[squid-users] How to block www.infobae.com

chcs chicago_computers at hotmail.com
Tue Nov 22 11:40:05 UTC 2016


My squid (3.5.21) conf file:

http_port 192.168.10.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem
capath=/usr/local/share/certs/
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

http_port 5.5.5.1:3128 ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem
capath=/usr/local/share/certs/
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

http_port 127.0.0.1:3128 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem
capath=/usr/local/share/certs/
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

https_port 127.0.0.1:3129 intercept ssl-bump generate-host-certificates=on
dynamic_cert_mem_cache_size=10MB cert=/usr/local/etc/squid/serverkey.pem
capath=/usr/local/share/certs/
cipher=EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS
dhparams=/etc/dh-parameters.2048 options=NO_SSLv2,NO_SSLv3,SINGLE_DH_USE

icp_port 0
dns_v4_first on
pid_filename /var/run/squid/squid.pid
cache_effective_user squid
cache_effective_group proxy
error_default_language es
icon_directory /usr/local/etc/squid/icons
visible_hostname chcs
cache_mgr chca at hotmail.com
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
netdb_filename /var/squid/logs/netdb.state
pinger_enable on
pinger_program /usr/local/libexec/squid/pinger
sslcrtd_program /usr/local/libexec/squid/ssl_crtd -s /var/squid/lib/ssl_db
-M 4MB -b 2048
sslcrtd_children 5
sslproxy_capath /usr/local/share/certs/
sslproxy_options NO_SSLv2,NO_SSLv3,SINGLE_DH_USE
sslproxy_cipher
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA+RC4:EECDH:EDH+aRSA:HIGH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS

logfile_rotate 10
debug_options rotate=10
shutdown_lifetime 3 seconds
# Allow local network(s) on interface(s)
acl localnet src  192.168.10.0/24 5.5.5.0/24
forwarded_for on
via off
httpd_suppress_version_string on
uri_whitespace strip

acl dynamic urlpath_regex cgi-bin \?
cache deny dynamic

cache_mem 1200 MB
maximum_object_size_in_memory 256 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
minimum_object_size 0 KB
maximum_object_size 50 MB
cache_dir aufs /var/squid/cache 128000 32 256
offline_mode off
cache_swap_low 90
cache_swap_high 95
cache allow all
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:    1440  20%  10080
refresh_pattern ^gopher:  1440  0%  1440
refresh_pattern -i (/cgi-bin/|\?) 0  0%  0
refresh_pattern .    0  20%  4320

# Setup some default acls
# From 3.2 further configuration cleanups have been done to make things
easier and safer. The manager, localhost, and to_localhost ACL definitions
are now built-in.
# acl localhost src 127.0.0.1/32
acl allsrc src all
acl safeports port 21 70 80 210 280 443
acl sslports port 443 563 8500 443 563

# From 3.2 further configuration cleanups have been done to make things
easier and safer. The manager, localhost, and to_localhost ACL definitions
are now built-in.
#acl manager proto cache_object

acl purge method PURGE
acl connect method CONNECT

# Define protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
acl allowed_subnets src 192.168.10.0/24 5.5.5.0/24
http_access allow manager localhost

http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslports

request_body_max_size 0 KB
delay_pools 1
delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_initial_bucket_level 100
delay_access 1 allow allsrc

always_direct allow all

# Determina IPs para todopermitido
acl todopermitido src "/usr/local/etc/squid/reglas/todopermitido.ips"

# Determina IPs para parcialpermitido
acl parcialpermitido src "/usr/local/etc/squid/reglas/parcialpermitido.ips"

# Determina IPs para dhcp_lanwifi
acl dhcp_lanwifi src "/usr/local/etc/squid/reglas/dhcp_lanwifi.ips"

# Reglas para permitidos
acl permitidos dstdomain "/usr/local/etc/squid/reglas/permitidos.acl"

# Reglas para no permitidos
acl nopermitidos dstdomain "/usr/local/etc/squid/reglas/nopermitidos.acl"

# Determina archivos no permitidos para descargar
acl extNO urlpath_regex -i "/usr/local/etc/squid/reglas/extNO.acl"

# Accesos

# Permisos para IPs "todopermitido"
# http_reply_access allow todopermitido skype
# http_reply_access allow todopermitido skypeIP
http_access deny todopermitido sxl
http_access deny todopermitido adsNO
http_reply_access allow todopermitido all

# Permisos para IPs "parcialpermitido"
http_access deny parcialpermitido adsNO
http_access deny parcialpermitido extNO
http_reply_access allow parcialpermitido permitidos
http_reply_access deny parcialpermitido nopermitidos

# Permisos para IPs "dhcp_lanwifi"
http_access deny dhcp_lanwifi adsNO
http_access deny dhcp_lanwifi extNO
http_reply_access allow dhcp_lanwifi permitidos
http_reply_access deny dhcp_lanwifi nopermitidos

# Sitios no SSL interceptados
acl step1 at_step SslBump1
acl excludeSSL ssl::server_name_regex
"/usr/local/etc/squid/reglas/nossl.acl"
ssl_bump peek step1  
ssl_bump splice todopermitido excludeSSL
ssl_bump splice parcialpermitido excludeSSL
ssl_bump splice dhcp_lanwifi excludeSSL
ssl_bump bump all

# Deniega todo por defecto
http_reply_access deny all



--
View this message in context: http://squid-web-proxy-cache.1019090.n4.nabble.com/How-to-block-www-infobae-com-tp4680601p4680612.html
Sent from the Squid - Users mailing list archive at Nabble.com.


More information about the squid-users mailing list