ACL a SQUID 3.1.6

Totalek

ACL a SQUID 3.1.6
« kdy: 08. 09. 2015, 15:36:52 »
Zdravim, opet prichazim s drobnym dotazem.

Pouzivam SQUID jako proxy. A pomoci ACL malicko koriguji provoz. Mam ovsem jedno PC na ktere se restrikce vztahovat nemohou (vsemocny). Problemove stranky jsou uvedene v bad-sites.squid a vse funguje. Vsemocny ma pristup vsude pro ostatni jsou stranky blokovane. Jen jsem narazil na problem s blokaci multimedialniho obsahu. At delam, co delam, tak blokace funguje i na MAC "vsemocny". Pokud nekdo mate hlubsi zkusenost, prosim o radu. Diky moc.

---------------------------------------------
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Povolene rozsahy
acl work src 10.0.0.0/24
acl guest src 10.0.100.0/24
acl vsemocny arp 00:1e:4f:ee:c3:55

#Blokace podle casu
acl Before_Office time SMTWHFA 00:05-06:00

# Blokace nevhodnych stranek
acl bad_url dstdomain "/etc/squid3/bad-sites.squid"

# Blokace MULTIMEDIA
acl BlockExt url_regex -i \.mp3$ \.asx$ \.wma$ \.wmv$ \.avi$ \.mpeg$ \.mpg$ \.asf$

######Block Video Streaming##############
acl media rep_mime_type video/flv video/x-flv
acl media rep_mime_type -i ^video\/
acl media rep_mime_type ^application/x-shockwave-flash
acl media rep_mime_type ^application/vnd.ms.wms-hdr.asfv1
acl media rep_mime_type ^application/x-fcs
acl media rep_mime_type ^application/x-mms-framed
acl media rep_mime_type ^video/x-ms-asf
acl media rep_mime_type ^audio/mpeg
acl media rep_mime_type ^audio/mpeg
acl media rep_mime_type ^audio/x-scpls
acl media rep_mime_type ^video/x-flv
acl media rep_mime_type ^video/mpeg4
acl media rep_mime_type ms-hdr
acl media rep_mime_type x-fcs
acl mediapr urlpath_regex \.flv(\?.*)?$
acl mediapr urlpath_regex -i \.(avi|mp4|mov|m4v|mkv|flv)(\?.*)?$
acl mediapr urlpath_regex -i \.(mpg|mpeg|avi|mov|flv|wmv|mkv|rmvb)(\?.*)?$


acl SSL_ports port 443          # https
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT


### ACL VSEMOCNY ACCESS
http_access allow vsemocny


# BLOCK streaming files
http_access deny BlockExt
http_access deny mediapr
http_reply_access deny media

# Rules to block Radio / Video Stream ----------------------------------------


http_access deny bad_url
http_access deny Before_Office

http_access allow work
http_access allow guest

http_access allow localhost


 


McFly

  • *****
  • 560
    • Zobrazit profil
    • E-mail
Re:ACL a SQUID 3.1.6
« Odpověď #1 kdy: 08. 09. 2015, 19:07:30 »
nástřel:

### ACL VSEMOCNY ACCESS
http_access allow vsemocny
http_reply_access allow vsemocny

Re:ACL a SQUID 3.1.6
« Odpověď #2 kdy: 09. 09. 2015, 08:51:23 »
Nastrel zafungoval, diky moc ! Funguje to. DIKY.