如何在 Squid 3 中配置黑名单?

如何在 Squid 3 中配置黑名单?

我这样配置了 squid,但黑名单不起作用。我在网上搜索了一些内容,但什么也没找到。

#SQUID squid.conf

http_port 8080

############################################################

#Database Authentication MYSQL

auth_param basic program /usr/lib/squid3/squid_db_auth --dsn "DBI:mysql:database=something " --user something --password something --plaintext --persist
auth_param basic children 5
auth_param basic realm Web-Proxy
auth_param basic credentialsttl 30 minute
auth_param basic casesensitive off
acl db-auth proxy_auth REQUIRED
http_access allow db-auth

#############################################################

#ACL

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl SSL_ports port 443
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443     # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210     # wais
acl Safe_ports port 1025-65535  # unregistered ports
acl Safe_ports port 280     # http-mgmt
acl Safe_ports port 488     # gss-http
acl Safe_ports port 591     # filemaker
acl Safe_ports port 777     # multiling http
acl CONNECT method CONNECT

acl blacklist dstdom_regex -i "/etc/squid3/blacklist"

##############################################################


#LISTA OPERAZIONI ACL
http_access deny blacklist

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all

##############################################################

coredump_dir /var/spool/squid3

黑名单文件是这样的:

facebook.it
facebook.com

答案1

http_access语句会针对每个请求按顺序进行评估,一旦匹配,评估就会停止。因此http_access allow db-auth应该放置 http_access deny blacklist这样,黑名单就被强制执行,然后进行身份验证。

相关内容