Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squid acl time não funciona

    Scheduled Pinned Locked Moved Portuguese
    4 Posts 3 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      pfirewa
      last edited by

      boa tarde

      limito toda a banda de estensões de video e audio http no squid, mas quero que nos horário a baixo ela fique ilimitdo como se destativasse a regra de delay pools. segue o meu squid.conf alguem pode me ajuda a onde eu devo colocar a regra?

      This file is automatically generated by pfSense

      Do not edit manually !

      http_port 192.168.200.254:3128
      http_port 127.0.0.1:3128 intercept
      icp_port 0
      dns_v4_first off
      pid_filename /var/run/squid.pid
      cache_effective_user proxy
      cache_effective_group proxy
      error_default_language en
      icon_directory /usr/pbi/squid-amd64/etc/squid/icons
      visible_hostname localhost
      cache_mgr admin@localhost
      access_log /var/squid/logs/access.log
      cache_log /var/squid/logs/cache.log
      cache_store_log none
      netdb_filename /var/squid/logs/netdb.state
      pinger_enable on
      pinger_program /usr/pbi/squid-amd64/libexec/squid/pinger

      logfile_rotate 0
      debug_options rotate=0
      shutdown_lifetime 3 seconds

      Allow local network(s) on interface(s)

      acl localnet src  192.168.200.0/24
      uri_whitespace strip

      Windows Update refresh_pattern

      range_offset_limit -1
      refresh_pattern -i update.microsoft.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
      refresh_pattern -i microsoft.com/.      .(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
      refresh_pattern -i windowsupdate.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
      refresh_pattern -i windows.com/.      .(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
      refresh_pattern -i c2r.microsoft.com/..(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
      refresh_pattern -i download.windowsupdate.com/.      .(cab|exe|ms[i|u|f]|asf|wm[v|a]|dat|zip|dsft|psf|appxi|esdi) 4320 100% 432000 reload-into-ims
      refresh_pattern guru.avg.com/softw/90free/update/..(bin|ctf) 11520 100% 43200 reload-into-ims
      refresh_pattern update.avg.com/softw/90/update/.      .(bin|ctf) 11520 100% 43200 reload-into-ims
      refresh_pattern http://update.avg.com/softw/90/update/.*.(bin|ctf) 11520 100% 43200 reload-into-ims

      Symantec refresh_pattern

      range_offset_limit -1
      refresh_pattern liveupdate.symantecliveupdate.com/..(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims
      refresh_pattern symantecliveupdate.com/.      .(cab|exe|dll|msi) 10080 100% 43200 reload-into-ims

      Avast refresh_pattern

      range_offset_limit -1
      refresh_pattern avast.com/.*.(vpu|cab|stamp|exe) 10080 100% 43200 reload-into-ims

      Avira refresh_pattern

      range_offset_limit -1
      refresh_pattern personal.avira-update.com/.*.(cab|exe|dll|msi|gz) 10080 100% 43200 reload-into-ims

      cache_mem 2000 MB
      maximum_object_size_in_memory 50 KB
      memory_replacement_policy heap GDSF
      cache_replacement_policy heap LFUDA
      cache_dir ufs /var/squid/cache 10000 16 256
      minimum_object_size 200 KB
      maximum_object_size 200000 KB
      offline_mode off
      cache_swap_low 90
      cache_swap_high 95
      cache allow all

      Add any of your own refresh_pattern entries above these.

      refresh_pattern ^ftp:    1440  20%  10080
      refresh_pattern ^gopher:  1440  0%  1440
      refresh_pattern -i (/cgi-bin/|?) 0  0%  0
      refresh_pattern .    0  20%  4320

      No redirector configured

      #Remote proxies

      Setup some default acls

      From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.

      acl localhost src 127.0.0.1/32

      acl allsrc src all
      acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 3127 1025-65535
      acl sslports port 443 563

      From 3.2 further configuration cleanups have been done to make things easier and safer. The manager, localhost, and to_localhost ACL definitions are now built-in.

      #acl manager proto cache_object

      acl purge method PURGE
      acl connect method CONNECT

      Define protocols used for redirects

      acl HTTP proto HTTP
      acl HTTPS proto HTTPS
      acl allowed_subnets src 192.168.200.0/24
      http_access allow manager localhost

      http_access deny manager
      http_access allow purge localhost
      http_access deny purge
      http_access deny !safeports
      http_access deny CONNECT !sslports

      Always allow localhost connections

      From 3.2 further configuration cleanups have been done to make things easier and safer.

      The manager, localhost, and to_localhost ACL definitions are now built-in.

      http_access allow localhost

      acl horario_livre_1 time MTWHF 11:00-13:00
      http_access allow horario_livre_1

      acl horario_livre_1 time MTWHF 17:00-23:59
      http_access allow horario_livre_1

      acl horario_livre_1 time MTWHF 00:00-07:30
      http_access allow horario_livre_1

      acl horario_livre_1 time A 00:01-23:59
      http_access allow horario_livre_1

      acl horario_livre_1 time S 00:01-23:59
      http_access allow horario_livre_1

      acl sites_1k url_regex -i "/usr/pbi/squid-amd64/etc/squid/banda/sites_1k.txt"
      acl sites_50k url_regex -i "/usr/pbi/squid-amd64/etc/squid/banda/sites_50k.txt"
      acl ips_1k src "/usr/pbi/squid-amd64/etc/squid/banda/ips_1k.txt"
      acl ips_50k src "/usr/pbi/squid-amd64/etc/squid/banda/ips_50k.txt"

      delay_pools 2

      Libera 1kb/s para os sites cadastrados no arquivo "sites_1k.txt"

      delay_class 1 2
      delay_parameters 1 -1/-1 100000/100000 100000/100000
      delay_access 1 allow sites_1k ips_1k

      Libera 50kb/s para os sites cadastrados no arquivo "sites_50k.txt"

      delay_class 2 2
      delay_parameters 2 -1/-1 50000/50000 50000/50000
      delay_access 2 allow sites_50k
      delay_access 1 allow sites_50k ips_50k

      delay_initial_bucket_level 100

      Reverse Proxy settings

      Package Integration

      url_rewrite_program /usr/pbi/squidguard-squid3-amd64/bin/squidGuard -c /usr/pbi/squidguard-squid3-amd64/etc/squidGuard/squidGuard.conf
      url_rewrite_bypass off
      url_rewrite_children 5

      Custom options before auth

      external_acl_type check_cp children-startup=5 ttl=5 %SRC /usr/pbi/squid-amd64/libexec/squid/check_ip.php
      acl password external check_cp

      Custom options after auth

      http_access allow password localnet
      http_access allow password allowed_subnets

      Default block all to be sure

      http_access deny allsrc

      1 Reply Last reply Reply Quote 0
      • L Offline
        lucaspolli
        last edited by

        customizar a configuracao do squid nao é uma boa ideia, se precisar atualizar ou mudar versao, vai perder o que fez…

        1 Reply Last reply Reply Quote 0
        • E Offline
          emilioeiji
          last edited by

          As ACL não deveriam ter nomes diferentes?

          1 Reply Last reply Reply Quote 0
          • P Offline
            pfirewa
            last edited by

            eu não irei atualizar squid ou pfsense, pq toda vez que atualiza da problema, a customização é necessária visto que o pacote não tem esse recurso nativo.
            eu quero saber como faço pra configurar isso no squid.conf e funcionar visto que no momento não está funcionado.

            acl horario_livre_1 time MTWHF 11:00-13:00
            http_access allow horario_livre_1

            acl horario_livre_1 time MTWHF 17:00-23:59
            http_access allow horario_livre_1

            acl horario_livre_1 time MTWHF 00:00-07:30
            http_access allow horario_livre_1

            acl horario_livre_1 time A 00:01-23:59
            http_access allow horario_livre_1

            acl horario_livre_1 time S 00:01-23:59
            http_access allow horario_livre_1

            todas as regras que estão no squid.conf a baixo foram feitas as modificações no arquivo squid.inc

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.