Home › Comunidade Brasileira Endian Firewall › Endian Firewall › Endian Firewall – Suporte › Proxy Transparente não navega! HELP
Marcado: Proxy
- Este tópico contém 1 resposta, 2 vozes e foi atualizado pela última vez 13 anos, 9 meses atrás por Eduardo Silva.
-
AutorPosts
-
-
julho 6, 2010 às 11:43 pm #413ThiagoParticipante
Access Denied!
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect
Abaixo meu squid.conf
# +
+# | Endian Firewall |
# +
+# | Copyright (c) 2005-2006 Endian |
# | Endian GmbH/Srl |
# | Bergweg 41 Via Monte |
# | 39057 Eppan/Appiano |
# | ITALIEN/ITALIA |
# | info@endian.it |
# | |
# | This program is free software; you can redistribute it and/or |
# | modify it under the terms of the GNU General Public License |
# | as published by the Free Software Foundation; either version 2 |
# | of the License, or (at your option) any later version. |
# | |
# | This program is distributed in the hope that it will be useful, |
# | but WITHOUT ANY WARRANTY; without even the implied warranty of |
# | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
# | GNU General Public License for more details. |
# | |
# | You should have received a copy of the GNU General Public License |
# | along with this program; if not, write to the Free Software |
# | Foundation, Inc., 59 Temple Place – Suite 330, Boston, MA 02111-1307, USA. |
# | http://www.fsf.org/ |
# +
+shutdown_lifetime 1 seconds
icp_port 0
http_port 0.0.0.0:3128 transparent
http_port 127.0.0.1:8080
acl no_cache_domains dstdomain “/etc/squid/acls/dst_nocache.acl”
cache deny no_cache_domains
cache_effective_user squid
cache_effective_group squid
pid_filename /var/run/squid.pid
cache_mem 40 MB
cache_dir aufs /var/spool/squid 500 16 256
error_directory /usr/share/squid/errors/en
max_filedesc 24054
server_persistent_connections off
half_closed_clients off
buffered_logs on
# START LOG
cache_log /var/log/squid/cache.log
cache_access_log syslog:local6.info
cache_store_log none
useragent_log /var/log/squid/useragent.log
log_mime_hdrs off
# END LOG
# FORWARD IP ADDRESS
forwarded_for on
# START AUTHENTICATION
# METHOD is NCSA
auth_param basic program /usr/lib/squid/ncsa_auth /var/efw/proxy/ncsausers
auth_param basic children 20
auth_param basic realm EXEMPLO.COM.BR
auth_param basic credentialsttl 60 minutes
acl for_auth_users proxy_auth REQUIRED
# END AUTHENTICATION
# network – acls
acl all src 0.0.0.0/0.0.0.0 #seams to be needed 🙁
acl from_all src 0.0.0.0/0.0.0.0
acl to_all dst 0.0.0.0/0.0.0.0
acl from_localhost src 127.0.0.1/255.255.255.255
acl CONNECT method CONNECT
acl to_http_port port 80
acl to_https_port port 10443
# proxy interfaces – acls
acl to_green_interface dst 192.168.0.1
acl from_green src “/etc/squid/acls/green_subnets.acl”
acl to_green dst “/etc/squid/acls/green_subnets.acl”
# allowed ports – acls
acl allowed_ports port “/etc/squid/acls/ports.acl”
acl allowed_sslports port “/etc/squid/acls/sslports.acl”
# allowed havp protocol – acls
acl HAVP_ALLOWED_PROTOS proto HTTP
acl HAVP_ALLOWED_PROTOS proto SSL
acl within_timeframe_rule0 time MTWHFAS 00:00-24:00
acl using_mimetype_rule0 rep_mime_type “/etc/squid/acls/mimetypes_rule0.acl”
# caching settings
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
cache deny from_localhost
cache deny CONNECT
cache allow from_all
# http access to cachemanager
acl manager proto cache_object
http_access allow manager from_localhost
http_access deny manager
# snmp access settings
acl snmppublic snmp_community public
snmp_access allow snmppublic from_localhost
snmp_access deny from_all
# http access to squid
http_access allow from_localhost
http_access allow from_green to_green_interface to_http_port
http_access allow CONNECT from_green to_green_interface to_https_port
http_access deny to_green_interface to_https_port
http_access deny !allowed_ports !allowed_sslports
http_access deny CONNECT !allowed_sslports
http_access allow from_all to_all within_timeframe_rule0 using_mimetype_rule0
http_access deny from_all
# http reply access rules
http_reply_access allow from_localhost
http_reply_access allow from_all to_all within_timeframe_rule0 using_mimetype_rule0
http_reply_access deny from_all
# max/min object size
maximum_object_size 1024 KB
minimum_object_size 0 KB
# replace body max size
request_body_max_size 0 KB
reply_body_max_size 0 allow from_all
cache_mgr informatica@exemplo.com.br
visible_hostname fw.exemplo.com.br
# begin custom.tmpl
# end custom.tmpl
# DANSGUARDIAN / content1 – cache peers
cache_peer 127.0.0.1 parent 9999 0 no-query no-digest no-netdb-exchange name=content1 login=*:password
cache_peer_access content1 deny from_localhost
# cache peer access
cache_peer_access content1 allow from_all to_all within_timeframe_rule0 using_mimetype_rule0
cache_peer_access content1 deny from_all
never_direct deny from_localhost
never_direct allow from_all to_all within_timeframe_rule0 using_mimetype_rule0
never_direct allow from_all
Wireguard_webadmin
Sistema gratuito (Open Source) para gestão de VPN's WireGuard com uma Web interface intuitiva e fácil de usar.
Principais funcionalidades:
- Sistema de Firewall completo e flexível.
- Encaminhamento de portas
- Suporte a multi usuário com níveis diferentes de acesso
- Múltiplas instâncias do Wireguard
- Crypto key routing para configuração de VPN site-to-site
O projeto é Open Source, fácil de instalar e está disponível em wireguard_webadmin
-
julho 7, 2010 às 3:21 pm #5387Eduardo SilvaParticipante
Thiago,
Algumas observações sobre o seu post:
– procure evitar publicar dados pessoais, é para o seu próprio bem! (editei o seu post para remover o seu endereço de email do cache_mgr)
– o squid.conf é gerado automaticamente pelo endian, você não deveria precisar colocar a mão nele.
– Tente descrever o problema e explicar o seu ambiente.
– Revise as suas Access Policy.
-
-
AutorPosts
- O tópico ‘Proxy Transparente não navega! HELP’ está fechado para novas respostas.