acl whitelist dstdomain "/etc/squid3/whitelist.txt" acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow localhost manager http_access deny manager #internete girilmesi istenen internet url'lerin mevcut olduğu dosya http_access allow whitelist http_access deny all #http_access allow all http_port 3128 intercept coredump_dir /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880 refresh_pattern . 0 20% 4320 ///////////////////////////////////////////////////////// iptables kurallarını eklediğimiz dizin /etc/rc.local
#!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. iptables -F -t nat iptables -F -t filter # squid servisinin kullanicisi olan proxy'ye izin ver iptables -t nat -A OUTPUT -m owner --uid-owner 13 -j ACCEPT #Alttaki iki satir da calisiyor #iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 10.x.x.x:3128 iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128 exit 0
1 yorum
bayramtatkan
24 Eylül 2022, 19:13 (UTC 3) Bu yoruma bağlantı
Merhaba SARG Squid Analysis Report Generator kurmak istiyorum yeterli kaynakları bulamadım kurumumuza kurmak için eğitim kaynakları yönlendirebilirmisiniz. şimdiden teşekkürler