hoy les traigo otra duda. acabo de configurar squid 3.5.23 en debian 9, es para dar servicio de internet a 250 usuarios. resulta que cuando configuro el navegador, firefox, en las pc, estos no pueden autenticarse pues despes de entrar las credenciales, vuelve a pedirlas en un ciclo sin fin.
he visto la logica del fichero y me parece que esta bien. Pudieran ayudarme????
les envio el fichero de configuracion.
#
# +---------------------------------------------------------+
# | 3.5.23 |
# +---------------------------------------------------------+
# +------------------------------------------------------------------------------+
# | DEFAULT |
# +------------------------------------------------------------------------------+
auth_param basic children 5
auth_param basic realm CORDOVE - Internet proxy cache
auth_param basic credentialsttl 2 hours
auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid/users
# Recommended minimum configuration:
#
# +------------------------------------------------------------------------------+
# | LISTAS CONTROL DE ACCESO |
# +------------------------------------------------------------------------------+
#-- acl puertos principales
acl SSL_ports port 443 # https
acl Safe_ports port 80 # http
acl Safe_ports port 8080 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl interna src
10.24.10.0/24# -- Directo para la red de salud
acl salud dstdomain .
sld.cuhttp_access allow all salud
always_direct allow all salud
acl cuba dstdomain .cu
http_access allow all cuba
http_access allow interna cuba
acl purge method PURGE
acl CONNECT method CONNECT
url_rewrite_program /usr/bin/squidGuard
#-- Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
#SERVIDORES
acl servidores arp 60:02:92:39:fe:4e # .1
http_access allow servidores
#-- Passwd
acl Pass proxy_auth REQUIRED
# -- LISTAS DE CONTROL POR MAC
#-- MAC de la PCs con internet
acl mac_nodo arp a0:00:00:04:c0:05 #JEFE DEPTO INFORMATICA corona PCI
acl mac_nodo arp D0:17:C2:8A:44:86 #TECNICO DE LAS TIC leo
acl mac_nodo arp D0:17:C2:96:38:99 #ADMINISTRADOR DE RED tony
acl mac_nodo arp D0:17:C2:8A:44:D1 #SEGURIDAD INFORMATICA
#
acl mac_Biblioteca arp C0:7C:D1:33:A0:10
acl mac_Biblioteca arp 60:02:92:3C:68:EC
acl mac_Biblioteca arp 60:02:92:3C:69:11
acl mac_Biblioteca arp 0C:54:A5:4B:41:B3
#
acl mac_direccion arp 70:54:D2:0A:05:ED
acl mac_direccion arp 14:CC:20:04:26:0A
#
acl mac_Terapia arp 00:71:C2:19:A4:D8
#
acl mac_contabilidad arp 70:54:D2:09:FA:42 # Tamara
acl mac_contabilidad arp 70:54:d2:0a:03:88 # Energetico
#
acl mac_rrhh arp 50:46:5D:03:AF:43
acl mac_rrhh arp 14:DD:A9:7B:89:9F # Jefe depto
acl mac_rrhh arp 70:54:D2:09:FB:22
#
acl mac_enfermeria arp 00:71:C2:19:A5:8C
acl mac_cirugia arp 00:71:C2:31:47:56
acl mac_facultativa arp 00:71:C2:19:A6:5A
acl mac_cardiologia arp 70:54:D2:0A:05:9D
acl mac_asistenciaMedica arp 00:21:97:2D:6F:3D
acl mac_miscelanea arp 70:54:D2:0A:06:CC
acl mac_ultrasonido arp 08:60:6E:53:CF:96
acl mac_laboratorioCl arp 70:54:D2:0A:04:6C
#
acl mac_docencia arp 70:54:D2:0A:04:E4
acl mac_docencia_2 arp 7C:05:07:3A:C9:E7
#
acl mac_proteccionFisica arp 00:1D:72:EC:E8:F5
acl mac_proteccionFisica arp A0:2B:B8:27:4E:FA
#
acl mac_farmacia arp 00:71:C2:31:47:64
acl mac_auditoria arp 60:02:92:3c:68:fc
acl mac_estadistica arp 60:02:92:3c:68:fd
# -- MAC - LAPTOPS
acl mac_docencia_delmis arp 34:97:f6:75:c2:db
acl mac_fonck arp 8C:89:A5:09:AA:78
acl mac_laptop_constanten arp 34:97:f6:cb:c2:52
# -- LISTAS DE CONTROL POR USUARIOS
# -- Usuarios con internet
acl nodo proxy_auth "/etc/squid/config/usuarios/nodo"
acl asistenciaMedica proxy_auth "/etc/squid/config/usuarios/asistenciaMedica"
acl auditoria proxy_auth "/etc/squid/config/usuarios/auditoria"
acl biblioteca proxy_auth "/etc/squid/config/usuarios/biblioteca"
acl cardiologia proxy_auth "/etc/squid/config/usuarios/cardiologia"
acl cirugia proxy_auth "/etc/squid/config/usuarios/cirugia"
acl contabilidad proxy_auth "/etc/squid/config/usuarios/contabilidad"
acl direccion proxy_auth "/etc/squid/config/usuarios/direccion"
acl docencia proxy_auth "/etc/squid/config/usuarios/docencia"
acl enfermeria proxy_auth "/etc/squid/config/usuarios/enfermeria"
acl estadistica proxy_auth "/etc/squid/config/usuarios/estadistica"
acl facultativa proxy_auth "/etc/squid/config/usuarios/facultativa"
acl farmacia proxy_auth "/etc/squid/config/usuarios/farmacia"
acl laboratorioCl proxy_auth "/etc/squid/config/usuarios/laboratorioCl"
acl miscelanea proxy_auth "/etc/squid/config/usuarios/miscelanea"
acl proteccionFisica proxy_auth "/etc/squid/config/usuarios/proteccionFisica"
acl rrhh proxy_auth "/etc/squid/config/usuarios/rrhh"
acl terapia proxy_auth "/etc/squid/config/usuarios/terapia"
acl ultrasonido proxy_auth "/etc/squid/config/usuarios/ultrasonido"
# -- REGLAS DE FILTRADO POR CONTENIDO --
# -- CONTROL DE TIEMPO --
acl horas_pico time A 08:00-10:00
acl horas_pico time MTWHF 08:00-15:00
# --- Alto Consumo
acl altoconsumo dstdomain "/etc/squid/filtros/altoconsumo"
# --- Redes Sociales
acl sociales url_regex -i "/etc/squid/filtros/sociales"
# DEFINIENDO PALABRAS FULAS
acl palabrasfulas url_regex -i "/etc/squid/filtros/palabrasfulas"
# --- Porn--- Proxy Anonimos
# --- SE FILTRA POR SQUID GUARD --
acl mal_domains dstdomain "/etc/squid/filtros/malware/domains"
acl mal_urls url_regex -i "/etc/squid/filtros/malware/urls"
#
# LISTA DE SITIOS INOCENTES - proxyenlaces
#acl proxyEnlaces_url url_regex -i "/etc/squid/rules/restringir/inocentes.rule"
#acl proxyEnlaces_sitios url_regex -i "/etc/squid/rules/restringir/inocentes.rule"
#acl proxyEnlaces_dominios dstdomain -i "/etc/squid/rules/restringir/inocentes.rule"
# -- PERMITIR SITIOS INOCENTES - proxyenlaces
#http_access allow proxyEnlaces_url all
#http_access allow proxyEnlaces_sitios all
#http_access allow proxyEnlaces_dominios all
# -- DIRECCION DE ACCESO DENEGADO A SITIOS
acl scholar url_regex
scholar.google.com.cuacl google dstdomain .
google.com.cudeny_info
http://scholar.google.com.cu google
http_access allow interna cuba
# ------ DENEGANDO REGLAS DE FILTRADO DE CONTENIDO ----------------- #
http_access deny palabrasfulas
http_access deny mal_domains
http_access deny mal_urls
#Denegacion de Facebook hora pico
http_access deny sociales horas_pico !nodo
http_access deny sociales horas_pico !direccion
#-- Util para SqStat
acl managers proto cache_object
acl webserver src 10.24.10.2
http_access allow managers webserver
http_access deny managers
cachemgr_passwd secret all
# +------------------------------------------------------------------------------+
# | REGLAS CONTROL DE ACCESO |
# +------------------------------------------------------------------------------+
#-- Deny requests to certain unsafe ports
http_access deny !Safe_ports
http_access allow mac_nodo nodo Pass
http_access deny nodo
http_access allow asistenciaMedica mac_asistenciaMedica Pass
http_access deny asistenciaMedica
http_access allow auditoria mac_auditoria Pass
http_access deny auditoria
http_access allow biblioteca mac_biblioteca Pass
http_access deny biblioteca
http_access allow cardiologia mac_cardiologia Pass
http_access deny cardiologia
http_access allow cirugia mac_cirugia Pass
http_access deny cirugia
http_access allow contabilidad mac_contabilidad Pass
http_access deny contabilidad
http_access allow direccion mac_direccion Pass
http_access deny direccion
http_access allow docencia mac_docencia Pass
http_access deny docencia
http_access allow estadistica mac_estadistica Pass
http_access deny estadistica
http_access allow enfermeria mac_enfermeria Pass
http_access deny enfermeria
http_access allow facultativa mac_facultativa Pass
http_access deny facultativa
http_access allow farmacia mac_farmacia Pass
http_access deny farmacia
http_access allow laboratorioCl mac_laboratorioCl Pass
http_access deny laboratorioCl
http_access allow miscelanea mac_miscelanea Pass
http_access deny miscelanea
http_access allow proteccionFisica mac_proteccionFisica Pass
http_access deny proteccionFisica
http_access allow rrhh mac_rrhh Pass
http_access deny rrhh
http_access allow terapia mac_terapia Pass
http_access deny terapia
http_access allow ultrasonido mac_ultrasonido Pass
http_access deny ultrasonido
# -----------------------------------------------------------
shutdown_lifetime 10 seconds
# -- MEMORIA DE CACHE
cache_mem 512 MB
maximum_object_size 5 MB
dns_defnames on
logfile_rotate 10
#Default:
# Squid normally listens to port 3128
http_port
100.10.10.254:3128icp_port 0
# +------------------------------------------------------+
# | DEFAULT |
# +------------------------------------------------------+
# PROXY PADRE DE MI RED
cache_peer 100.10.9.55 parent 3128 0 default
cache_peer_domain
proxy.sld.cu !.
sld.cunonhierarchical_direct off
# --- Logs del proxy ---
cache_log /var/log/squid/cache.log
access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
cache_dir aufs /var/spool/squid 5120 16 256
coredump_dir /var/spool/squid
cache_swap_low 90
cache_swap_high 95
cache_mgr
dihc@infomed.sld.cu# -- Errores en Spanish
icon_directory /usr/share/squid/icons
error_directory /usr/share/squid/errors/es
mime_table /usr/share/squid/mime.conf
# +------------------------------------------------------------------------------+
# | REFRESCO DE LA CACHE |
# +------------------------------------------------------------------------------+
#-- Imagenes
refresh_pattern -i \.gif$ 14400 80% 43200
refresh_pattern -i \.tiff?$ 14400 80% 43200
refresh_pattern -i \.bmp$ 14400 80% 43200
refresh_pattern -i \.jp?g$ 14400 80% 43200
refresh_pattern -i \.xbm$ 14400 80% 43200
refresh_pattern -i \.png$ 14400 80% 43200
refresh_pattern -i \.wrl$ 14400 80% 43200
refresh_pattern -i \.ico$ 14400 80% 43200
refresh_pattern -i \.pnm$ 14400 80% 43200
refresh_pattern -i \.pbm$ 14400 80% 43200
refresh_pattern -i \.pgm$ 14400 80% 43200
refresh_pattern -i \.ppm$ 14400 80% 43200
refresh_pattern -i \.rgb$ 14400 80% 43200
refresh_pattern -i \.ppm$ 14400 80% 43200
refresh_pattern -i \.rgb$ 14400 80% 43200
refresh_pattern -i \.xpm$ 14400 80% 43200
refresh_pattern -i \.xwd$ 14400 80% 43200
refresh_pattern -i \.pict?$ 14400 80% 43200
#-- Movies
refresh_pattern -i \.mov$ 14400 80% 43200
refresh_pattern -i \.mp?g?$ 14400 80% 43200
refresh_pattern -i \.avi$ 14400 80% 43200
refresh_pattern -i \.qtm?$ 14400 80% 43200
refresh_pattern -i \.viv$ 14400 80% 43200
refresh_pattern -i \.swf$ 14400 80% 43200
refresh_pattern -i \.flv$ 14400 80% 43200
refresh_pattern -i \.mp4$ 14400 80% 43200
refresh_pattern -i \.mkv$ 14400 80% 43200
refresh_pattern -i \.wmv$ 14400 80% 43200
#-- Sounds
refresh_pattern -i \.wav$ 14400 80% 43200
refresh_pattern -i \.aiff?$ 14400 80% 43200
refresh_pattern -i \.au$ 14400 80% 43200
refresh_pattern -i \.ram?$ 14400 80% 43200
refresh_pattern -i \.snd$ 14400 80% 43200
refresh_pattern -i \.mid$ 14400 80% 43200
refresh_pattern -i \.mp2$ 14400 80% 43200
refresh_pattern -i \.mp3$ 14400 80% 43200
refresh_pattern -i \.ogg$ 14400 80% 43200
#-- Archives
refresh_pattern -i \.sit$ 14400 80% 43200
refresh_pattern -i \.zip$ 14400 80% 43200
refresh_pattern -i \.7zip$ 14400 80% 43200
refresh_pattern -i \.hqx$ 14400 80% 43200
refresh_pattern -i \.exe$ 14400 80% 43200
refresh_pattern -i \.arj$ 14400 80% 43200
refresh_pattern -i \.lzh$ 14400 80% 43200
refresh_pattern -i \.lha$ 14400 80% 43200
refresh_pattern -i \.cab$ 14400 80% 43200
refresh_pattern -i \.rar$ 14400 80% 43200
refresh_pattern -i \.tar$ 14400 80% 43200
refresh_pattern -i \.gz$ 14400 80% 43200
refresh_pattern -i \.z$ 14400 80% 43200
refresh_pattern -i \.a[0-9][0-9]$ 14400 80% 43200
refresh_pattern -i \.r[0-9][0-9]$ 14400 80% 43200
#-- Data files
refresh_pattern -i \.txt$ 14400 80% 43200
refresh_pattern -i \.pdf$ 14400 80% 43200
refresh_pattern -i \.doc$ 14400 80% 43200
refresh_pattern -i \.rtf$ 14400 80% 43200
refresh_pattern -i \.tex$ 14400 80% 43200
refresh_pattern -i \.latex$ 14400 80% 43200
#-- Java-type objects
refresh_pattern -i \.class$ 14400 80% 43200
refresh_pattern -i \.js$ 14400 80% 43200
refresh_pattern -i \.class$ 14400 80% 43200
#-- Web-type objects
refresh_pattern -i \.css$ 10 20% 4320
refresh_pattern -i \.html?$ 10 20% 4320
refresh_pattern \/$ 10 20% 4320
#-- Para evitar problemas con scripts .do
refresh_pattern -i \.do$ 0 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
#-- Otros
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 0 20% 4320
# ---------------------------------------------------------------------------
visible_hostname
proxy.mired.sld.cudns_nameservers 100.10.10.1
http_access deny all