Squid acl time não funciona



  • boa tarde

    limito toda a banda de estensões de video e audio http no squid, mas quero que nos horário a baixo ela fique ilimitdo como se destativasse a regra de delay pools. segue o meu squid.conf alguem pode me ajuda a onde eu devo colocar a regra?

    This file is automatically generated by pfSense

    Do not edit manually !

    http_port 192.168.200.254:3128
    http_port 127.0.0.1:3128 intercept
    icp_port 0
    dns_v4_first off
    pid_filename /var/run/squid.pid
    cache_effective_user proxy
    cache_effective_group proxy
    error_default_language en
    icon_directory /usr/pbi/squid-amd64/etc/squid/icons
    visible_hostname localhost
    cache_mgr admin@localhost
    access_log /var/squid/logs/access.log
    cache_log /var/squid/logs/cache.log
    cache_store_log none
    netdb_filename /var/squid/logs/netdb.state
    pinger_enable on
    pinger_program /usr/pbi/squid-amd64/libexec/squid/pinger

    logfile_rotate 0
    debug_options rotate=0
    shutdown_lifetime 3 seconds

    Allow local network(s) on interface(s)

    acl localnet src  192.168.200.0/24
    uri_whitespace strip

    Windows Update refresh_pattern

    range_offset_limit -1
    refresh_pattern -i update.microsoft.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
    refresh_pattern -i microsoft.com/.
    .(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
    refresh_pattern -i windowsupdate.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
    refresh_pattern -i windows.com/.
    .(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
    refresh_pattern -i c2r.microsoft.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
    refresh_pattern -i download.windowsupdate.com/.
    .(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
    refresh_pattern guru.avg.com/softw/90free/update/..(bin|ctf) 11520 100% 43200 reload-into-ims
    refresh_pattern update.avg.com/softw/90/update/.
    .(bin|ctf) 11520 100% 43200 reload-into-ims
    refresh_pattern http://update.avg.com/softw/90/update/.*.(bin|ctf) 11520 100% 43200 reload-into-ims

    Symantec refresh_pattern

    range_offset_limit -1
    refresh_pattern liveupdate.symantecliveupdate.com/..(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
    refresh_pattern symantecliveupdate.com/.
    .(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

    Avast refresh_pattern

    range_offset_limit -1
    refresh_pattern avast.com/.*.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims

    Avira refresh_pattern

    range_offset_limit -1
    refresh_pattern personal.avira-update.com/.*.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims

    cache_mem 2000 MB
    maximum_object_size_in_memory 50 KB
    memory_replacement_policy heap GDSF
    cache_replacement_policy heap LFUDA
    cache_dir ufs /var/squid/cache 10000 16 256
    minimum_object_size 200 KB
    maximum_object_size 200000 KB
    offline_mode off
    cache_swap_low 90
    cache_swap_high 95
    cache allow all

    Add any of your own refresh_pattern entries above these.

    refresh_pattern ^ftp:    1440  20%  10080
    refresh_pattern ^gopher:  1440  0%  1440
    refresh_pattern -i (/cgi-bin/|?) 0  0%  0
    refresh_pattern .    0  20%  4320

    No redirector configured

    #Remote proxies

    Setup some default acls

    From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.

    acl localhost src 127.0.0.1/32

    acl allsrc src all
    acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535
    acl sslports port 443 563

    From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.

    #acl manager proto cache_object

    acl purge method PURGE
    acl connect method CONNECT

    Define protocols used for redirects

    acl HTTP proto HTTP
    acl HTTPS proto HTTPS
    acl allowed_subnets src 192.168.200.0/24
    http_access allow manager localhost

    http_access deny manager
    http_access allow purge localhost
    http_access deny purge
    http_access deny !safeports
    http_access deny CONNECT !sslports

    Always allow localhost connections

    From 3.2 further configuration cleanups have been done to make things easier and safer.

    The manager, localhost, and to_localhost ACL definitions are now built-in.

    http_access allow localhost

    acl horario_livre_1 time MTWHF 11:00-13:00
    http_access allow horario_livre_1

    acl horario_livre_1 time MTWHF 17:00-23:59
    http_access allow horario_livre_1

    acl horario_livre_1 time MTWHF 00:00-07:30
    http_access allow horario_livre_1

    acl horario_livre_1 time A 00:01-23:59
    http_access allow horario_livre_1

    acl horario_livre_1 time S 00:01-23:59
    http_access allow horario_livre_1

    acl sites_1k url_regex -i "/usr/pbi/squid-amd64/etc/squid/banda/sites_1k.txt"
    acl sites_50k url_regex -i "/usr/pbi/squid-amd64/etc/squid/banda/sites_50k.txt"
    acl ips_1k src "/usr/pbi/squid-amd64/etc/squid/banda/ips_1k.txt"
    acl ips_50k src "/usr/pbi/squid-amd64/etc/squid/banda/ips_50k.txt"

    delay_pools 2

    Libera 1kb/s para os sites cadastrados no arquivo "sites_1k.txt"

    delay_class 1 2
    delay_parameters 1 -1/-1 100000/100000 100000/100000
    delay_access 1 allow sites_1k ips_1k

    Libera 50kb/s para os sites cadastrados no arquivo "sites_50k.txt"

    delay_class 2 2
    delay_parameters 2 -1/-1 50000/50000 50000/50000
    delay_access 2 allow sites_50k
    delay_access 1 allow sites_50k ips_50k

    delay_initial_bucket_level 100

    Reverse Proxy settings

    Package Integration

    url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
    url_rewrite_bypass off
    url_rewrite_children 5

    Custom options before auth

    external_acl_type check_cp children-startup=5 ttl=5 %SRC /usr/pbi/squid-amd64/libexec/squid/check_ip.php
    acl password external check_cp

    Custom options after auth

    http_access allow password localnet
    http_access allow password allowed_subnets

    Default block all to be sure

    http_access deny allsrc



  • customizar a configuracao do squid nao é uma boa ideia, se precisar atualizar ou mudar versao, vai perder o que fez…



  • As ACL não deveriam ter nomes diferentes?



  • eu não irei atualizar squid ou pfsense, pq toda vez que atualiza da problema, a customização é necessária visto que o pacote não tem esse recurso nativo.
    eu quero saber como faço pra configurar isso no squid.conf e funcionar visto que no momento não está funcionado.

    acl horario_livre_1 time MTWHF 11:00-13:00
    http_access allow horario_livre_1

    acl horario_livre_1 time MTWHF 17:00-23:59
    http_access allow horario_livre_1

    acl horario_livre_1 time MTWHF 00:00-07:30
    http_access allow horario_livre_1

    acl horario_livre_1 time A 00:01-23:59
    http_access allow horario_livre_1

    acl horario_livre_1 time S 00:01-23:59
    http_access allow horario_livre_1

    todas as regras que estão no squid.conf a baixo foram feitas as modificações no arquivo squid.inc