Squid acl time não funciona
-
boa tarde
limito toda a banda de estensões de video e audio http no squid, mas quero que nos horário a baixo ela fique ilimitdo como se destativasse a regra de delay pools. segue o meu squid.conf alguem pode me ajuda a onde eu devo colocar a regra?
This file is automatically generated by pfSense
Do not edit manually !
http_port 192.168.200.254:3128
http_port 127.0.0.1:3128 intercept
icp_port 0
dns_v4_first off
pid_filename /var/run/squid.pid
cache_effective_user proxy
cache_effective_group proxy
error_default_language en
icon_directory /usr/pbi/squid-amd64/etc/squid/icons
visible_hostname localhost
cache_mgr admin@localhost
access_log /var/squid/logs/access.log
cache_log /var/squid/logs/cache.log
cache_store_log none
netdb_filename /var/squid/logs/netdb.state
pinger_enable on
pinger_program /usr/pbi/squid-amd64/libexec/squid/pingerlogfile_rotate 0
debug_options rotate=0
shutdown_lifetime 3 secondsAllow local network(s) on interface(s)
acl localnet src 192.168.200.0/24
uri_whitespace stripWindows Update refresh_pattern
range_offset_limit -1
refresh_pattern -i update.microsoft.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
refresh_pattern -i microsoft.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
refresh_pattern -i windowsupdate.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
refresh_pattern -i windows.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
refresh_pattern -i c2r.microsoft.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
refresh_pattern -i download.windowsupdate.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
refresh_pattern guru.avg.com/softw/90free/update/..(bin|ctf) 11520 100% 43200 reload-into-ims
refresh_pattern update.avg.com/softw/90/update/..(bin|ctf) 11520 100% 43200 reload-into-ims
refresh_pattern http://update.avg.com/softw/90/update/.*.(bin|ctf) 11520 100% 43200 reload-into-imsSymantec refresh_pattern
range_offset_limit -1
refresh_pattern liveupdate.symantecliveupdate.com/..(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
refresh_pattern symantecliveupdate.com/..(cab|exe|dll|msi) 10080 100% 43200 reload-into-imsAvast refresh_pattern
range_offset_limit -1
refresh_pattern avast.com/.*.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-imsAvira refresh_pattern
range_offset_limit -1
refresh_pattern personal.avira-update.com/.*.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-imscache_mem 2000 MB
maximum_object_size_in_memory 50 KB
memory_replacement_policy heap GDSF
cache_replacement_policy heap LFUDA
cache_dir ufs /var/squid/cache 10000 16 256
minimum_object_size 200 KB
maximum_object_size 200000 KB
offline_mode off
cache_swap_low 90
cache_swap_high 95
cache allow allAdd any of your own refresh_pattern entries above these.
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320No redirector configured
#Remote proxies
Setup some default acls
From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
acl localhost src 127.0.0.1/32
acl allsrc src all
acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901 3128 3127 1025-65535
acl sslports port 443 563From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.
#acl manager proto cache_object
acl purge method PURGE
acl connect method CONNECTDefine protocols used for redirects
acl HTTP proto HTTP
acl HTTPS proto HTTPS
acl allowed_subnets src 192.168.200.0/24
http_access allow manager localhosthttp_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !safeports
http_access deny CONNECT !sslportsAlways allow localhost connections
From 3.2 further configuration cleanups have been done to make things easier and safer.
The manager, localhost, and to_localhost ACL definitions are now built-in.
http_access allow localhost
acl horario_livre_1 time MTWHF 11:00-13:00
http_access allow horario_livre_1acl horario_livre_1 time MTWHF 17:00-23:59
http_access allow horario_livre_1acl horario_livre_1 time MTWHF 00:00-07:30
http_access allow horario_livre_1acl horario_livre_1 time A 00:01-23:59
http_access allow horario_livre_1acl horario_livre_1 time S 00:01-23:59
http_access allow horario_livre_1acl sites_1k url_regex -i "/usr/pbi/squid-amd64/etc/squid/banda/sites_1k.txt"
acl sites_50k url_regex -i "/usr/pbi/squid-amd64/etc/squid/banda/sites_50k.txt"
acl ips_1k src "/usr/pbi/squid-amd64/etc/squid/banda/ips_1k.txt"
acl ips_50k src "/usr/pbi/squid-amd64/etc/squid/banda/ips_50k.txt"delay_pools 2
Libera 1kb/s para os sites cadastrados no arquivo "sites_1k.txt"
delay_class 1 2
delay_parameters 1 -1/-1 100000/100000 100000/100000
delay_access 1 allow sites_1k ips_1kLibera 50kb/s para os sites cadastrados no arquivo "sites_50k.txt"
delay_class 2 2
delay_parameters 2 -1/-1 50000/50000 50000/50000
delay_access 2 allow sites_50k
delay_access 1 allow sites_50k ips_50kdelay_initial_bucket_level 100
Reverse Proxy settings
Package Integration
url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_children 5Custom options before auth
external_acl_type check_cp children-startup=5 ttl=5 %SRC /usr/pbi/squid-amd64/libexec/squid/check_ip.php
acl password external check_cpCustom options after auth
http_access allow password localnet
http_access allow password allowed_subnetsDefault block all to be sure
http_access deny allsrc
-
customizar a configuracao do squid nao é uma boa ideia, se precisar atualizar ou mudar versao, vai perder o que fez…
-
As ACL não deveriam ter nomes diferentes?
-
eu não irei atualizar squid ou pfsense, pq toda vez que atualiza da problema, a customização é necessária visto que o pacote não tem esse recurso nativo.
eu quero saber como faço pra configurar isso no squid.conf e funcionar visto que no momento não está funcionado.acl horario_livre_1 time MTWHF 11:00-13:00
http_access allow horario_livre_1acl horario_livre_1 time MTWHF 17:00-23:59
http_access allow horario_livre_1acl horario_livre_1 time MTWHF 00:00-07:30
http_access allow horario_livre_1acl horario_livre_1 time A 00:01-23:59
http_access allow horario_livre_1acl horario_livre_1 time S 00:01-23:59
http_access allow horario_livre_1todas as regras que estão no squid.conf a baixo foram feitas as modificações no arquivo squid.inc