[squid-users] ident ACL

Jorgeley Junior jorgeley at gmail.com
Fri Jul 31 14:46:35 UTC 2015 

Hi guys, about the prior problem, I solved it, I was compiled with option
'--disable-ident-acl', thats why it was not running.
now I have another problem, my *ident acl* itsn't working, my purpose it's
enable access to cachemgr just to user JORGELEY, here is my conf:

auth_param basic program /etc/squid-3.5.6/libexec/basic_ncsa_auth
/regras/usuarios

auth_param basic children 10 startup=1 idle=1

auth_param basic realm INTERNET-LOGIN NECESSARIO


acl localnet src 192.168.0.0/16

acl jorgeley ident jorgeley

acl PURGE method PURGE

acl usuarios proxy_auth -i "regras/usuarios"

acl usuarios_liberados proxy_auth -i "regras/usuarios_liberados"

acl sem_delay_pool url_regex -i 192.168

acl com_delay_pool url_regex -i ftp .exe .mp3 .vqf .tar.gz .gz .rpm .zip
.rar .avi .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .ogg .mp4 .vob
.iso .flv .mkv youtube

acl palavras_proibidas url_regex -i "regras/palavras_proibidas"

acl palavras_liberadas url_regex -i "regras/palavras_liberadas"

acl dominios_proibidos dstdomain "regras/dominios_proibidos"

acl dominios_liberados dstdomain "regras/dominios_liberados"

acl ips_bloqueados src "regras/ips_bloqueados"

acl ips_liberados src "regras/ips_liberados"

acl conexoes maxconn 10

acl winupdate dstdomain .windowsupdate.com .microsoft.com

acl periodo_winupdate time SMTWHFA 8:00-18:00

acl youtube dstdomain .youtube.com

acl prefeitura dstdomain .rioverdegoias.com.br

acl SSL_ports port 443

acl CONNECT method CONNECT


http_access deny !Safe_ports

http_access deny CONNECT !SSL_ports

http_access allow PURGE localhost

http_access deny PURGE

http_access allow localhost jorgeley manager

http_access deny manager

http_access allow usuarios_liberados

http_access allow localhost

http_access allow palavras_liberadas

http_access allow dominios_liberados

http_access deny palavras_proibidas

http_access deny dominios_proibidos

http_access deny conexoes localnet

http_access allow usuarios

http_access allow localnet

http_access deny all


reply_body_max_size 100 MB


http_port 192.168.0.254:8213


cache_mem 3000 MB


maximum_object_size_in_memory 2 MB


memory_cache_mode always


memory_replacement_policy heap GDSF


cache_replacement_policy heap LFUDA


minimum_object_size 0 KB


maximum_object_size 96 MB


cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72

cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72

cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72

cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72

cache_dir diskd /cache 7168 16 256 Q1=64 Q2=72


store_dir_select_algorithm least-load|round-robin


max_open_disk_fds 512000


cache_swap_low 96


cache_swap_high 97


access_log stdio:/var/logs/access.log squid


logfile_daemon /libexec/log_file_daemon


cache_store_log none


logfile_rotate 3


mime_table /etc/mime.conf


pid_filename /var/run/squid.pid


cache_log /var/logs/cache.log


debug_options ALL,1


coredump_dir /cache


ftp_user none


ftp_passive on


ftp_telnet_protocol off


diskd_program /libexec/diskd


unlinkd_program /libexec/unlinkd


cache deny youtube

cache deny prefeitura

cache deny localnet


refresh_pattern ^ftp: 1440 20% 10080

refresh_pattern ^gopher: 1440 0% 1440

refresh_pattern -i (/cgi-bin/|\?) 0 0% 0

refresh_pattern . 0 20% 4320

refresh_pattern -i ^http:\/\/www\.google\.com\/$ 0 20% 360 override-expire
override-lastmod ignore-reload ignore-no-cache ignore-no-store
reload-into-ims ignore-must-revalidate


quick_abort_min 1024 KB

quick_abort_max 2048 KB

quick_abort_pct 90



negative_ttl 10 seconds

negative_dns_ttl 30 seconds


range_offset_limit 0


request_header_max_size 2 KB

request_body_max_size 2 MB


ie_refresh off


connect_timeout 30 seconds

read_timeout 5 minutes

request_timeout 1 minutes


client_lifetime 1 day


cache_mgr jorgeleygpa at gmail.com

cache_effective_user squid

cache_effective_group squid


httpd_suppress_version_string on


visible_hostname firewall


delay_pools 2

delay_class 1 2

delay_class 2 2

delay_access 1 allow sem_delay_pool

delay_access 2 allow com_delay_pool

delay_parameters 1 -1/-1 -1/-1

delay_parameters 2 8000/8000 8000/8000


icon_directory /share/icons

error_directory /share/errors/pt-br

err_page_stylesheet /etc/errorpage.css

err_html_text mailto:jorgeleygpa at gmail.com

email_err_data on


deny_info ERR_ACCESS_DENIED dominios_proibidos palavras_proibidas


check_hostnames off


dns_nameservers 8.8.4.4 8.8.8.8


hosts_file /etc/hosts


client_db on


chroot /etc/squid-3.5.6


high_memory_warning 4000 MB


max_filedescriptors 512000


redirect_program /bannerfilter-1.31/redirector.pl


2015-07-31 11:23 GMT-03:00 Jorgeley Junior <jorgeley at gmail.com>:

> Hi guys.
> ident ACL was discontinued on Squid 3.5.6???
> I didn't found it in compilation options and it's unknown by squid.conf
> Any help?
>
> --
>
>
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20150731/8ee3519e/attachment-0001.html>

More information about the squid-users mailing list