#1 Le 20/09/2015, à 22:08
- doesit
[RESOLU] Problème de configuration d'une blacklist sous squid3
Bonjour,
J'ai un problème avec la configuration de squid3, je ne suis pas particulièrement à l'aise avec ubuntu/linux et j'essaie de configurer un proxy avec squid3 depuis hier matin...
Je suis sur une dedibox de chez online sous ubuntu 12.04.2_LTS (64BITS)
J'ai installé squid3 et je configure mon fichier de conf comme ceci:
# TAG: auth_param
#auth_param basic program /usr/lib/squid3/ncsa_auth /etc/squid3/users
#auth_param basic children 5
#auth_param basic realm Renseigner votre identifiant et mot de passe !
#auth_param basic credentialsttl 48 hours
# TAG: acl
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl myhost srcdomain "mondomaine"
acl allcomputers src "monip"
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#acl Users proxy_auth REQUIRED
# TAG: http_access
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
#http_access allow Users
http_access allow myhost
http_access allow allcomputers
# TAG: http_port
http_port 3128
# TAG: https_port
#Default:
# none
# TAG: ssl_unclean_shutdown
# none
# TAG: sslproxy_client_certificate
# none
# TAG: sslproxy_client_key
# none
# TAG: sslproxy_version
# sslproxy_version 1
# TAG: sslproxy_options
# none
# TAG: sslproxy_cipher
# none
# TAG: sslproxy_cafile
# none
# TAG: sslproxy_capath
# none
# TAG: ssl_bump
# none
# TAG: sslproxy_flags
# none
# TAG: sslproxy_cert_error
# none
# TAG: sslpassword_program
# none
# TAG: sslcrtd_program
# sslcrtd_program /usr/lib/squid3/ssl_crtd -s /var/lib/ssl_db -M 4MB
# TAG: sslcrtd_children
# sslcrtd_children 5
# TAG: cache_peer
# none
# TAG: cache_peer_domain
# none
# TAG: cache_peer_access
# none
# TAG: neighbor_type_domain
# none
# TAG: cache_mem (bytes)
cache_mem 256 MB
# TAG: maximum_object_size_in_memory (bytes)
# maximum_object_size_in_memory 512 KB
# TAG: memory_replacement_policy
# memory_replacement_policy lru
# TAG: cache_dir
cache_dir ufs /var/spool/squid3 1024 32 512
# TAG: minimum_object_size (bytes)
# minimum_object_size 0 KB
# TAG: maximum_object_size (bytes)
maximum_object_size 15 MB
# TAG: cache_swap_low (percent, 0-100)
# cache_swap_low 90
# TAG: cache_swap_high (percent, 0-100)
# cache_swap_high 95
# TAG: logformat
#logformat squid %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt
#logformat squidmime %ts.%03tu %6tr %>a %Ss/%03>Hs %<st %rm %ru %un %Sh/%<A %mt [%>h] [%<h]
#logformat common %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st %Ss:%Sh
#logformat combined %>a %ui %un [%tl] "%rm %ru HTTP/%rv" %>Hs %<st "%{Referer}>h" "%{User-Agent}>h" %Ss:%Sh
#Default:
# none
# TAG: access_log
access_log /var/log/squid3/access.log
# TAG: log_access allow|deny acl acl...
# none
# TAG: log_icap
# none
# TAG: cache_store_log
# none
# TAG: cache_swap_state
# none
# TAG: logfile_rotate
# logfile_rotate 0
# TAG: emulate_httpd_log on|off
# emulate_httpd_log off
# TAG: log_ip_on_direct on|off
# log_ip_on_direct on
# TAG: mime_table
# mime_table /usr/share/squid3/mime.conf
# TAG: log_mime_hdrs on|off
# log_mime_hdrs off
# TAG: useragent_log
# none
# TAG: referer_log
# none
# TAG: pid_filename
# pid_filename /var/run/squid3.pid
# TAG: log_fqdn on|off
# log_fqdn off
# TAG: client_netmask
# client_netmask no_addr
# TAG: forward_log
# none
# TAG: strip_query_terms
# strip_query_terms on
# TAG: buffered_logs on|off
# buffered_logs off
# TAG: netdb_filename
# netdb_filename /var/log/squid3/netdb.state
# TAG: cache_log
cache_log /var/log/squid3/cache.log
# TAG: debug_options
# debug_options ALL,1
# TAG: coredump_dir
# coredump_dir none
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid3
# TAG: ftp_user
# ftp_user Squid@
# TAG: ftp_list_width
# ftp_list_width 32
# TAG: ftp_passive
# ftp_passive on
# TAG: ftp_epsv_all
# ftp_epsv_all off
# TAG: ftp_epsv
# ftp_epsv on
# TAG: ftp_eprt
# ftp_eprt on
# TAG: ftp_sanitycheck
# ftp_sanitycheck on
# TAG: ftp_telnet_protocol
# ftp_telnet_protocol on
# TAG: diskd_program
# diskd_program /usr/lib/squid3/diskd
# TAG: unlinkd_program
# unlinkd_program /usr/lib/squid3/unlinkd
# TAG: pinger_program
# pinger_program /usr/lib/squid3/pinger
# TAG: pinger_enable
# pinger_enable off
# TAG: url_rewrite_program
#url_rewrite_program /usr/bin/squidGuard -C /etc/squid/squidGuard.conf
# TAG: url_rewrite_children
# url_rewrite_children 5
# TAG: url_rewrite_concurrency
# url_rewrite_concurrency 0
# TAG: url_rewrite_host_header
# url_rewrite_host_header on
# TAG: url_rewrite_access
# none
# TAG: url_rewrite_bypass
# url_rewrite_bypass off
# TAG: refresh_pattern
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
# example lin deb packages
#refresh_pattern (\.deb|\.udeb)$ 129600 100% 129600
refresh_pattern . 0 20% 4320
# TAG: negative_ttl time-units
negative_ttl 4 minutes
# TAG: positive_dns_ttl time-units
positive_dns_ttl 8 hours
# TAG: request_header_max_size (KB)
# request_header_max_size 64 KB
# TAG: reply_header_max_size (KB)
# reply_header_max_size 64 KB
# TAG: request_body_max_size (bytes)
# request_body_max_size 0 KB
# TAG: client_request_buffer_max_size (bytes)
# client_request_buffer_max_size 512 KB
# TAG: chunked_request_body_max_size (bytes)
# chunked_request_body_max_size 64 KB
# TAG: broken_posts
#Example:
# acl buggy_server url_regex ^http://....
# broken_posts allow buggy_server
# TAG: icap_uses_indirect_client on|off
# icap_uses_indirect_client on
# TAG: via on|off
# via on
# TAG: ie_refresh on|off
# ie_refresh off
# TAG: vary_ignore_expire on|off
# vary_ignore_expire off
# TAG: request_entities
# request_entities off
# TAG: request_header_access
# none
# TAG: reply_header_access
# none
# TAG: request_header_replace
# none
# TAG: reply_header_replace
# none
# TAG: relaxed_header_parser on|off|warn
# relaxed_header_parser on
# TAG: ignore_expect_100 on|off
# ignore_expect_100 off
# TAG: forward_timeout time-units
# forward_timeout 4 minutes
# TAG: connect_timeout time-units
# connect_timeout 1 minute
# TAG: peer_connect_timeout time-units
# peer_connect_timeout 30 seconds
# TAG: read_timeout time-units
# read_timeout 15 minutes
# TAG: request_timeout
# request_timeout 5 minutes
# TAG: persistent_request_timeout
# persistent_request_timeout 2 minutes
# TAG: client_lifetime time-units
# client_lifetime 1 day
# TAG: half_closed_clients
# half_closed_clients off
# TAG: pconn_timeout
# pconn_timeout 1 minute
# TAG: ident_timeout
# ident_timeout 10 seconds
# TAG: shutdown_lifetime time-units
# shutdown_lifetime 30 seconds
# TAG: cache_mgr
# cache_mgr webmaster
# TAG: mail_from
# none
# TAG: mail_program
# mail_program mail
# TAG: cache_effective_user
# cache_effective_user proxy
# TAG: cache_effective_group
# none
# TAG: httpd_suppress_version_string on|off
# httpd_suppress_version_string off
# TAG: visible_hostname
visible_hostname famille-brame
# TAG: unique_hostname
# none
# TAG: hostname_aliases
# none
# TAG: umask
# umask 027
# TAG: announce_host
#Default:
# announce_host tracker.ircache.net
# TAG: announce_file
#Default:
# none
# TAG: announce_port
# announce_port 3131
# TAG: httpd_accel_surrogate_id
# httpd_accel_surrogate_id unset-id
# TAG: http_accel_surrogate_remote on|off
# http_accel_surrogate_remote off
# TAG: esi_parser libxml2|expat|custom
# esi_parser custom
# TAG: delay_pools
# delay_pools 0
# TAG: delay_class
# none
# TAG: delay_access
#Example:
# delay_access 1 allow some_big_clients
# delay_access 1 deny all
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
# delay_access 3 allow authenticated_clients
#Default:
# none
# TAG: delay_parameters
#Default:
# none
# TAG: delay_initial_bucket_level (percent, 0-100)
# delay_initial_bucket_level 50
# TAG: wccp_router
# wccp_router any_addr
# TAG: wccp2_router
# none
# TAG: wccp_version
# wccp_version 4
# TAG: wccp2_rebuild_wait
# wccp2_rebuild_wait on
# TAG: wccp2_forwarding_method
# wccp2_forwarding_method gre
# TAG: wccp2_return_method
# wccp2_return_method gre
# TAG: wccp2_assignment_method
# wccp2_assignment_method hash
# TAG: wccp2_service
# wccp2_service standard 0
# TAG: wccp2_service_info
# none
# TAG: wccp2_weight
# wccp2_weight 10000
# TAG: wccp_address
# wccp_address 0.0.0.0
# TAG: wccp2_address
# wccp2_address 0.0.0.0
# TAG: client_persistent_connections
# client_persistent_connections on
# TAG: server_persistent_connections
# server_persistent_connections on
# TAG: persistent_connection_after_error
# persistent_connection_after_error on
# TAG: detect_broken_pconn
# detect_broken_pconn off
# TAG: digest_generation
# digest_generation on
# TAG: digest_bits_per_entry
# digest_bits_per_entry 5
# TAG: digest_rebuild_period (seconds)
# digest_rebuild_period 1 hour
# TAG: digest_rewrite_period (seconds)
# digest_rewrite_period 1 hour
# TAG: digest_swapout_chunk_size (bytes)
# digest_swapout_chunk_size 4096 bytes
# TAG: digest_rebuild_chunk_percentage (percent, 0-100)
# digest_rebuild_chunk_percentage 10
# TAG: snmp_port
# Example:
# snmp_port 3401
#Default:
# snmp_port 0
# TAG: snmp_access
#Example:
# snmp_access allow snmppublic localhost
# snmp_access deny all
#Default:
# snmp_access deny all
# TAG: snmp_incoming_address
# snmp_incoming_address any_addr
# TAG: snmp_outgoing_address
# snmp_outgoing_address no_addr
# TAG: icp_port
# icp_port 0
# TAG: htcp_port
# htcp_port 0
# TAG: log_icp_queries on|off
# log_icp_queries on
# TAG: udp_incoming_address
# udp_incoming_address any_addr
# TAG: udp_outgoing_address
# udp_outgoing_address no_addr
# TAG: icp_hit_stale on|off
# icp_hit_stale off
# TAG: minimum_direct_hops
# minimum_direct_hops 4
# TAG: minimum_direct_rtt
# minimum_direct_rtt 400
# TAG: netdb_low
# netdb_low 900
# TAG: netdb_high
# netdb_high 1000
# TAG: netdb_ping_period
# netdb_ping_period 5 minutes
# TAG: query_icmp on|off
# query_icmp off
# TAG: test_reachability on|off
# test_reachability off
# TAG: icp_query_timeout (msec)
# icp_query_timeout 0
# TAG: maximum_icp_query_timeout (msec)
# maximum_icp_query_timeout 2000
# TAG: minimum_icp_query_timeout (msec)
# minimum_icp_query_timeout 5
# TAG: background_ping_rate time-units
# background_ping_rate 10 seconds
# TAG: mcast_groups
# none
# TAG: mcast_miss_addr
# mcast_miss_addr no_addr
# TAG: mcast_miss_ttl
# mcast_miss_ttl 16
# TAG: mcast_miss_port
# mcast_miss_port 3135
# TAG: mcast_miss_encode_key
# mcast_miss_encode_key XXXXXXXXXXXXXXXX
# TAG: mcast_icp_query_timeout (msec)
# mcast_icp_query_timeout 2000
# TAG: icon_directory
icon_directory /usr/share/squid3/icons
# TAG: global_internal_static
# global_internal_static on
# TAG: short_icon_urls
# short_icon_urls on
# TAG: error_directory
# error_directory /usr/share/squid/errors/French
# TAG: error_default_language
# none
# TAG: error_log_languages
# error_log_languages on
# TAG: err_page_stylesheet
# err_page_stylesheet /etc/squid3/errorpage.css
# TAG: err_html_text
# none
# TAG: email_err_data on|off
# email_err_data on
# TAG: deny_info
# none
# TAG: append_domain
#Example:
# append_domain .yourdomain.com
# TAG: forwarded_for
forwarded_for OffMais impossible d'obtenir une configuration fonctionnelle, mon browser mouline lors d'une recherche, puis j'ai le message suivant:
The following error was encountered while trying to retrieve the URL: http://www.google.fr/
Connection to 2a00:1450:4007:806::101f failed.
The system returned: (110) Connection timed outMes tests sont fait depuis Firefox installé en local sur le serveur.
Voici les diff log
Fichier access.log:
1442778402.388 404 127.0.0.1 TCP_MISS/200 11947 GET http://disqus.com/api/3.0/discovery/listTopPost.json? - DIRECT/23.235.33.134 application/json
1442778416.715 59997 127.0.0.1 TCP_MISS/503 0 CONNECT safebrowsing.google.com:443 - DIRECT/2a00:1450:4007:807::1002 -
1442778443.619 169 127.0.0.1 TCP_MISS/200 308 GET http://s4.histats.com/stats/e.php? - DIRECT/208.43.241.181 text/html
1442778459.013 59561 127.0.0.1 TCP_MISS/503 0 CONNECT ssl.google-analytics.com:443 - DIRECT/2a00:1450:4007:80d::2008 -
1442778461.665 61219 127.0.0.1 TCP_MISS/200 4014 CONNECT referrer.disqus.com:443 - DIRECT/185.31.18.134 -
1442778461.758 61292 127.0.0.1 TCP_MISS/200 5753 CONNECT glitter.services.disqus.com:443 - DIRECT/185.31.17.64 -
1442778462.016 61137 127.0.0.1 TCP_MISS/200 5990 CONNECT links.services.disqus.com:443 - DIRECT/185.31.17.64 -
1442778476.977 60258 127.0.0.1 TCP_MISS/503 0 CONNECT safebrowsing.google.com:443 - DIRECT/2a00:1450:4007:807::1002 -
1442778520.012 60997 127.0.0.1 TCP_MISS/503 0 CONNECT ssl.google-analytics.com:443 - DIRECT/2a00:1450:4007:80d::2008 -
1442778536.718 59736 127.0.0.1 TCP_MISS/503 0 CONNECT safebrowsing.google.com:443 - DIRECT/2a00:1450:4007:807::1002 -
1442778576.703 179896 127.0.0.1 TCP_MISS/504 4016 GET http://www.google-analytics.com/ga.js - DIRECT/2a00:1450:4007:806::1006 text/html
1442778581.065 61049 127.0.0.1 TCP_MISS/503 0 CONNECT ssl.google-analytics.com:443 - DIRECT/2a00:1450:4007:80d::2008 -
1442778581.067 183891 127.0.0.1 TCP_MISS/504 4092 GET http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js - DIRECT/2a00:1450:4007:806::100d text/html
1442778596.719 59998 127.0.0.1 TCP_MISS/503 0 CONNECT safebrowsing.google.com:443 - DIRECT/2a00:1450:4007:807::1002 -
1442778641.718 60648 127.0.0.1 TCP_MISS/503 0 CONNECT ssl.google-analytics.com:443 - DIRECT/2a00:1450:4007:80d::2008 -
1442778656.719 59998 127.0.0.1 TCP_MISS/503 0 CONNECT safebrowsing.google.com:443 - DIRECT/2a00:1450:4007:807::1002 -
1442778657.384 76313 127.0.0.1 TCP_MISS/000 0 GET http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js - DIRECT/pagead2.googlesyndication.com -
1442778665.753 25 127.0.0.1 TCP_REFRESH_UNMODIFIED/200 2870 GET http://start.ubuntu.com/12.04/Google/? - DIRECT/91.189.89.88 text/html
1442778666.320 0 127.0.0.1 TCP_HIT/200 24201 GET http://start.ubuntu.com/12.04/sprite.png - NONE/- image/png
1442778671.340 3 127.0.0.1 TCP_MISS/200 931 POST http://ocsp.digicert.com/ - DIRECT/93.184.220.29 application/ocsp-response
1442778672.021 517 127.0.0.1 TCP_MISS/200 3507 CONNECT geo.mozilla.org:443 - DIRECT/63.245.215.82 -
1442778701.720 59997 127.0.0.1 TCP_MISS/503 0 CONNECT ssl.google-analytics.com:443 - DIRECT/2a00:1450:4007:80d::2008 -
1442778716.720 59999 127.0.0.1 TCP_MISS/503 0 CONNECT safebrowsing.google.com:443 - DIRECT/2a00:1450:4007:807::1002 -fichier cache.log:
2015/09/20 21:42:14| Preparing for shutdown after 30 requests
2015/09/20 21:42:14| Waiting 30 seconds for active connections to finish
2015/09/20 21:42:14| FD 13 Closing HTTP connection
2015/09/20 21:42:21| Starting Squid Cache version 3.1.19 for x86_64-pc-linux-gnu...
2015/09/20 21:42:21| Process ID 2812
2015/09/20 21:42:21| With 65535 file descriptors available
2015/09/20 21:42:21| Initializing IP Cache...
2015/09/20 21:42:21| DNS Socket created at [::], FD 5
2015/09/20 21:42:21| DNS Socket created at 0.0.0.0, FD 6
2015/09/20 21:42:21| Adding nameserver 62.210.16.6 from /etc/resolv.conf
2015/09/20 21:42:21| Adding nameserver 62.210.16.7 from /etc/resolv.conf
2015/09/20 21:42:21| Adding domain online.net from /etc/resolv.conf
2015/09/20 21:42:21| Unlinkd pipe opened on FD 11
2015/09/20 21:42:21| Local cache digest enabled; rebuild/rewrite every 3600/3600 sec
2015/09/20 21:42:21| Store logging disabled
2015/09/20 21:42:21| Swap maxSize 1048576 + 262144 KB, estimated 100824 objects
2015/09/20 21:42:21| Target number of buckets: 5041
2015/09/20 21:42:21| Using 8192 Store buckets
2015/09/20 21:42:21| Max Mem size: 262144 KB
2015/09/20 21:42:21| Max Swap size: 1048576 KB
2015/09/20 21:42:21| Version 1 of swap file with LFS support detected...
2015/09/20 21:42:21| Rebuilding storage in /var/spool/squid3 (DIRTY)
2015/09/20 21:42:21| Using Least Load store dir selection
2015/09/20 21:42:21| Set Current Directory to /var/spool/squid3
2015/09/20 21:42:21| Loaded Icons.
2015/09/20 21:42:21| Accepting HTTP connections at [::]:3128, FD 14.
2015/09/20 21:42:21| HTCP Disabled.
2015/09/20 21:42:21| Squid plugin modules loaded: 0
2015/09/20 21:42:21| Adaptation support is off.
2015/09/20 21:42:21| Ready to serve requests.
2015/09/20 21:42:21| Done reading /var/spool/squid3 swaplog (3 entries)
2015/09/20 21:42:21| Finished rebuilding storage from disk.
2015/09/20 21:42:21| 3 Entries scanned
2015/09/20 21:42:21| 0 Invalid entries.
2015/09/20 21:42:21| 0 With invalid flags.
2015/09/20 21:42:21| 3 Objects loaded.
2015/09/20 21:42:21| 0 Objects expired.
2015/09/20 21:42:21| 0 Objects cancelled.
2015/09/20 21:42:21| 0 Duplicate URLs purged.
2015/09/20 21:42:21| 0 Swapfile clashes avoided.
2015/09/20 21:42:21| Took 0.01 seconds (223.41 objects/sec).
2015/09/20 21:42:21| Beginning Validation Procedure
2015/09/20 21:42:21| Completed Validation Procedure
2015/09/20 21:42:21| Validated 31 Entries
2015/09/20 21:42:21| store_swap_size = 32
2015/09/20 21:42:22| storeLateRelease: released 0 objectsJe ne trouve que des configuration pour un réseau d'entreprise avec des sous réseau, ou un réseau local, mais rien sur une possible connexion depuis l’extérieur avec une IP banale de FAI...
Mon bute étant d'avoir sur ce serveur un proxy fonctionnel qui accepte la connexion des machine de chez moi.
Puis une fois ceci fait avec une whitelist et blacklist de sites.
J'ai testé pas mal de conf différentes mais j'ai toujours le même problème.
Merci pour votre aide.
Cdt,
DOESIT
Dernière modification par doesit (Le 25/09/2015, à 13:04)
Hors ligne
#2 Le 20/09/2015, à 22:34
- voxdemonix
Re : [RESOLU] Problème de configuration d'une blacklist sous squid3
peut-être un soucis d'ipv6 : https://connaissances.fournier38.fr/Act … ort%20IPv6
Dernière modification par voxdemonix (Le 20/09/2015, à 22:34)
Hors ligne
#3 Le 21/09/2015, à 12:15
- doesit
Re : [RESOLU] Problème de configuration d'une blacklist sous squid3
Yeah ! Merci voxdemonix, j'ai fais un grand pas !! les sites répondent !!
Je peux me pencher sur les blacklist et whitlist maintenant.
Merci encore.
Hors ligne
#4 Le 22/09/2015, à 21:28
- doesit
Re : [RESOLU] Problème de configuration d'une blacklist sous squid3
Bon, me revoilà avec un autre problème.
Les site indiqués dans ma blacklist ou en dur dans le fichier de conf de squid passe tout de même le proxy:
fichier de conf:
acl whitelist dstdom_regex "/etc/squid3/whitelist.txt"
acl blacklist url_regex "/etc/squid3/blacklist.txt"
acl facebook url_regex https://fr-fr.facebook.com
acl facebooks dstdom_regex .facebook.com
http_access allow whitelist
http_access deny blacklist
http_access deny facebook
http_access deny facebooksContenu du fichier whitelist:
127.0.0.1Contenu du fichier blacklist ex:
www.googleadservices.com
googleads.g.doubleclick.net
statcounter.com
beiks.pl
fr.a2dfp.net
m.fr.a2dfp.net
ad.a8.net
asy.a8ww.net
abcstats.com
ad.stat.4u.pl
adstat.4u.pl
stat.4u.pl
a.abv.bg
adserver.abv.bg
adv.abv.bgJe n'arrive pas à bloquer les sites voulus...
Hors ligne
#5 Le 23/09/2015, à 22:52
- doesit
Re : [RESOLU] Problème de configuration d'une blacklist sous squid3
J'ai l'impression qu'il ne prend pas en compte les filtres, car j'ai ajouté les lignes:
acl filtre_reg url_regex -i ^.*facebook.*$
Et
http_access deny filtre_reg
Mais je peux aller sur facebook ....
Voici l'ordre de mes filtres:
# TAG: acl
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl to_ipv6 dst ipv6
#acl whitelist dstdomain "/etc/squid3/whitelist"
acl blacklist dstdomain "/etc/squid3/blacklist.acl"
acl filtre_reg url_regex -i ^.*facebook.*$
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl Users proxy_auth REQUIRED
# TAG: http_access
http_access allow localhost
http_access allow manager localhost
http_access deny manager
http_access allow !Safe_ports
http_access allow CONNECT !SSL_ports
http_access allow Users
http_access deny to_ipv6 !all
#http_access allow whitelist
http_access deny blacklist
http_access deny filtre_reg
http_access allow localhostBonne soirée !
Je lâche l'affaire pour ce soir....
Hors ligne
#6 Le 25/09/2015, à 13:06
- doesit
Re : [RESOLU] Problème de configuration d'une blacklist sous squid3
Après avoir tester l'installation suivante:
HowTo SquidGuard
SquidGuard fonctionne correctement.
Cdt,
DOESIT
Hors ligne