squid 陷入无限循环

squid 陷入无限循环

我几乎没有尝试添加 Internet 访问组,该组适用于我们的终端,客户端只能看到几个站点。

我将它们称为 InternetUserTerminal,添加的行以粗体显示,这个房子的标准配置没有加粗的行。

但是得到一个无限循环,被阻止的网站仅适用于不良网站,因此标准用户将无法访问不良网站,受限访问仅允许浏览白名单,并且终端访问应该类似于受限,但具有另一个“白名单” - 终端列表。

有没有更聪明的方法来解决这个漏洞问题?用一个简单的答案来解决这个问题也很好,但是我还年轻,还在学习,所以如果你能花两分钟向我解释更聪明的方法,我会非常感激的!

/etc/squid3/squid.conf 配置文件

cache manager
cache_mgr [email protected]


provide basic authentication via ldap for clients not authenticated via kerberos/ntlm
auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b "dc=somewherein,dc=local" -D [email protected] -W /etc/squid3/ldappass.txt -f sAMAccountName=%s -h philipp.somewherein.local
auth_param basic children 10
auth_param basic realm Internet Proxy
auth_param basic credentialsttl 1 minute

ldap authorisation
external_acl_type memberof %LOGIN /usr/lib/squid3/squid_ldap_group -R -K -b "dc=somewherein,dc=local" -D [email protected] -W /etc/squid3/ldappass.txt -f "(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%g,ou=System,ou=IT,ou=Verwaltung,ou=Somewherein,dc=somewherein,dc=local))" -h philipp.somewherein.local

acl for proxy auth and ldap authorizations
acl auth proxy_auth REQUIRED
    aclname             acltype  typename activedirectorygroup
acl RestrictedAccess    external memberof "/etc/squid3/restricted_access.txt"
acl StandardAccess      external memberof "/etc/squid3/standard_access.txt"
acl FullAccess          external memberof "/etc/squid3/full_access.txt"
**acl TerminalAccess    external memberof "/etc/squid3/terminal_access.txt"**
acl allowedsites        dstdomain "/etc/squid3/allowedsites.txt"
acl blockedsites        dstdomain "/etc/squid3/blockedsites.txt"
**acl terminalsites dstdomain "/etc/squid3/terminalsites.txt"**

squid defaults
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80          # http
acl Safe_ports port 21          # ftp
acl Safe_ports port 443         # https
acl Safe_ports port 70          # gopher
acl Safe_ports port 210         # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280         # http-mgmt
acl Safe_ports port 488         # gss-http
acl Safe_ports port 591         # filemaker
acl Safe_ports port 777         # multiling http
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

enforce authentication, order of rules is important for authorization levels
http_access deny !auth

prevent access to basic auth prompt for BlockedAccess users
http_access allow RestrictedAccess allowedsites auth
http_access deny RestrictedAccess
http_access allow FullAccess auth
**http_access allow TerminalAccess terminalsites auth**
**http_access deny TerminalAccess**
http_access deny blockedsites
http_access allow StandardAccess auth
DO NOT REMOVE THE FOLLOWING LINE
http_access allow auth

access_log /var/log/squid3/access.log squid !allowedsites

squid Debian defaults
http_port 3128
hierarchy_stoplist cgi-bin ?
coredump_dir /var/spool/squid3
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320

相关内容