Squid 3 ile http ve https engelleme sınırlı internet

acl whitelist dstdomain "/etc/squid3/whitelist.txt"

acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager

#internete girilmesi istenen internet url'lerin mevcut olduğu dosya
http_access allow whitelist

http_access deny all
#http_access allow all

http_port 3128 intercept

coredump_dir /var/spool/squid3

refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
refresh_pattern .               0       20%     4320

/////////////////////////////////////////////////////////
iptables kurallarını eklediğimiz dizin /etc/rc.local

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

iptables -F -t nat
iptables -F -t filter

# squid servisinin kullanicisi olan proxy'ye izin ver
iptables -t nat -A OUTPUT -m owner --uid-owner 13 -j ACCEPT

#Alttaki iki satir da calisiyor
#iptables -t nat -A OUTPUT -p tcp --dport 80 -j DNAT --to-destination 10.x.x.x:3128
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 3128

exit 0

 

This entry was posted in Genel.

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir