народ, нужно чтоб отдельным пользователям доступ был только к 2-3 сайтам, адреса польз.-динамика, полисями выдается определенный порт на который нужно правило с ограничениями...
в Сквиде написал:
в файле allowed_urls список разрешенных сайтов
Помогите господа разобраться, не получается ограничение никак, клиентов по порту 8080 пропускает на все сайты.http_port 10.10.221.250:3128 #все, но без скачки файлов
http_port 10.10.221.250:8080 #пару сайтов перечисленных в allowed_urls
http_port 10.10.221.250:8081 #доступно абсолютно все
icp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 512 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 40096 KB
minimum_object_size 0 KB
ipcache_low 90
ipcache_high 95
fqdncache_size 1024
#--------------------------------------------------------------
#LOGFILE PATHNAMES AND CACHE DIRECTORIES
#
cache_dir ufs /var/spool/squid 10000 26 356
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
emulate_httpd_log on
mime_table /etc/squid/mime.conf
#--------------------------------------------------------------
#OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
#
ftp_user anonymous@
#ftp_list_width 64
#ftp_passive off
#ftp_sanitycheck on
#ftp_telnet_protocol on
hosts_file /etc/hosts
redirect_children 5
redirect_rewrites_host_header on
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
quick_abort_min 16 KB
quick_abort_max 16 KB
quick_abort_pct 95
negative_ttl 1 minutes
positive_dns_ttl 6 hours
negative_dns_ttl 5 minute
range_offset_limit 0 KB
half_closed_clients on
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
#Recommended minimum configuration:
acl cz src 10.10.221.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl restricted myport 8080
acl free myport 3128
acl freeall myport 8081
http_access allow freeall
acl allowed_urls url_regex "/etc/squid/etc/allowed_urls"
http_access allow restricted czins allowed_urls
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 1025-65535 # http
acl Safe_ports port 20 # ftp
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Squid Blocks
# http://www.hklc.com/squidblock/
#
acl squid_block_badlang url_regex -i "/etc/squid/squidblock/badlang.block.txt"
acl squid_unblock_badlang url_regex -i "/etc/squid/squidblock/badlang.unblock.txt"
acl squid_block_entertain url_regex -i "/etc/squid/squidblock/entertain.block.txt"
acl squid_unblock_entertain url_regex -i "/etc/squid/squidblock/entertain.unblock.txt"
acl squid_block_games url_regex -i "/etc/squid/squidblock/games.block.txt"
acl squid_unblock_games url_regex -i "/etc/squid/squidblock/games.unblock.txt"
acl squid_block_pirate url_regex -i "/etc/squid/squidblock/pirate.block.txt"
acl squid_block_mp3 url_regex -i "/etc/squid/squidblock/mp3.block.txt"
acl squid_unblock_pirate url_regex -i "/etc/squid/squidblock/pirate.unblock.txt"
acl squid_block_porn url_regex -i "/etc/squid/squidblock/porn.block.txt pron.block.txt"
http_access deny squid_block_badlang !squid_unblock_badlang
http_access deny squid_block_entertain !squid_unblock_entertain
http_access deny squid_block_games !squid_unblock_games
http_access deny squid_block_porn
http_access deny squid_block_pirate !squid_unblock_pirate
http_access deny squid_block_mp3
#http_access deny porndomain
#http_access deny pornurls
#acl porndomain url_regex "/etc/squid/squidblock/porndomain"
#acl pornurls url_regex "/etc/squid/squidblock/pornurls"
#-------------------------------------------------------------
#acl DenyBadMime rep_mime_type -i ^audio/ ^video
#acl DenyBad url_regex -i \.aif$ \.aifc$ \aiff$ \.au$ \.kar$ \.mid$ \midi$ \.mp2$ \.mpga$ \.ra$ \.ram$ \.rm$ \.ram$ \.rm$ \.snd$ \wav$ \.avi$ \.mov$ \.movie$ \.mpe$ \.mpeg$ \.mpg$ \.mxu$ \.qt$ \.asf$ \.asx$
#http_access deny DenyBadMime
#http_access deny DenyBad
#-------------------------------------------------------------
#acl wifi myport 8082
#http_access allow wifi
#acl NOT url_regex -i "/etc/squid/etc/NOT"
#http_access deny NOT
#acl NOFILES urlpath_regex -i "/etc/squid/etc/NOFILES "
#http_access deny NOFILES
#acl BANNER url_regex banner reklama linkexch banpics us\.yimg\.com[\./]ad[s]?[\./]
#http_access deny BANNER
acl allowed_urls url_regex "/etc/squid/etc/allowed_urls"
http_access allow restricted czins allowed_urls
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access allow Safe_ports
http_access allow free cz
http_access deny all
icp_access allow all
#-------------------------------------------------------------
cache_mgr root
cache_effective_user squid
cache_effective_group squid
logfile_rotate 5
forwarded_for off
client_db on
Вариант для распечатки
OpenNET: Виртуальная конференция (Public)
on 10-Июл-06, 12:33 
