi1 src 172.16.13.201 #MAWEL
#
#
#
#>---------------------------CIS---------------------------------------
acl horario-cis time M T W H F A 11:00-13:00

acl horario_cis1_A time M 07:00-13:00
acl horario_cis1_B time T 14:00-18:00
acl horario_cis1_C time H F 14:00-18:00

acl horario-cis2 time M W F 09:00-12:00

acl horario-cis3 time M F 08:00-13:00

acl horario-cis4 time M T W H F A 08:00-19:00

#>----------------------------CIS--------------------------------------

acl practicante-cis src 172.16.13.228

acl giscard-cis src 172.16.13.234

acl bereche-cis src 172.16.13.230
acl ericsoon-cis src 172.16.12.245

acl gino-cis src 172.16.13.232
#
#
#
#>----------------------ACREDITACION----------------------------------
acl horario-acred time M T W H F A 09:00-11:00

#>----------------------ACREDITACION-----------------------------------
acl acreditacion-asi1 src 172.16.13.192
#
##>--------------------REGISTROS ACADEMICOS------------------------------
acl horario-ra time M T W H F A 10:00-12:00

#>--------------------REGISTROS ACADEMICOS-------------------------------
acl olivia-ra src 172.16.13.15
#
#
#
#>----------------------ESCUELA DE PSICOLOGIA----------------------------
acl horario-psicologia time M T W H F 14:00-18:00

#>----------------------ESCUELA DE PSICOLOGIA----------------------------
acl psicologia-asi1 src 172.16.13.222
#
#
#
#>------------------------CENTRO DE IDIOMAS-----------------------------
acl horario-cid time M T W H F A 13:00-16:00

#>------------------------CENTRO DE IDIOMAS-----------------------------
acl marianella-cid src 172.16.13.146

#>----------------------------COLEGIO HARVARD---------------------------
acl horario-harvard_A time M T W H F 09:00-13:00

#>----------------------LISTAS ESPECIALES-----------------------------

#acl acceso_total src "/etc/squid3/LISTAS/acceso_total.txt"
#acl acceso_especial src "/etc/squid/LISTAS/acceso_especial.txt"
#acl redsocial_user src "/etc/squid/LISTAS/redsocial_user.txt"
#acl youtube_user src "/etc/squid/LISTAS/youtube_user.txt"
#------------------------------------------------------------------------

#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>DECLARACION DE CATEGORIAS<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

acl transmision_secuencias url_regex -i "/etc/squid3/CATEGORIAS/transmision_secuencias.txt"
acl compartir_multimedia url_regex "/etc/squid3/CATEGORIAS/compartir_multimedia.txt"
acl comunidades_online url_regex -i "/etc/squid3/CATEGORIAS/comunidades_online.txt"
acl juegos url_regex -i "/etc/squid3/CATEGORIAS/juegos.txt"
acl porno url_regex -i "/etc/squid3/CATEGORIAS/porno.txt"
acl educacion_referencia url_regex -i "/etc/squid3/CATEGORIAS/educacion_referencia.txt"

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow manager localhost
http_access deny manager all
http_access allow localhost
http_access allow admin

http_access allow localnet !compartir_multimedia !comunidades_online !juegos !transmision_secuencias

http_access deny all

#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><

# Cantidad de RAM para almacenamiento Squid

memory_pools_limit 1024 MB

memory_pools off

cache_mgr raptor.os

shutdown_lifetime 2 seconds

half_closed_clients off

server_persistent_connections off

client_persistent_connections off

quick_abort_min 0 KB

quick_abort_max 0 KB

quick_abort_pct 95

max_filedescriptors 819200

client_request_buffer_max_size 10250 KB

request_header_max_size 10240 KB

Amigo cuales son tus politicas de restriccion, y que quieres permitir, Saludos

firecold · Septiembre 12, 2016, 04:42:01 PM

Cita de: erick1405 en Septiembre 10, 2016, 10:12:27 AM
Amigo ya solucione el problema que tenia , y ya me funciona , mi duda es la siguiente :

podria hacer que salga por el puerto 8080 el proxy a los clientes ?

Saludos

Es tan facil como cambiar esto:

Código [Seleccionar]

http_port 3128 intercept

por esto:

Código [Seleccionar]

http_port 8080 intercept

Saludos

petetriplex · Enero 23, 2017, 08:46:29 PM

BUENAS QUIEN ME AYUDA A MONTAR EL SQUIED3.X PARA RAPTORCACHE EN DEBIAN 8.
SOLO TENGO ESTO POR DEFAULT NO CACHA LOS HTTPS.

Squid 3.x Conf #
#=====================================================================#
http_port 3128 intercept
http_port 3126
visible_hostname raptor.os
icp_port 0
#----------------------------------------------------------------------
acl google url_regex -i (googlevideo\.com|www\.youtube\.com)
acl mobile browser -i regexp (iPhone|iPad|Windows.*Phone|BlackBerry|PlayBook|Trident|IEMobile)
request_header_access User-Agent deny google !mobile
request_header_replace User-Agent Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
#----------------------------------------------------------------------
#error_directory /usr/share/squid3/errors/Spanish/
#----------------------------------------------------------------------
acl blacklist url_regex -i "/etc/squid3/blacklist.lst"
#----------------------------------------------------------------------
# Servidor DNS y Politica de Cambios
#----------------------------------------------------------------------
dns_nameservers 200.44.32.12 8.8.4.4
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
#----------------------------------------------------------------------
acl built-in proto cache_object

acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl CONNECT method CONNECT

acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl SSL_ports port 443 # https

http_access deny blacklist
http_access allow localhost built-in
http_access deny built-in
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
#----------------------------------------------------------------------
coredump_dir /var/spool/squid3
include /etc/raptor/peers
cache_mgr raptor.os
shutdown_lifetime 2 seconds
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
max_filedescriptors 819200
qos_flows local-hit=0x48
#----------------------------------------------------------------------
#cache deny all
#----------------------------------------------------------------------
acl sys_lst url_regex -i "/etc/raptor/sys.lst"
acl raptor_lst url_regex -i "/etc/raptor/raptor.lst"
acl wth_lst url_regex -i "/etc/raptor/whitelist.lst"
acl host_lst req_header Host -i "/etc/raptor/host.lst"
acl exts url_regex -i \.(cab|exe|msi|msu|zip|deb|rpm|bz|bz2|gz|tgz|rar|bin|7z|mp3|mp4|flv)$
acl head_html req_header Accept -i text/html.+
cache deny raptor_lst
cache_peer 192.168.10.2 parent 8080 0 proxy-only no-digest
dead_peer_timeout 2 seconds
cache_peer_access 192.168.10.2 allow host_lst
cache_peer_access 192.168.10.2 allow exts
cache_peer_access 192.168.10.2 deny head_html
cache_peer_access 192.168.10.2 deny wth_lst
cache_peer_access 192.168.10.2 allow raptor_lst
cache_peer_access 192.168.10.2 allow sys_lst
cache_peer_access 192.168.10.2 deny all
cache deny all !google !str1
#----------------------------------------------------------------------

firecold · Abril 19, 2017, 09:46:15 AM

Cita de: petetriplex en Enero 23, 2017, 08:46:29 PM
BUENAS QUIEN ME AYUDA A MONTAR EL SQUIED3.X PARA RAPTORCACHE EN DEBIAN 8.
SOLO TENGO ESTO POR DEFAULT NO CACHA LOS HTTPS.

Squid 3.x Conf #
#=====================================================================#
http_port 3128 intercept
http_port 3126
visible_hostname raptor.os
icp_port 0
#----------------------------------------------------------------------
acl google url_regex -i (googlevideo\.com|www\.youtube\.com)
acl mobile browser -i regexp (iPhone|iPad|Windows.*Phone|BlackBerry|PlayBook|Trident|IEMobile)
request_header_access User-Agent deny google !mobile
request_header_replace User-Agent Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
#----------------------------------------------------------------------
#error_directory /usr/share/squid3/errors/Spanish/
#----------------------------------------------------------------------
acl blacklist url_regex -i "/etc/squid3/blacklist.lst"
#----------------------------------------------------------------------
# Servidor DNS y Politica de Cambios
#----------------------------------------------------------------------
dns_nameservers 200.44.32.12 8.8.4.4
dns_retransmit_interval 5 seconds
dns_timeout 2 minutes
#----------------------------------------------------------------------
acl built-in proto cache_object

acl localnet src 10.0.0.0/8 # RFC 1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC 1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC 1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines

acl CONNECT method CONNECT

acl Safe_ports port 80 # http
acl Safe_ports port 443 # https
acl SSL_ports port 443 # https

http_access deny blacklist
http_access allow localhost built-in
http_access deny built-in
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow localnet
#----------------------------------------------------------------------
coredump_dir /var/spool/squid3
include /etc/raptor/peers
cache_mgr raptor.os
shutdown_lifetime 2 seconds
half_closed_clients off
server_persistent_connections off
client_persistent_connections off
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 95
max_filedescriptors 819200
qos_flows local-hit=0x48
#----------------------------------------------------------------------
#cache deny all
#----------------------------------------------------------------------
acl sys_lst url_regex -i "/etc/raptor/sys.lst"
acl raptor_lst url_regex -i "/etc/raptor/raptor.lst"
acl wth_lst url_regex -i "/etc/raptor/whitelist.lst"
acl host_lst req_header Host -i "/etc/raptor/host.lst"
acl exts url_regex -i \.(cab|exe|msi|msu|zip|deb|rpm|bz|bz2|gz|tgz|rar|bin|7z|mp3|mp4|flv)$
acl head_html req_header Accept -i text/html.+
cache deny raptor_lst
cache_peer 192.168.10.2 parent 8080 0 proxy-only no-digest
dead_peer_timeout 2 seconds
cache_peer_access 192.168.10.2 allow host_lst
cache_peer_access 192.168.10.2 allow exts
cache_peer_access 192.168.10.2 deny head_html
cache_peer_access 192.168.10.2 deny wth_lst
cache_peer_access 192.168.10.2 allow raptor_lst
cache_peer_access 192.168.10.2 allow sys_lst
cache_peer_access 192.168.10.2 deny all
cache deny all !google !str1
#----------------------------------------------------------------------

Para hacer cache de los https tendras que recompilar Squid para pueda leer un protocolo cigrado como tal, pero tambien tendras que crear un certificado que verifique que puedes o estas autorizado para leer estos datos, Saludos

sheodex · Enero 31, 2018, 11:57:13 AM

Cita de: firecold en Octubre 24, 2014, 09:22:04 PM
En este caso mi amigo yo estaba hablando de mis examenes finales, que en este caso termino hasta el 22 de noviembre, que es cuando termino el semestre en la universidad, amigo tenga paciencia, yo se que se ha vuelto algo largo, pero tambien tengo muchas cosas que atender, esto lo hago de buen animo y no porque me corresponda, Saludos

Ya estamos 2018 y el compañero sigue en examenes finales XD !

son eternos haha

firecold · Febrero 01, 2018, 12:19:08 PM

Cita de: sheodex en Enero 31, 2018, 11:57:13 AM

Ya estamos 2018 y el compañero sigue en examenes finales XD !

son eternos haha

Como dije esto lo hago de buen animo, no porque me corresponda, si quieres compilar Squid para que te acepte Https o Bump_Ssl, ya deje dos temas anteriormente de informacion sobre dicho tema; http://www.alterserv.com/foros/index.php?topic=2417.0, asi como tambien como compilar nuestro Squid de las fuentes de software; http://www.alterserv.com/foros/index.php?topic=803.0, ya si no lo puedes buscar o no quieres es otra cosa, como tu dices ya estamos en 2018 y no logras buscar informacion que esta dentro de este mismo foro y porque no hay un monton de informacion en la internet de como hacerlo, Saludos