Вход на сайт
Яндекс.Метрика

Рейтинг@Mail.ru

Squid с авторизацией по учетным записям в Samba

Squid с авторизацией по учетным записям в Samba

Приведу сразу пример (описание похожего конфига squid можно посмотреть тут Squid с авторизацией в AD

#################################

### Configurations

#################################

http_port 3128 transparent

cache_effective_group squid

cache_effective_user squid

client_netmask 255.255.255.255

visible_hostname eurogate

emulate_httpd_log off

logfile_rotate 31

#logformat common %>a %ul [%tl] "%rm %ru HTTP/%rv" %Hs %

#logformat common %>a %>A %un [%tl] "%rm %ru" %

access_log /var/squid/logs/access.log squid

#url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/etc/squid/squidGuard.conf

#url_rewrite_children 40

#redirector_bypass on

################################

### Authorisation

################################

auth_param ntlm program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp

auth_param ntlm children 5

auth_param basic program /usr/local/bin/ntlm_auth --helper-protocol=squid-2.5-basic

auth_param basic children 10

 

#auth_param basic program /usr/local/libexec/squid/squid_ldap_auth -v 3 -b "dc=mm,dc=local" -f "(&(uid=%s)(objectClass=sambaSamAccount))" -h newdomain.moduli.local

#auth_param basic realm Squid proxy-caching web server

##############################

### Users

##############################

#acl all src 0.0.0.0/0.0.0.0

#acl Servers src 192.168.30.1-192.168.30.40

##acl Admins src 192.168.30.101-192.168.30.130

#acl DHCP src 192.168.30.131-192.168.31.207

#acl VPN src 192.168.31.208-192.168.31.222

#acl LocalNet src 192.168.30.0/23

#acl localhost src 127.0.0.1/255.255.255.255

 

#acl SW proxy_auth REQUIRED

#acl SW proxy_auth serega

 

#acl GRP0 proxy_auth "/usr/local/etc/squid/GROUPS/0.grp"

acl GRP1 proxy_auth "/usr/local/etc/squid/GROUPS/1.grp"

#acl GRP2 proxy_auth "/usr/local/etc/squid/GROUPS/2.grp"

#acl GRP3 proxy_auth "/usr/local/etc/squid/GROUPS/3.grp"

#acl FORUM proxy_auth "/usr/local/etc/squid/GROUPS/forum.grp"

#acl OK proxy_auth "/usr/local/etc/squid/GROUPS/ok.grp"

 

#acl KAL proxy_auth MEDIAMARKET@skalinin

#acl SEREGA proxy_auth SW\\luzer

 

#acl myusers proxy_auth REQUIRED

#acl KULE proxy_auth MEDIAMARKET@skuleshov

#acl BASA proxy_auth MEDIAMARKET@basa

###############################

### Resources

###############################

#acl FUNNY dstdomain "/usr/local/etc/squid/funny"

#acl MANAGER dstdomain "/usr/local/etc/squid/manager"

#acl MANAGER1 url_regex "/usr/local/etc/squid/manager1"

#acl SPORT url_regex "/usr/local/etc/squid/futbol"

#acl LPOFL dstdomain "/usr/local/etc/squid/LPOFL"

#acl SOP dstdomain "/usr/local/etc/squid/sitesofpartner"

#acl JOB dstdomain "/usr/local/etc/squid/oksites"

 

#acl PORN dstdom_regex -i porn sex porevo trah pelotka pilotka pastushka xxx eblya pizda prostitut upyachka

#acl BOR dstdomain .mail.ru

#acl media urlpath_regex -i \.cab.*$ \.iso.*$ \.flv.*$ \.vob.*$ \.zip.*$ \.tgz.*$ \.gz.*$ \.exe.*$ \.mp3.*$ \.asf.*$ \.wma.*$ \.avi.*$ \.mpg.*$ \.mpeg.*$ \.mpe.*$

###############################

### Rules

 

###############################

#http_access allow ldapauth !JOB

#http_access allow BASA all

#http_access allow KAL SPORT

 

#http_access deny GRP0 PORN

#http_access allow SW

#http_access deny GRP1 media

#http_access deny GRP1 PORN

#http_access deny GRP1 FUNNY

http_access allow GRP1

 

#http_access allow SEREGA

#http_access allow SW

#http_access allow all

 

#http_access deny BORUN BOR

#http_access deny GRP2 media

#http_access allow GRP2 MANAGER1

#http_access allow GRP2 MANAGER

#http_access allow GRP2 SOP

 

#http_access deny GRP3 media

 

#http_access allow GRP3 LPOFL

#http_access allow GRP3 SOP

 

#http_access allow OK JOB

 

#http_access deny FORUM PORN

#http_access deny FORUM media

#http_access allow FORUM

 

#http_access deny KULE !LPOFL

 

http_access deny all

 

unix-way