Todas as mensagens (efcunha)


(1) 2 3 4 5 »


Re: MOD_JK problema
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Verifiquei que este servidor web utiliza da opção de mod_rewrite

[[email protected] web]# cat .htaccess
Options +FollowSymLinks +ExecCGI

<IfModule mod_rewrite.c>
RewriteEngine On

# uncomment the following line, if you are having trouble
# getting no_script_name to work
#RewriteBase /

# we skip all files with .something
RewriteCond %{REQUEST_URI} \..+$
RewriteCond %{REQUEST_URI} !\.html$
RewriteRule .* - [L]

# we check if the .html version is here (caching)
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f

# no, so we redirect to our front web controller
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>

Acho que pode estar aqui o problema, existe alguma forma do mod_jk ignorar o mod_rewrite, ou como faço para configurar o mod_jk com mod_rewrite ?

Enviado em: 25/4/2012 16:02
Transferir mensagem para outros aplicativos Transferir


MOD_JK problema
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Centos 5.8
Mod_JK 1.2.30
Server version: Apache/2.2.3
Server built: Feb 23 2012 21:16:56

Estou com o sequinte problema, configurei o mod_jk no apache para fazer requisição no jboss, só que verificando o log verifiquei que o apache não esta sabendo o que fazer com as requisições.

Ex: [debug] jk_translate::mod_jk.c (3425): missing uri map for www.xxx.com.br:/web-console/

Eu tenho meu apache configurado com Virtual host, que ficam todos dentro do conf.d, o meu mod_jk.conf :

[[email protected] conf.d]# cat mod-jk.conf
LoadModule jk_module modules/mod_jk.so

JkWorkersFile conf/workers.properties

JkLogFile logs/mod_jk.log

JkLogLevel debug

JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"

# For mod_rewrite compatibility, use +ForwardURIProxy (default since 1.2.24)
JkOptions +ForwardKeySize +ForwardURICompatUnparsed -ForwardDirectories

JkRequestLogFormat "%w %V %T"

JkMountCopy On

#JkMountFile conf/uriworkermap.properties

# Send servlet for context / jsp-examples to worker named worker1
JkMount /web-console node1

# Send JSPs for context /jsp-examples/* to worker named worker1
JkMount /web-console/* node1

JkShmFile run/jk.shm

<Location /jkstatus>
JkMount status
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Location>

quando digito www.xxx.com.br/web-console ele me da a sequinte mensagem no navegador:
No connection information in your runtime configuration file for datasource [pug]

e no log do mod_jk

[Tue Apr 24 11:06:00 2012][10758:47865685033824] [debug] jk_translate::mod_jk.c (3425): missing uri map for www.xxx.com.br:/web-console/
[Tue Apr 24 11:06:00 2012][10758:47865685033824] [debug] jk_map_to_storage::mod_jk.c (3585): missing uri map for www.xxx.com.br:/web-console/


Se Alguem puder me auxiliar agradeço.

Enviado em: 24/4/2012 12:14
Transferir mensagem para outros aplicativos Transferir


Re: Duvidas Sobre DNS
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Então vamos lá vamos ver se é isto que entendi, o meu dominio reverso é o lnxmail.xxx.xxx.xxx.br, meu email é o [email protected], no cname conforme vc explicou seria desta forma.

compras IN CNAME xxx.xxx.xxx.br.
vendas IN CNAME xxx.xxx.xxx.br.

ou seria desta forma

compras IN CNAME lnxmail.xxx.xxx.xxx.br.
vendas IN CNAME lnxmail.xxx.xxx.xxx.br.

No MX seria desta forma ?

IN MX 10 lnxmail.xxx.xxx.xxx.br.
IN MX 10 compras.xxx.xxx.xxx.br.
IN MX 10 vendas.xxx.xxx.xxx.br.

DNS da um nó na minha cabeça.

Sobre o email sei como fazer mais o problema é que o DNS não funcionar as mensagens não voltam porque não consegue resolver o reverso e nem o host.

[email protected]

[email protected]


Enviado em: 15/3/2012 8:34
Transferir mensagem para outros aplicativos Transferir


Duvidas Sobre DNS
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Preciso criar subdominios no DNS:

Exemplo:

compras.xxx.xxx.xxx.br.
vendas.xxx.xxx.xxx.br.

para que eu possa criar email para este sub dominios:

Exemplo:

[email protected]
[email protected]

Como eu faria esta configuração no DNS, me desculpe mais tenho muita dificuldade com DNS.


[[email protected] conf]# cat xxx.xxx.xxx.dns
$TTL 86400
@ IN SOA fw.xxx.xxx.xxx.br. administrator. (
2011091959 ; Serial
3600 ; Refresh
1800 ; Retry
604800 ; Expire
3600 ) ; Minimum

@ NS fw.xxx.xxx.xxx.br.
@ NS joaodebarro.xxx.xxx.br.
IN MX 5 lnxmail.xxx.xxx.xxx.br.
IN TXT "v=spf1 111.0.111.10 mx"


fw A 111.0.111.4
lnxmail A 111.0.111.10
joaodebarro A 111.0.111.7


[[email protected] conf]# cat 0-31.111.0.111.in-addr.arpa.dns
;
; Database file 0-31.111.0.111.in-addr.arpa.dns for 0-31.111.0.111.in-addr.arpa zone.
;
$TTL 3h
$ORIGIN .
0-31.111.0.111.in-addr.arpa IN SOA fw.xxx.xxx.xxx.br. [email protected]. (
2011091959
3h
1h
1w
1h )

IN NS fw.xxx.xxx.xxx.br.
IN NS joaodebarro.xxx.xxx.br.

$ORIGIN 0-31.111.0.111.in-addr.arpa.
10 IN PTR lnxmail.xxx.xxx.xxx.br.


Enviado em: 14/3/2012 22:26
Transferir mensagem para outros aplicativos Transferir


Error autenticação Kerberos + apache
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
[[email protected] web]# cat /etc/krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
default_realm = TESTE.COM.BR
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
#default_tgs_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
#default_tkt_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
#preferred_enctypes = RC4-HMAC DES-CBC-MD5 DES-CBC-CRC
default_keytab_name = FILE:/etc/krb5.keytab

[realms]
TESTE.COM.BR = {
kdc = SRVAD01.TESTE.COM.BR
admin_server = SRVAD01.TESTE.COM.BR
default_domain = TESTE.COM.BR}
auth_to_local = RULE:[1:$0\$1](^TESTE\.COM\.BR\\.*)s/^TESTE\.COM\.BR/TESTE/
auth_to_local = DEFAULT
}

[domain_realm]
.TESTE.COM.BR = TESTE.COM.BR
TESTE.COM.BR = TESTE.COM.BR

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
mappings = TCEMT\\(.*) [email protected]
validate = true
}
httpd = {
mappings = TCEMT\\(.*) [email protected]
reverse_mappings = (.*)@TESTE\.COM\.BR TESTE\$1
}

[[email protected] web]# cat /etc/samba/smb.conf
[global]
workgroup = TESTE
netbios name = zend01
realm = TESTE.COM.BR
password server = 11.1.1.1
server string = Servidor Web
security = ADS
template homedir = /home/%U
allow trusted domains = No
template shell = /bin/bash
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
template homedir = /home/%D/%U
winbind uid = 10000-20000
winbind gid = 10000-20000
winbind separator = \\
winbind use default domain = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
domain master = no
local master = no
preferred master = no
os level = 0

#[deploy]
# path = /app/default/deploy
# read only = No
# writable = yes

[[email protected] conf.d]# cat auth_kerb.conf
#
# The mod_auth_kerb module implements Kerberos authentication over
# HTTP, following the "Negotiate" protocol.
#

LoadModule auth_kerb_module modules/mod_auth_kerb.so

#
# Sample configuration: Kerberos authentication must only be
# used over SSL to prevent replay attacks. The keytab file
# configured must be readable only by the "apache" user, and
# must contain service keys for "HTTP/www.example.com", where
# "www.example.com" is the FQDN of this server.
#

<Location /private>
# SSLRequireSSL
AuthName "Login Web Server TCE-MT"
AuthType Kerberos
Krb5KeyTab /etc/httpd/conf/keytab
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbSaveCredentials Off
KrbVerifyKDC Off
KrbAuthRealms TCEMT.GOV.BR
KrbServiceName HTTP/zend01.teste.com.br
require valid-user
</Location>

[[email protected] conf.d]# klist -k
Keytab name: FILE:/etc/krb5.keytab
KVNO Principal
---- --------------------------------------------------------------------------
3 HTTP/[email protected]
3 HTTP/[email protected]
3 HTTP/[email protected]
3 HTTP/[email protected]
3 HTTP/[email protected]
3 HTTP/[email protected]


link que esta dando erro

webadmin.teste.com.br
sistemas.teste.com.br

Este erro aparece no log de erro do http, no firefox autentica normal no IE e no Chrome não vai fica dando este erro abaixo.

[error] [client 10.69.24.135] gss_acquire_cred() failed: Unspecified GSS failure. Minor code may provide more information (Permission denied)


Pacotes instalados

krb5-libs-1.6.1-62.el5
krb5-workstation-1.6.1-62.el5
pam_krb5-2.2.14-21.el5
krb5-devel-1.6.1-62.el5
krb5-libs-1.6.1-62.el5

samba-3.0.33-3.29.el5_7.4

httpd-2.2.3-53.el5_7.3

Enviado em: 13/12/2011 18:11
Transferir mensagem para outros aplicativos Transferir


Squid + Hotmail com problema
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Bom dia grupo,

Estou tendo um problema com o hotmail, os usuarios não estão conseguindo abrir os email recebido no hotmail, a pessoa autentica abre o hotmail, mais guando ela seleciona a mensagem não acontece nada, fica como se as opções de selecionar e dar duplo click para abrir a mensagem não funcione, estou postando minhas configuração do squid para se alguem do grupo ja ter passado por este problema me ajudar :

Centos 5.6 64Bits

Squid Cache: Version 2.7.STABLE9
configure options: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/usr/com' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--exec_prefix=/usr' '--bindir=/usr/sbin' '--libexecdir=/usr/lib64/squid' '--localstatedir=/var' '--datadir=/usr/share' '--sysconfdir=/etc/squid' '--enable-epoll' '--enable-snmp' '--enable-removal-policies=heap,lru' '--enable-storeio=aufs,coss,diskd,null,ufs' '--enable-ssl' '--with-openssl=/usr/kerberos' '--enable-delay-pools' '--enable-linux-netfilter' '--with-pthreads' '--enable-ntlm-auth-helpers=SMB,fakeauth' '--enable-external-acl-helpers=ip_user,ldap_group,unix_group,wbinfo_group' '--enable-auth=basic,digest,ntlm,negotiate' '--enable-digest-auth-helpers=password' '--enable-useragent-log' '--enable-referer-log' '--disable-dependency-tracking' '--enable-cachemgr-hostname=localhost' '--enable-basic-auth-helpers=LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL' '--enable-negotiate-auth-helpers=squid_kerb_auth' '--enable-cache-digests' '--enable-ident-lookups' '--enable-follow-x-forwarded-for' '--enable-wccpv2' '--with-maxfd=16384' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS=-fPIE -Os -g -pipe -fsigned-char -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'LDFLAGS=-pie'

SquidGuard: 1.4 Sleepycat Software: Berkeley DB 4.3.29: (July 12, 2010)

SQUID.CONF

# Ldap
auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b "dc=XXX,dc=XXX,dc=XX" -D "CN=squid,OU=Rede,DC=XXXX,DC=XXX,DC=XX" -w "XXXXXX" -f sAMAccountName=%s -h 11.1.1.1
auth_param basic children 5
auth_param basic realm WebProxy - Autenticacao de usuarios.
auth_param basic credentialsttl 20 minutes
acl AuthorizedUsers proxy_auth REQUIRED

# LISTA DE CONTROLOES DE ACESSO BASICO PREDEFINIDOS
# PARA QUE O SQUID SE COMPORTE DE FORMA SEGURA
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 11.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl SSL_ports port 443 # Https
acl SSL_ports port 563 # snews
acl SSL_ports port 1863 # MSN
acl SSL_ports port 873 # rsync
acl SSL_ports port 8443 # Fiplan
acl Safe_ports port 2631 # Conectividade Social
acl Safe_ports port 8080 # JBoss
acl Safe_ports port 80 # http
acl Safe_ports port 1863 # MSN
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 7003 # vivo
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8443 # Fiplan
acl purge method PURGE

acl CONNECT method CONNECT

# ACESSO DIRETO PARA O DOMINIO INTERNO
acl DOMINIO_INTERNO dstdomain "/etc/squid/sites_internos"
no_cache deny DOMINIO_INTERNO
always_direct allow DOMINIO_INTERNO
http_access allow DOMINIO_INTERNO all

# Sites Liberados .gov.br / .jus.br
acl sites_liberados dstdomain "/etc/squid/sites_liberados"
http_access allow sites_liberados

#libera conectividade social
acl conectividade dst "/etc/squid/conectividade"
acl conectividade1 dstdomain "/etc/squid/conectividade1"
no_cache deny conectividade
no_cache deny conectividade1
always_direct allow conectividade
always_direct allow conectividade1
http_access allow conectividade all
http_access allow conectividade1 all

#Acessos
#Acessos dos usuarios autenticados.
http_access allow AuthorizedUsers

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access deny all

icp_access allow localnet
icp_access deny all

http_port 11.1.1.65:3128

# Disabling icp
icp_port 0

# scanning through HAVP
#cache_peer localhost parent 8181 0 no-query no-digest no-netdb-exchange default

# Somente trafego http pode ser scaneado
#acl Scan_http proto HTTP
#never_direct allow Scan_http

# Memory usage values
cache_mem 804 MB

maximum_object_size_in_memory 4096 KB

#maximum_object_size 102400 KB
minimum_object_size 0 KB
maximum_object_size 1 GB

# opcoes de cache
cache_replacement_policy heap LFUDA
memory_replacement_policy lru

# store on disk
cache_dir diskd /cache0/squid 50000 64 256 Q1=64 Q2=72
cache_dir diskd /cache1/squid 50000 64 256 Q1=64 Q2=72
cache_dir diskd /cache2/squid 50000 64 256 Q1=64 Q2=72
cache_dir diskd /cache3/squid 50000 64 256 Q1=64 Q2=72

# no store log
#cache_access_log none
cache_store_log none

# Passive FTP off
#ftp_passive off

# no X-Forwarded-For header
forwarded_for off

# no logfile entry stripping
strip_query_terms off

# Speed, speed, speed
pipeline_prefetch on
half_closed_clients off
shutdown_lifetime 1 second

hosts_file /etc/hosts

# COMUNICAO ENTRE SERVIDORES PROXY EM MODO HIERARQUICO
hierarchy_stoplist cgi-bin ?

access_log /var/log/squid/access.log squid

#Suggested default:
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern (cgi-bin|\?) 0 0% 0
refresh_pattern . 0 40% 4320

refresh_pattern -i \.(png|css|js|flv|x-flv)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(gif|jpg|jpeg|ico)$ 10080 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf)$ 43200 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 432000 override-expire ignore-no-cache ignore-private
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm)$ 1440 40% 40320

refresh_pattern windowsupdate.com/.*\.(cab|exe)$ 43200 100% 43200
refresh_pattern download.microsoft.com/.*\.(cab|exe)$ 43200 100% 43200

acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
upgrade_http0.9 deny shoutcast

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

coredump_dir /var/spool/squid

visible_hostname cache.tcemt.gov.br

# Direct through squidGuard
redirect_program /usr/bin/squidGuard -c /etc/squid/squidguard.conf
redirect_children 10
redirector_bypass on

Enviado em: 28/6/2011 9:45
Transferir mensagem para outros aplicativos Transferir


Re: Firefox solicitando 2 autenticação do squid ?
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Coloquei o que vc recomendou mais nãode certo não este é o meu squid.conf talves tenha algo na configuração dele que não estou conseguindo ver que solicita duas autenticação no firefox.

#
# Autenticando no Active Directory
#

# Ldap
auth_param basic program /usr/lib64/squid/squid_ldap_auth -R -b "dc=XXXXX,dc=XX,dc=XX" -D "CN=XXX,OU=XXX,OU=XXXXXX,OU=XXXX,OU=XXXX,OU=XXX,DC=XXX,DC=XX,DC=XX" -w "A3D4G5Hb" -f sAMAccountName=%s -h 11.1.1.1
auth_param basic children 5
auth_param basic realm XXXXX WebProxy - Autenticacao de usuarios.
auth_param basic credentialsttl 20 minutes
acl AuthorizedUsers proxy_auth REQUIRED

# PARAMETRO PARA CONSULTAR GRUPOS E USUARIOS NO AD-2008-R2 ATRAVES DO WINBIND . NECESSARIO ESTAR CONFIGURADO O WINBIND PARA CONSULTA.
external_acl_type GROUP ttl=3600 children=8 %LOGIN /usr/lib64/squid/wbinfo_group.pl

# LISTA DE CONTROLOES DE ACESSO BASICO PREDEFINIDOS
# PARA QUE O SQUID SE COMPORTE DE FORMA SEGURA
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
acl SSL_ports port 443
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 1863 # MSN
acl SSL_ports port 873 # rsync
acl SSL_ports port 8443 # Fiplan
acl Safe_ports port 2631 # Conectividade Social
acl Safe_ports port 8080 # JBoss
acl Safe_ports port 80 # http
acl Safe_ports port 1863 # MSN
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 7003 #vivo
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 8443 #Fiplan
acl purge method PURGE

acl CONNECT method CONNECT

acl predio src 10.69.0.0/16
acl wirelless src 10.0.6.0/24
acl vlan01 src 11.0.71.0/24
acl vlan02 src 11.0.72.0/24
acl vlan03 src 11.0.73.0/24
acl servidores src 11.1.1.0/24

# Sites Liberados .gov.br / .jus.br
acl sites_liberados dstdomain "/etc/squid/sites_liberados"
http_access allow sites_liberados

#libera conectividade social
acl conectividade dst "/etc/squid/conectividade"
acl conectividade1 dstdomain "/etc/squid/conectividade1"
no_cache deny conectividade
no_cache deny conectividade1
always_direct allow conectividade
always_direct allow conectividade1
http_access allow conectividade all
http_access allow conectividade1 all

#Acessos
#Acessos dos usuarios autenticados.
http_access allow AuthorizedUsers

# Default
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny purge

http_access allow predio
http_access allow wirelless
http_access allow vlan01
http_access allow vlan02
http_access allow vlan03
http_access allow servidores

http_access deny all

icp_access allow all

icp_access allow all

http_port 3128

# Disabling icp
icp_port 0

# scanning through HAVP
cache_peer localhost parent 8181 0 no-query no-digest no-netdb-exchange default

# Memory usage values
cache_mem 64 MB
maximum_object_size 65536 KB
memory_pools off

# 4 GB store on disk
#cache_dir aufs /var/cache/squid 4096 16 256
cache_dir diskd /cache/squid 229376 20 0124

# no store log
cache_store_log none

# Passive FTP off
ftp_passive off

# no X-Forwarded-For header
forwarded_for off

# no logfile entry stripping
strip_query_terms off

# Speed, speed, speed
pipeline_prefetch on
half_closed_clients off
shutdown_lifetime 1 second

# COMUNICAÃO ENTRE SERVIDORES PROXY EM MODO HIERARQUICO
hierarchy_stoplist cgi-bin ?

# CORRIGE HEADER HTTP DE SERVIDORES APACHE
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

access_log /cache/squid/access.log squid
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

hosts_file /etc/hosts

# Controle de Banda pelo Squid
acl day time MTWHF 08:00-17:00

# Extensao com limite de 64k
acl download_150k url_regex -i .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpeg4 .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .iso .pdf .odt .doc .xml
acl download_expediente url_regex -i .exe .mp3 .vqf .tar.gz .gz .rpm .zip .rar .avi .mpeg .mpeg4 .mpeg .mpe .mpg .qt .ram .rm .iso .raw .wav .mov .iso .pdf .odt .doc .xml

delay_pools 4

# Downloads Tabajara
acl ips_download_150k src "/etc/squid/ips_download_150k"
delay_class 1 1
delay_access 1 allow ips_download_150k
delay_parameters 1 150000/150000
delay_access 2 allow day !download_150k
delay_access 2 deny !day
delay_access 2 allow !download_150k

# Acesso a Intenet em horario comercial
delay_class 2 1
delay_parameters 2 32000/32000
delay_access 2 allow day !download_expediente
delay_access 2 deny !day
delay_access 2 allow !download_expediente

# Downloads em horario de expediente
delay_class 3 1
delay_parameters 2 32000/32000
delay_access 3 allow day download_expediente
delay_access 3 deny !day
delay_access 3 allow download_expediente

# Acesso a Internet fora do horario comercial
delay_class 4 1
delay_parameters 3 -1/-1
delay_access 4 allow !day
delay_access 4 deny day
delay_access 4 allow all

# And now: define caching parameters
refresh_pattern ^ftp: 20160 50% 43200
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
refresh_pattern -i \.(gif|png|jpg|jpeg|ico)$ 10080 90% 43200
refresh_pattern -i \.(iso|avi|wav|mp3|mp4|mpeg|swf|flv|x-flv)$ 43200 90% 432000
refresh_pattern -i \.(deb|rpm|exe|zip|tar|tgz|ram|rar|bin|ppt|doc|tiff)$ 10080 90% 43200
refresh_pattern -i \.index.(html|htm)$ 0 40% 10080
refresh_pattern -i \.(html|htm|css|js)$ 1440 40% 40320
refresh_pattern windowsupdate.com/.*\.(cab|exe)$ 43200 100% 43200
refresh_pattern download.microsoft.com/.*\.(cab|exe)$ 43200 100% 43200
refresh_pattern -i \.(cgi|asp|php|fcgi)$ 0 20% 60
refresh_pattern . 20160 50% 43200

acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

coredump_dir /var/spool/squid

visible_hostname cache.xxxx.xxx.xx

# Direct through squidGuard
redirect_program /usr/bin/squidGuard -c /etc/squid/squidguard.conf
url_rewrite_children 10


Enviado em: 4/4/2011 8:42
Transferir mensagem para outros aplicativos Transferir


Firefox solicitando 2 autenticação do squid ?
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Bom dia,

Tenho um servidor de squid com autenticação LDAP no active directory, só que no Firefox ele pede duas vezes a autenticação do usuario, no IE e no Chrome ele só pede uma vez.

Utilizo o Squid Cache: Version 2.6.STABLE21 em um centos 5.5 64Bits.

Enviado em: 30/3/2011 9:02
Transferir mensagem para outros aplicativos Transferir


Re: Como Configurar SquidGuard+LDAP ?
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Consegui resolver este problema tive que compilar o squidguard a partir dos fontes ai funcionou de primeira.

Enviado em: 30/3/2011 8:57
Transferir mensagem para outros aplicativos Transferir


Como Configurar SquidGuard+LDAP ?
Quite a regular
Cadastrado em:
6/10/2007 9:45
Grupo:
Registered Users
Mensagens: 43
Offline
Bom dia,

Estou com o sequinte problema tenho meu squid autenticando no Active Directory atraves do LDAP, preciso configurar o SquidGuard para que ele utiliza os grupos criado no Active Directory para filtrar os niveis de acesso.

Ex grupos criados no AD:

AcessoNormal
AcessoRestrito
AcessoExclusivo
AcessoTotal

Arvore Active Directory

DC=XXXX,DC=XXX,DC=XX
--> OU=AAA-AA
---->OU=SETORES
--->OU=Internet
--->CN=AcessoNormal
--->CN=AcessoRestrito
--->CN=AcessoExclusivo
--->CN=AcessoTotal

Minha pesquisa de ldap teria que ser dessa forma:

OU=Internet,OU=SETORES,OU=AAA-AA,DC=XXXX,DC=XXX,DC=XX

Dentro da OU=Internet tenhos os Grupos Acima:

CN=AcessoNormal
CN=AcessoRestrito
CN=AcessoExclusivo
CN=AcessoTotal

Onde sera colocados os usuarios, ja fiz varios exemplos de configuração do squiguard.conf mais todos me retornam erro :

Ex: squidguard.conf

### This config-file is part of the squidguard-blacklists RPM package.
### More information about this package at:
### http://dag.wieers.com/home-made/squidguard/

### Path configuration
dbhome /var/lib/squidguard
logdir /var/log/squidguard

### Grupos Ldap

src Exclusivo {
ldapusersearch ldap://11.1.1.1/OU=Internet,OU=SETORES,OU=TCE-MT,DC=tcemt,DC=gov,DC=br?sAMAccountName?sub?(&(objectclass=person)(memberOf=CN=AcessoExclusivo,OU=Internet,OU=SETORES,OU=TCE-MT,DC=tcemt,DC=gov,DC=br)(sAMAccountName=%s))
}

### Generated blacklist definitions
### Group 'ads' containing entries for 'ads, publicite'
dest ads {
logfile ads.log

domainlist dest/ads/domains
urllist dest/ads/urls
expressionlist dest/ads/expressions
}

### Group 'adult' containing entries for 'adult, porn'
dest adult {
logfile adult.log

domainlist dest/adult/domains
urllist dest/adult/urls
expressionlist dest/adult/expressions
}

### Group 'aggressive' containing entries for 'aggressive, agressif'
dest aggressive {
logfile aggressive.log

domainlist dest/aggressive/domains
urllist dest/aggressive/urls
expressionlist dest/aggressive/expressions
}

### Group 'audio-video' containing entries for 'audio-video'
dest audio-video {
logfile audio-video.log

domainlist dest/audio-video/domains
urllist dest/audio-video/urls
expressionlist dest/audio-video/expressions
}

### Group 'drugs' containing entries for 'drugs, drogue'
dest drugs {
logfile drugs.log

domainlist dest/drugs/domains
urllist dest/drugs/urls
expressionlist dest/drugs/expressions
}

### Group 'forums' containing entries for 'forums'
dest forums {
logfile forums.log

domainlist dest/forums/domains
urllist dest/forums/urls
expressionlist dest/forums/expressions
}

### Group 'gambling' containing entries for 'gambling'
dest gambling {
logfile gambling.log

domainlist dest/gambling/domains
urllist dest/gambling/urls
expressionlist dest/gambling/expressions
}

### Group 'hacking' containing entries for 'hacking'
dest hacking {
logfile hacking.log

domainlist dest/hacking/domains
urllist dest/hacking/urls
expressionlist dest/hacking/expressions
}

### Group 'mail' containing entries for 'mail'
dest mail {
logfile mail.log

domainlist dest/mail/domains
urllist dest/mail/urls
expressionlist dest/mail/expressions
}

### Group 'proxy' containing entries for 'proxy, redirector, strict_redirector'
dest proxy {
logfile proxy.log

domainlist dest/proxy/domains
urllist dest/proxy/urls
expressionlist dest/proxy/expressions
}

### Group 'violence' containing entries for 'violence'
dest violence {
logfile violence.log

domainlist dest/violence/domains
urllist dest/violence/urls
expressionlist dest/violence/expressions
}

### Group 'warez' containing entries for 'warez'
dest warez {
logfile warez.log

domainlist dest/warez/domains
urllist dest/warez/urls
expressionlist dest/warez/expressions
}

### ACL definition
#acl {
# default {
# pass good !bad !adult !aggressive !audio-video !hacking !warez any
# redirect 302:http://localhost/access-denied.html?url=%u
# }
#}
acl {

Exclusivo {
pass !ads !adult !aggressive !drugs !forums !gambling !hacking !proxy !violence !warez any
redirect http://www.google.com.br
default {
pass local none
rewrite dmz
redirect http://www.google.com.br
}
}

2011-03-25 08:46:32 [27118] ending emergency mode, stdin empty
2011-03-25 08:46:44 [28900] New setting: dbhome: /var/lib/squidguard
2011-03-25 08:46:44 [28900] New setting: logdir: /var/log/squidguard
2011-03-25 08:46:44 [28900] syntax error in configfile /etc/squid/squidguard-blacklists.conf line 12

Estou utilizando Centos 5.5 x64 Bits
squidguard-blacklists-1.3-1.el5.rf
squidguard-1.3-2.el5.rf
squid-2.6.STABLE21-6.el5

Enviado em: 25/3/2011 9:54
Transferir mensagem para outros aplicativos Transferir



 Topo
(1) 2 3 4 5 »