[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bloqueio MSN +- (Quase lá)

Em Qui, 2006-03-23 às 18:03 -0300, Maxwillian Miorim escreveu:
> Crie a acl para o MSN:
> 
> acl msn_mime req_mime_type -i ^application/x-msn-messenger$
> 
> E use a seguinte combinação:
> 
> http_access deny msn_mime !usuarios_internet
> http_access allow msn_mime usuarios_internet
> 
> #usuarios_internet são os usuários do teu grupo liberados para isto,
> deve haver uma acl para tanto
> 
> Assim apenas quem é autorizado usa algo com o mime-type do MSN
> (Messenger, WIndows Messenger, Gaim, Kopete, aMSN e etc.)
> 
Porém com um erro que eu nunca tinha visto... 

GRSS003:~# squid -k reconfigure
2006/03/24 13:49:38| ACL name 'msn-mime' not defined!
FATAL: Bungled squid.conf line 51: http_access allow msn-mime ProxyUsers
Squid Cache (Version 2.5.STABLE12): Terminated abnormally.

Segue squid.conf:


hierarchy_stoplist cgi-bin ?

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

redirect_program /sbin/redirector ads audio-video blocked hacking jogos
porn proxy

auth_param ntlm program /bin/ntlm_auth
--helper-protocol=squid-2.5-ntlmssp
auth_param ntlm use_ntlm_negotiate off
auth_param ntlm children 10
auth_param ntlm max_challenge_reuses 0
auth_param ntlm max_challenge_lifetime 5 minutes

auth_param basic program /bin/ntlm_auth
--helper-protocol=squid-2.5-basic
auth_param basic children 5
auth_param basic realm Proxy GUARAPLY
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern .               0       20%     4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443 563     # https, snews
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

external_acl_type NT_global_group children=10 %
LOGIN /usr/local/squid/libexec/wbinfo_group.pl
acl ProxyUsers external NT_global_group GRS_NET
http_access allow ProxyUsers

acl msn_mime req_mime_type -i ^application/x-msn-messenger$
http_access deny msn_mime !ProxyUsers
http_access allow msn-mime ProxyUsers


acl day time MTWHF 11:30-13:00

acl ProxyUsersMeioDia external NT_global_group GRS_NETD
http_access allow ProxyUsersMeioDia day

http_access deny all

http_reply_access allow all





-- 
...
[]'s

        _                    Eder Gobbi - "Woody"
       ^-)                    MSN - gobbix at gmail dot com
        ( . . _                  GoogleTalk - gobbix at gmail dot com
          \ `\\                   Jabber - gobbix at jabber dot com
             |>                       Linux User - #385577 - http://counter.li.org
 ______/|______                 UIN - 161655702                   
       
"Livre? É... Eu sou!!!"

"Se você pensa que pode, ou se pensa que não pode, de qualquer forma
você está certo!" (Henry Ford)
Reply to: