Уважаемые посетители!

maximus-asoi · 21.08.2010 17:41:40

maximus-asoi
Новичок
Неактивен

Зарегистрирован: 21.08.2010
Сообщений: 12
Репутация : [ 0 | 0 ]

Доброго времени суток всем. Устроился недавно работать в одну организацию системным администратором... до этого там работал очень серьезный дядя и настроил squid, в котором я до сих пор разобраться не могу Судя по конфигу доступ вконтакт открыт только определенным пользователям. Хотел попробовать себе открыть доступ до вконтакта, но в разделе, где это описано запись не работает (хотя пишу так же как и остальным пользователям). Очень прошу помочь мне разобраться со всеми этими acl и как мне самому себе предоставить доступ до вконтакте.

http_port 192.168.1.102:81
icp_port 0
htcp_port 0
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
acl nocache_karelia url_regex -i sampo\.ru karelia\.ru onego\.ru petrsu\.ru ptz\.ru drevlanka\.ru petrozavodsk\.ru
no_cache deny nocache_karelia
cache_mem 24 MB
maximum_object_size 16384 KB
cache_dir ufs /var/cache/squid 2000 16 256
access_log /var/log/squid/access.log
ftp_user ftp@
ftp_list_width 130
redirect_children 20
    auth_param digest nonce_max_count 150
auth_param digest program /usr/sbin/digest_pw_auth /etc/squid/passwd/digpass
auth_param digest children 5
auth_param digest realm spaa proxy server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50
refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320
refresh_pattern http://ad\.                        43200   100%    43200 override-lastmod override-expire ignore-reload 
refresh_pattern http://ads\.                       43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://adv\.                       43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://banners?\.                       43200   100%    43200 override-lastmod override-expire ignore-reload 
refresh_pattern http://click\.                     43200   100%    43200 override-lastmod override-expire ignore-reload 
refresh_pattern http://count\.                     43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://counter\.                   43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://engine\.                    43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://rotabanner\.                43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern \.swf$          43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern \.ico$          43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern allday\.ru    43200   100%    43200 override-lastmod override-expire ignore-reload
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl morozov_ports port 7050 15100 #  quik 7050-uralsib, 15100-kitfinance
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443 563    # https, snews
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 996         # vsinet
acl Safe_ports port 4899        # radm 
acl jabber_ports port 5222 5223
acl CONNECT method CONNECT
acl GET method GET
acl minimum_ports port 21 80 443
acl port_80 port 80
acl port_81 port 81
acl drevlanka_servers dst 10.0.11.0/24
acl disk_karelia_ru dstdomain disk.karelia.ru
acl rapidshare dstdom_regex -i rapidshare\.com$
acl endymion dstdomain endymion.ru
acl fake_mail_spaa_ru dst 192.168.20.254
acl office src 192.168.1.0/24
acl pc_5 src 192.168.1.5
acl pc_6 src 192.168.1.6
acl pc_7 src 192.168.1.7
acl pc_8 src 192.168.1.8
acl pc_9 src 192.168.1.9
acl pc_10 src 192.168.1.10
acl pc_11 src 192.168.1.11
acl pc_12 src 192.168.1.12
acl pc_13 src 192.168.1.13
acl pc_14 src 192.168.1.14
acl pc_15 src 192.168.1.15
acl pc_16 src 192.168.1.16
acl pc_17 src 192.168.1.17
acl pc_18 src 192.168.1.18
acl pc_19 src 192.168.1.19
acl pc_20 src 192.168.1.20
acl pc_21 src 192.168.1.21
acl pc_22 src 192.168.1.22
acl pc_23 src 192.168.1.23
acl pc_24 src 192.168.1.24
acl pc_25 src 192.168.1.25
acl pc_26 src 192.168.1.26
acl pc_27 src 192.168.1.27
acl pc_82 src 192.168.1.82
acl pc_83 src 192.168.1.83
acl pc_28 src 192.168.1.28
acl pc_29 src 192.168.1.29
acl pc_30 src 192.168.1.30
acl pc_31 src 192.168.1.31
acl pc_32 src 192.168.1.32
acl pc_33 src 192.168.1.33
acl pc_34 src 192.168.1.34
acl pc_35 src 192.168.1.35
acl pc_36 src 192.168.1.36
acl pc_37 src 192.168.1.37
acl pc_38 src 192.168.1.38
acl pc_39 src 192.168.1.39
acl pc_40 src 192.168.1.40
acl pc_41 src 192.168.1.41
acl pc_42 src 192.168.1.42
acl pc_43 src 192.168.1.43
acl pc_44 src 192.168.1.44
acl pc_45 src 192.168.1.45
acl pc_46 src 192.168.1.46
acl pc_47 src 192.168.1.47
acl pc_48 src 192.168.1.48
acl pc_49 src 192.168.1.49
acl pc_50 src 192.168.1.50
acl pc_51 src 192.168.1.51
acl pc_52 src 192.168.1.52
acl pc_53 src 192.168.1.53
acl pc_54 src 192.168.1.54
acl pc_58 src 192.168.1.58
acl pc_59 src 192.168.1.59
acl pc_60 src 192.168.1.60
acl pc_61 src 192.168.1.61
acl pc_62 src 192.168.1.62
acl pc_63 src 192.168.1.63
acl pc_64 src 192.168.1.64
acl pc_65 src 192.168.1.65
acl pc_66 src 192.168.1.66
acl pc_68 src 192.168.1.68
acl pc_69 src 192.168.1.69
acl pc_70 src 192.168.1.70
acl pc_71 src 192.168.1.71
acl pc_72 src 192.168.1.72
acl pc_73 src 192.168.1.73
acl pc_74 src 192.168.1.74
acl pc_75 src 192.168.1.75
acl pc_76 src 192.168.1.76
acl pc_90 src 192.168.1.90
acl pc_94 src 192.168.1.94
acl pc_111 src 192.168.1.111
acl pc_67 src 192.168.1.67
acl pc_80 src 192.168.1.80
acl pc_81 src 192.168.1.81
acl pc_110 src 192.168.1.110
acl pc_152 src 192.168.1.152
acl sales_hyundai src 192.168.1.15 192.168.1.16 192.168.1.30
acl sales_hyundai_tarkaniy proxy_auth tarkaniy
acl sales_hyundai_ponomarev proxy_auth ponomarev
acl sales_hyundai_peugeot proxy_auth peugeot
acl sales_hyundai_yarkov proxy_auth yarkov
acl vip_passwd proxy_auth vip
acl images_yandex_ru dstdom_regex images.yandex.ru im.*-tub.yandex.net$
acl shiryaev_passwd proxy_auth shiryaev
acl mazda_dep_sites dstdom_regex -i "/etc/squid/users/mazda.txt"
acl peugeot_dep_site dstdom_regex -i "/etc/squid/users/peugeot.txt"
acl sales_dep_site dstdom_regex -i "/etc/squid/users/sales.txt"
acl remzona_sites dstdom_regex -i  "/etc/squid/users/remzona.txt"
acl peugeot_hyundai_tagaz_spaa dstdom_regex -i "/etc/squid/site/peugeot_hyundai_tagaz_spaa_mazda.txt"
acl antivir dstdom_regex -i "/etc/squid/site/antivir.txt"
acl antivir_nets dst  "/etc/squid/site/antivir_nets.txt"
acl clamav dstdom_regex \.clamav\.net$
acl sales_without_passwd dstdom_regex -i ^auto\.ru$ \.auto\.ru$ ^dhl\.ru$ \.dhl\.ru$
acl maps_yandex_ru dstdomain maps.yandex.ru
acl vip_karelia_ru dstdomain vip.karelia.ru
acl kalevala_trailers url_regex -i ^http://www\.sampo\.ru/~ddscinema/
acl maps_google_com dstdom_regex -i (kh|mt|mw|maps).*\.google\.com$ 
acl prikoli_failoobmen dstdom_regex -i "/etc/squid/site/prikoli_failoobmen.txt"
acl prikoli_regex url_regex -i "/etc/squid/site/prikoli_regex.txt"
deny_info ERROR_NET_PRIKOLAM prikoli_failoobmen
deny_info ERROR_NET_PRIKOLAM prikoli_regex
acl media_by_mime rep_mime_type application/x-mms-framed
deny_info ERROR_STOP_SOFTWARE media_by_mime
acl telegin_whitelist dstdom_regex -i "/etc/squid/site/telegin_whitelist.txt"
acl telegin_dafont dstdom_regex -i dafont\.com$
acl statserv_host dstdomain statserv.sampo.ru
acl statserv_ip dst 213.59.200.242
acl nights_ptz_ru dstdomain nights.ptz.ru
acl youtube dstdom_regex -i youtube\.com$
acl media_sampo_ru dstdomain radio.sampo.ru media.sampo.ru
acl media_sampo_ru_ip dst 10.10.254.241
acl truba_karelia_ru dstdomain truba.karelia.ru
acl auto_mail_ru dstdomain auto.mail.ru
acl sportbox_ru_nets dst  77.108.64.0/18 87.226.128.0/21 87.226.136.0/22 80.247.43.0/26
acl sportbox_ru dstdom_regex -i sportbox\.ru$
acl sportbox_ru_wmv url_regex -i videoondemand.*wmv
acl attach_mail_ru dstdom_regex -i af.*.mail.ru
acl netradio_onego_ru dstdomain netradio.onego.ru
acl netradio_port port 8000
acl fin_domains dstdom_regex -i \.fi$
acl tagaz dstdomain tagaz-stsc.ru
acl video_sampo_ru dstdomain video.sampo.ru
acl video_sampo_ru_ip dst 195.161.9.1
acl suzuki_ftp dstdom_regex -i iar-moscow\.ru$ orion.mtw.ru
acl swap_sampo_ru url_regex -i ^http://.*swap.sampo.ru.*
acl swap_movie url_regex -i ^http://.*\.?swap.sampo.ru.* ^http://swap.sampo.ru.*\.(css|js)$ ^http://swap.sampo.ru/(icons|img)/ ^http://swap.sampo.ru/search.php.* web.drevlanka.ru/video.* http://video.*\.drevlanka.ru.* ^http://94\.140\.224\.41
acl swap_time time 9:00-20:59
acl swap_time_weekend time A-S 8:30-20:59
acl swap_movie_users src 192.168.1.43 192.168.1.25 192.168.1.39 192.168.1.12 192.168.1.90 192.168.1.28
acl time_evening time 15:00-20:59
acl sarg_reports url_regex -i mail\.spaa\.ru.*sarg
acl karelian_forums url_regex -i "/etc/squid/site/karelian_forums.txt"
acl google_pack url_regex -i cache\.googlevideo\.com\/packdata
acl peugeot_ftp dstdomain ftp.eurorscgmoradpour.ru
acl colorist_sites dstdom_regex -i "/etc/squid/users/colorist.txt"
acl sarg_stat url_regex -i ^http://mail.spaa.ru/sarg-weekly-reports.*
acl heads_of_depts src 192.168.1.12  192.168.1.45 192.168.1.52 192.168.1.11 192.168.1.37 192.168.1.25 192.168.1.15 192.168.1.30 192.168.1.58 192.168.1.38 192.168.1.36 192.168.1.53  192.168.1.20
acl work_time time MTWHFAS 08:00-22:00
deny_info ERROR_WORK_TIME work_time
acl offtime1 time 00:00-7:59
acl offtime2 time 22:00-23:59
deny_info ERROR_WORK_TIME offtime1 
deny_info ERROR_WORK_TIME offtime2
acl banners_sites url_regex -i "/etc/squid/site/banners.txt"
deny_info ERROR_STOP_BANNERS banners_sites
acl whitelist_for_all dstdom_regex -i "/etc/squid/site/whitelist_for_all.txt"
acl blacklist_for_all dstdom_regex -i "/etc/squid/site/blacklist_for_all.txt"
acl rejik_banner url_regex -i "/etc/squid/site/banlists/banner.urls"
deny_info ERROR_STOP_BANNERS rejik_banner
acl rejik_dating url_regex -i "/etc/squid/site/banlists/dating.urls"
deny_info ERROR_DATING rejik_dating
acl rejik_porno  url_regex -i "/etc/squid/site/banlists/porno.urls"
deny_info ERROR_NO_PORNO rejik_porno
acl karelia_banners url_regex -i banner\.www\.karelia\.ru
acl delay_sites url_regex -i vkontakte odnoklass?niki recordings\.ru porn love girl sex anal hard xxx intim klubni [color=red][b]Кю[/b][/color] teen game oboi wallpaper tub\.yandex\.net videos.*\.vk\.flv vkadre\.ru glamour\.ru prikol mail\.ru.*\.flv flash.*\.swf gall.*\.jpg$ kuchaknig\.ru 
acl 1st_floor src 192.168.1.12 192.168.1.39 192.168.1.18 192.168.1.19 192.168.1.14 192.168.1.17 192.168.1.25 192.168.1.33 192.168.1.13 192.168.1.27 192.168.1.20 192.168.1.26 192.168.1.30 192.168.1.24 192.168.1.15 192.168.1.16 192.168.1.35 192.168.1.21 192.168.1.63 192.168.1.62 192.168.1.41 192.168.1.42 192.168.1.43 192.168.1.45
acl drive_ru_big_files url_regex -i "/etc/squid/site/drive_ru_big_files.txt"
acl proxy_list dstdom_regex -i "/etc/squid/site/proxies.txt"
acl social_nets dstdom_regex -i "/etc/squid/site/social_nets.txt"
acl vkontakte_odnoklass_ok dstdom_regex -i ^vkontakte\.ru$ \.vkontakte\.ru$  ^odnoklassniki\.ru$ \.odnoklassniki\.ru$ ^vk\.com$ \.vk\.com$
acl vkontakte_ru dstdom_regex -i ^vkontakte\.ru$ \.vkontakte\.ru$  ^vk\.com$ \.vk\.com$ vkfarm\.elex-tech\.us$
acl odnoklass_ok dstdom_regex -i ^odnoklassniki\.ru$ \.odnoklassniki\.ru$
acl vkontakte_odnoklass_url url_regex -i (vkontakte|odnoklass?niki)
acl vkontakte_pics url_regex -i cs[0-9]+\..*u[0-9]+.*[a-z]_[a-f0-9]+\.(jpe?g|png|gif|bmp) assets.*thumbnails.*vk\.jpg assets.*videos.*\.vk\.flv \?css/rustyle.css\?[0-9]+$ \?css/profile.css\?[0-9]+$ \?js/niftycube\.js\?[0-9]+$
acl vkontakte_mirror_cookie req_header Cookie -i .*remix.*remix.*remixsid=.*
acl my_mail_ru dstdom_regex -i my\.mail\.ru
acl social_nets_req_cookie req_header Cookie -i (vkontakte|odnoklass?niki)
acl social_nets_rep_cookie rep_header Set-Cookie -i (vkontakte|odnoklass?niki)
acl social_nets_rep_cookie_odn rep_header Set-Cookie -i odnoklass?niki
acl social_nets_rep_cookie_vko rep_header Set-Cookie -i vkontakte
acl media_sites url_regex -i "/etc/squid/site/media.txt"
acl media_video url_regex -i "/etc/squid/site/media_video.txt"
deny_info ERROR_STOP_SOFTWARE media_sites
acl online_games url_regex -i "/etc/squid/site/online_games.txt"
deny_info ERROR_NO_ONLINE_GAMES online_games
acl kasper dstdom_regex -i \.kaspersky\.com$
acl icq_site dstdom_regex -i \.icq\.com$ \.oscar\.aol\.com$
acl qip_sites dstdom_regex qip\.ru$
acl icq_dst dst 64.12.0.0/16 205.188.0.0/16  
acl icq_dstdom_regex dstdom_regex -i icq\.com aol\.com 911\.ru meebo\.com skype\.com imo\.im$ communicationtube\.net$
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl Skype_UA browser ^skype^
acl jabber_dstdom url_regex -i allports\.jabber\.ru httppoll.jabber.ru jwchat\.sourceforge jwchat\.sf\.net sourceforge\.net/jwchat
acl gtalk_server dstdom_regex -i talk.*\.google\.com
acl gtalk_ua browser -i Google.*Talk
acl gmail_chat dstdom_regex -i chatenabled\.mail\.google\.com
acl gtalk_gadget dstdom_regex -i talkgadget\.google\.com
acl mrim_addr dst "/etc/squid/site/banlists/mrim.dst"
acl mrim_url_regex url_regex -i mrim.*\.mail\.ru agent\.mail\.ru mra\.mail\.ru mail\.ru.*loginagent mail\.ru.*jsagent status\.mail\.ru
acl trillian dst 66.216.70.167/32
acl gizmo dstdomain .gizmoproject.com .talqer.com .gizmocall.com .fring.com .pidgin.im 
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com .voice.yahoo.com
acl ym dstdomain .skype.com .imvu.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim
acl msn url_regex -i gateway.dll messenger.msn.com gateway.messenger.hotmail.com
acl msn1 req_mime_type ^application/x-msn-messenger$
acl sport_video dst 87.226.136.210
acl domains_CONNECT dstdom_regex -i "/etc/squid/site/allow_CONNECT.txt"
deny_info ERROR_NO_SSL CONNECT
acl aol_connect dstdom_regex -i \.screenname\.aol\.com$
acl adobe_microsoft_google url_regex -i \.microsoft\.com.*\.dll \.adobe\.com.*flash\.cab \.macromedia\.com.*flash\.cab sb\.google\.com google-analytics\.com googlesyndication\.com vip-ddos\.org urs\.microsoft\.com windowsupdate\.com autocontext\.begun\.ru newsrss\.bbc\.co\.uk c\.icq\.com.*infofeed ytimg\.com\/safebrowsing \.google\.com/safebrowsing
acl go_microsoft url_regex go\.microsoft\.com runonce\.msn\.com
acl pics_flash url_regex \.(gif|png|bmp|jpe?g|swf)
acl flash url_regex \.(flv|swf)
acl foto_video_mail_ru dstdom_regex -i foto\.mail\.ru video\.mail\.ru
acl all_mail_ru dstdom_regex -i \.mail\.ru$ ^mail\.ru$
acl ero_mail_ru req_header Cookie ero_accept
acl ICQ_PORT    port            5190 443 
http_access allow manager localhost
http_access deny manager
http_access allow office fake_mail_spaa_ru port_80
http_access allow office fake_mail_spaa_ru CONNECT SSL_ports
http_access deny office fake_mail_spaa_ru
http_access allow jabber_ports CONNECT pc_90
http_access allow pc_62 CONNECT kasper
http_access allow pc_32 CONNECT kasper
http_access allow pc_36 CONNECT qip_sites jabber_ports
http_access allow pc_22 CONNECT numeric_IPs morozov_ports
http_access allow pc_61 CONNECT numeric_IPs morozov_ports
http_access allow pc_67 CONNECT numeric_IPs morozov_ports
http_access allow pc_6 CONNECT numeric_IPs morozov_ports
http_access allow pc_76 CONNECT numeric_IPs morozov_ports
http_access allow swap_movie swap_movie_users port_80 swap_time
http_access allow swap_movie swap_movie_users port_80 swap_time_weekend
http_access allow swap_movie swap_movie_users port_81 swap_time
http_access allow swap_movie swap_movie_users port_81 swap_time_weekend
http_access allow swap_sampo_ru pc_5
http_access allow swap_sampo_ru pc_6
http_access allow swap_sampo_ru pc_37
http_access allow swap_movie pc_39
http_access allow swap_sampo_ru pc_39
http_access deny swap_sampo_ru
http_access deny !Safe_ports
http_access allow pc_6 CONNECT numeric_IPs SSL_ports
http_access allow pc_61 CONNECT numeric_IPs SSL_ports
http_access allow pc_6 CONNECT SSL_ports
http_access allow pc_61 CONNECT SSL_ports
http_access allow pc_38 CONNECT icq_dst work_time
http_access allow pc_36 CONNECT icq_dst work_time
http_access allow pc_22 CONNECT icq_dst work_time
http_access allow pc_12 CONNECT icq_dst work_time
http_access allow pc_53 CONNECT icq_dst work_time
http_access allow pc_5 CONNECT work_time SSL_ports
http_access allow pc_90 CONNECT SSL_ports
http_access allow pc_9 CONNECT numeric_IPs SSL_ports
http_access allow pc_9 CONNECT SSL_ports
http_access allow pc_72 CONNECT numeric_IPs work_time SSL_ports
http_access allow pc_72 CONNECT work_time SSL_ports
http_access allow pc_14 CONNECT numeric_IPs work_time SSL_ports
http_access allow pc_19 CONNECT numeric_IPs work_time SSL_ports 
http_access allow pc_52 CONNECT numeric_IPs work_time SSL_ports 
http_access deny CONNECT numeric_IPs
http_access allow domains_CONNECT work_time SSL_ports
http_access deny CONNECT
http_access allow pc_110 clamav 
http_access allow pc_6 
http_access allow pc_61
http_access allow media_sites antivir
http_access allow media_sites google_pack
http_access allow auto_mail_ru work_time all
http_access allow pc_90
http_access allow pc_22
http_access allow pc_74 attach_mail_ru
http_access allow office antivir
http_access allow office antivir_nets
http_access allow pc_80 vip_passwd
http_access allow pc_81 vip_passwd
http_access deny adobe_microsoft_google
http_access allow pc_74 work_time rapidshare
http_access allow pc_35 nights_ptz_ru
http_access allow pc_5 icq_dst work_time
http_access allow pc_20 icq_dst work_time
http_access allow pc_38 icq_dst work_time
http_access allow pc_36 icq_dst work_time
http_access allow pc_22 icq_dst work_time
http_access allow pc_12 icq_dst work_time
http_access allow pc_53 icq_dst work_time
http_access deny icq_dst
http_access allow pc_5 icq_dstdom_regex work_time
http_access allow pc_20 icq_dstdom_regex work_time
http_access allow pc_38 icq_dstdom_regex work_time
http_access allow pc_36 icq_dstdom_regex work_time
http_access allow pc_22 icq_dstdom_regex work_time
http_access allow pc_12 icq_dstdom_regex work_time
http_access allow pc_53 icq_dstdom_regex work_time
http_access deny icq_dstdom_regex
http_access deny jabber_dstdom
http_access deny gtalk_server
http_access deny gtalk_ua
http_access deny gmail_chat
http_access deny gtalk_gadget
http_access deny msn                                                                                      
http_access deny msn1                                                                                     
http_reply_access deny msn                                                                                
http_reply_access deny msn1                                                                               
http_access deny trillian                                                                                 
http_reply_access deny trillian                                                                           
http_access deny gizmo                                                                                    
http_reply_access deny gizmo                                                                              
http_access allow pc_6 Skype_UA 
http_access allow pc_61 Skype_UA 
http_access deny Skype_UA 
http_access deny 1st_floor drive_ru_big_files
http_access allow whitelist_for_all work_time !CONNECT
http_access allow pc_14 images_yandex_ru work_time
http_access allow pc_19 images_yandex_ru work_time
http_access allow pc_5 work_time
http_access deny office foto_video_mail_ru ero_mail_ru
http_access allow pc_20 work_time vkontakte_odnoklass_ok
http_access allow pc_90 vkontakte_odnoklass_ok
http_access allow pc_90 proxy_list
http_access allow pc_90 vkontakte_mirror_cookie
http_access allow pc_90 social_nets_req_cookie
http_access allow pc_90 social_nets_rep_cookie
http_access allow pc_90 vkontakte_odnoklass_url
http_access allow pc_90 vkontakte_pics
http_access allow pc_90 social_nets_rep_cookie_vko
http_access allow pc_19 work_time odnoklass_ok
http_access allow pc_38 work_time vkontakte_ru
http_access allow pc_40 work_time vkontakte_ru
http_access allow pc_12 work_time vkontakte_ru
http_access allow pc_45 work_time vkontakte_ru
http_access allow pc_5 work_time vkontakte_odnoklass_ok
http_access deny proxy_list
http_access deny vkontakte_mirror_cookie
http_access deny social_nets_req_cookie
http_access deny social_nets_rep_cookie
http_access deny vkontakte_odnoklass_url
http_access deny vkontakte_pics
http_access allow pc_37 work_time
http_access allow pc_74 my_mail_ru work_time
http_access deny social_nets
http_access deny online_games
http_access deny rejik_porno
http_access allow pc_30 vip_karelia_ru
http_access allow pc_12 vip_karelia_ru
http_access allow pc_17 vip_karelia_ru
http_access allow pc_43 vip_karelia_ru
http_access deny 1st_floor karelian_forums
http_access allow pc_90  
http_access allow statserv_host pc_5
http_access allow statserv_host pc_90
http_access deny statserv_ip
http_access deny statserv_host
http_access allow pc_5 sarg_reports
http_access allow pc_90 sarg_reports
http_access allow heads_of_depts sarg_stat
http_access deny sarg_reports
http_access deny pc_18 media_video peugeot_hyundai_tagaz_spaa
http_access deny pc_42 media_video peugeot_hyundai_tagaz_spaa
http_access deny pc_17 media_video peugeot_hyundai_tagaz_spaa
http_access deny sales_hyundai media_video peugeot_hyundai_tagaz_spaa
http_access allow peugeot_hyundai_tagaz_spaa
http_access allow pc_7 telegin_whitelist
http_access allow pc_12 media_sampo_ru
http_access allow pc_39 media_sampo_ru
http_access allow pc_43 media_sampo_ru
http_access allow pc_90 media_sampo_ru
http_access allow pc_71 media_sampo_ru
http_access allow pc_64 media_sampo_ru
http_access allow pc_71 media_sampo_ru_ip
http_access allow pc_7 media_sampo_ru
http_access allow pc_18 media_sampo_ru
http_access allow pc_42 media_sampo_ru
http_access allow pc_18 kalevala_trailers
http_access allow pc_18 netradio_onego_ru netradio_port
http_access allow pc_42 netradio_onego_ru netradio_port
http_access allow pc_39 netradio_onego_ru netradio_port
http_access allow pc_71 netradio_onego_ru netradio_port
http_access allow pc_17 media_sampo_ru
http_access allow pc_17 media_sampo_ru_ip
http_access allow pc_17 netradio_onego_ru netradio_port
http_access allow pc_12 truba_karelia_ru
http_access allow pc_37 truba_karelia_ru
http_access deny truba_karelia_ru
http_access deny media_sampo_ru 
http_access allow pc_7 work_time
http_access allow pc_5 work_time
http_access allow pc_8 disk_karelia_ru
http_access allow pc_38 disk_karelia_ru
http_access allow pc_29 disk_karelia_ru
http_access deny drevlanka_servers
http_access allow pc_9 
http_access allow pc_37 work_time
http_access allow pc_74 work_time
http_access allow pc_12 work_time
http_access allow pc_7 work_time
http_access allow pc_38 work_time
http_access allow pc_20 work_time
http_access allow pc_40 work_time
http_access allow pc_11 work_time
http_access allow pc_25 work_time
http_access allow pc_73 work_time
http_access allow pc_49 work_time 
http_access deny karelia_banners
http_access deny blacklist_for_all
http_access allow pc_67 work_time
http_access allow pc_76 work_time
http_access allow pc_53 work_time
http_access allow maps_google_com pc_8 work_time
http_access allow maps_google_com pc_32 work_time
http_access allow maps_google_com pc_25 work_time
http_access deny prikoli_failoobmen
http_access deny prikoli_regex
http_access allow pc_29 work_time
http_access allow pc_36 work_time
http_access allow pc_47 work_time
http_access allow pc_24 work_time
http_access allow pc_94 work_time
http_access allow pc_20 work_time
http_access allow pc_72 work_time
http_access allow pc_10 
http_access allow pc_34 work_time
http_access allow pc_23 work_time
http_access allow pc_8 work_time
http_access deny media_sites
http_access allow pc_17 work_time
http_access allow pc_59 work_time
http_access allow pc_60 work_time
http_access allow pc_31 work_time
http_access allow pc_68 work_time
http_access allow pc_45 work_time
http_access allow pc_46 work_time
http_access allow pc_39 work_time
http_access allow pc_43 work_time
http_access allow pc_54 work_time
http_access allow pc_62 work_time
http_access allow pc_63 work_time
http_access allow pc_66 work_time
http_access allow pc_70 work_time
http_access allow pc_35 work_time 
http_access allow pc_48 work_time
http_access allow pc_13 work_time
http_access allow pc_14 work_time
http_access allow pc_52 work_time
http_access deny pc_18 numeric_IPs
http_access deny pc_18 flash
http_access allow pc_18 work_time minimum_ports
http_access deny pc_42 numeric_IPs
http_access allow pc_42 work_time minimum_ports
http_access allow pc_19 work_time
http_access allow pc_27 work_time
http_access allow pc_82 work_time
http_access allow pc_21 work_time
http_access allow pc_69 work_time
http_access allow pc_41 work_time
http_access allow pc_26 work_time port_80
http_access allow pc_28 work_time
http_access allow pc_51 work_time
http_access allow pc_33 work_time
http_access allow pc_152 work_time
http_access allow pc_32 work_time
http_access allow pc_58 work_time
http_access allow pc_75 work_time
http_access allow pc_71 work_time 
http_access allow pc_30 work_time 
http_access allow pc_16 work_time
http_access allow pc_15 work_time 
http_access deny all
http_reply_access deny media_by_mime !pc_5 !pc_6 !pc_61 
http_reply_access allow pc_19 social_nets_rep_cookie_odn
http_reply_access allow pc_20 social_nets_rep_cookie_vko
http_reply_access allow pc_38 social_nets_rep_cookie_vko
http_reply_access allow pc_40 social_nets_rep_cookie_vko
http_reply_access allow pc_12 social_nets_rep_cookie_vko
http_reply_access allow pc_45 social_nets_rep_cookie_vko
http_reply_access deny social_nets_rep_cookie !pc_5 !pc_6 !pc_61 !pc_38 !pc_45 !pc_40 !pc_12  !pc_60 !pc_27  !pc_59
http_reply_access allow all
icp_access allow all
reply_body_max_size 900000000 allow !pc_5 !pc_6 !pc_61 !pc_22 !pc_90 !pc_7 !media_sampo_ru !peugeot_ftp !antivir !google_pack !kalevala_trailers !truba_karelia_ru !suzuki_ftp !whitelist_for_all !netradio_onego_ru !swap_sampo_ru !disk_karelia_ru !rapidshare !endymion !swap_movie  !pc_74 !pc_43
visible_hostname mx.spaa.ru
forwarded_for off
reload_into_ims on
always_direct allow suzuki_ftp
header_access Via deny telegin_dafont
error_directory /etc/squid/errors
snmp_port 0
delay_pools 4
delay_class 1 1
delay_class 2 1
delay_class 3 1
delay_class 4 1
delay_access 1 deny pc_5
delay_access 1 deny pc_6
delay_access 1 deny pc_61
delay_access 1 deny pc_60
delay_access 1 deny pc_90
delay_access 1 deny peugeot_hyundai_tagaz_spaa
delay_access 1 deny whitelist_for_all
delay_access 1 deny swap_movie
delay_access 1 allow delay_sites
delay_access 1 deny all
delay_access 2 deny peugeot_hyundai_tagaz_spaa
delay_access 2 deny whitelist_for_all
delay_access 2 allow pc_18 pics_flash
delay_access 2 deny all
delay_access 3 allow pc_71 flash
delay_access 3 deny all
delay_access 4 allow swap_movie_users swap_movie
delay_access 4 deny all
delay_parameters 1 7000/7000
delay_parameters 2 90000/90000
delay_parameters 3 5000/5000
delay_parameters 4 1000000/1000000
coredump_dir /var/cache/squid

комментарии убрал регексом, т.к. получилось бы довольно много...
Довольно много времени провел за гуглением, но пояснения некоторых параметров так и не нашел....
Заранее спасибо

kisil · 21.08.2010 18:36:22

kisil
Пользователь
Неактивен

Зарегистрирован: 22.02.2010
Сообщений: 1,996
Репутация : [ 59 | 0 ]

Как твой комп называетса в этом конфиге?

Trouble in WINDOWS reboot, trouble in UNIX be root.

maximus-asoi · 21.08.2010 20:02:05

maximus-asoi
Новичок
Неактивен

Зарегистрирован: 21.08.2010
Сообщений: 12
Репутация : [ 0 | 0 ]

pc_90

http_access allow pc_90 vkontakte_odnoklass_ok
http_access allow pc_90 proxy_list
http_access allow pc_90 vkontakte_mirror_cookie
http_access allow pc_90 social_nets_req_cookie
http_access allow pc_90 social_nets_rep_cookie
http_access allow pc_90 vkontakte_odnoklass_url
http_access allow pc_90 vkontakte_pics
http_access allow pc_90 social_nets_rep_cookie_vko

вот это вот я сам уже понавставлял... однако ничего не помогает

kisil · 21.08.2010 23:41:16

kisil
Пользователь
Неактивен

Зарегистрирован: 22.02.2010
Сообщений: 1,996
Репутация : [ 59 | 0 ]

Поставь правило
http_access allow pc_90
после правила http_access deny manager , а вот здеся закоментируй обязательно и перезапусти сквид

http_access allow pc_30 vip_karelia_ru
http_access allow pc_12 vip_karelia_ru
http_access allow pc_17 vip_karelia_ru
http_access allow pc_43 vip_karelia_ru
http_access deny 1st_floor karelian_forums
#http_access allow pc_90  
http_access allow statserv_host pc_5
http_access allow statserv_host pc_90
http_access deny statserv_ip
http_access deny statserv_host

Сквид читает правила последовательно и их так же применяет а то что касалось твоего компа то разрешения доступа к контактам ишло после того правила которое блокировало доступ к ним всем.
Попробуй и отпишысь.

Trouble in WINDOWS reboot, trouble in UNIX be root.

maximus-asoi · 22.08.2010 09:09:45

maximus-asoi
Новичок
Неактивен

Зарегистрирован: 21.08.2010
Сообщений: 12
Репутация : [ 0 | 0 ]

Не, не попал я вконтакт =(

kisil · 22.08.2010 16:19:19

kisil
Пользователь
Неактивен

Зарегистрирован: 22.02.2010
Сообщений: 1,996
Репутация : [ 59 | 0 ]

Ти из конфига точно все строки виложил. Посмотри такую дерективу url_rewrite_program. Может у тебя просто ещё прикручен сквидгуард или режит так можут и они резать контакти. Посмотри.

Trouble in WINDOWS reboot, trouble in UNIX be root.

maximus-asoi · 22.08.2010 17:05:16

maximus-asoi
Новичок
Неактивен

Зарегистрирован: 21.08.2010
Сообщений: 12
Репутация : [ 0 | 0 ]

Нет там такой директивый... Могу весь конфиг показать (без обработки egrep)
вот

http_port 192.168.1.102:81


icp_port 0


htcp_port 0


acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

# don't cache "karelian" sites
acl nocache_karelia url_regex -i sampo\.ru karelia\.ru onego\.ru petrsu\.ru ptz\.ru drevlanka\.ru petrozavodsk\.ru
no_cache deny nocache_karelia



cache_mem 24 MB


maximum_object_size 16384 KB



cache_dir ufs /var/cache/squid 2000 16 256


access_log /var/log/squid/access.log


ftp_list_width 130





redirect_children 20


    auth_param digest nonce_max_count 150

auth_param digest program /usr/sbin/digest_pw_auth /etc/squid/passwd/digpass
auth_param digest children 5

auth_param digest realm spaa proxy server
auth_param digest nonce_garbage_interval 5 minutes
auth_param digest nonce_max_duration 30 minutes
auth_param digest nonce_max_count 50

/etc/squid/ad_passwd.txt -P     -u sAMAccountName -f "(&(objectClass=person)(sAMAccountName=%s))" 192.168.1.101


refresh_pattern ^ftp:        1440    20%    10080
refresh_pattern ^gopher:    1440    0%    1440
refresh_pattern .        0    20%    4320

refresh_pattern http://ad\.                        43200   100%    43200 override-lastmod override-expire ignore-reload 
refresh_pattern http://ads\.                       43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://adv\.                       43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://banners?\.                       43200   100%    43200 override-lastmod override-expire ignore-reload 
refresh_pattern http://click\.                     43200   100%    43200 override-lastmod override-expire ignore-reload 
refresh_pattern http://count\.                     43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://counter\.                   43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://engine\.                    43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern http://rotabanner\.                43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern \.swf$          43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern \.ico$          43200   100%    43200 override-lastmod override-expire ignore-reload
#refresh_pattern http://img\.mail\.ru    43200   100%    43200 override-lastmod override-expire ignore-reload
refresh_pattern allday\.ru    43200   100%    43200 override-lastmod override-expire ignore-reload


acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 # https
acl morozov_ports port 7050 15100 #  quik 7050-uralsib, 15100-kitfinance
acl Safe_ports port 80        # http
acl Safe_ports port 21        # ftp
acl Safe_ports port 443 563    # https, snews
acl Safe_ports port 70        # gopher
acl Safe_ports port 210        # wais
acl Safe_ports port 1025-65535    # unregistered ports
acl Safe_ports port 280        # http-mgmt
acl Safe_ports port 488        # gss-http
acl Safe_ports port 591        # filemaker
acl Safe_ports port 777        # multiling http
acl Safe_ports port 996         # vsinet
acl Safe_ports port 4899        # radm 
acl jabber_ports port 5222 5223
acl CONNECT method CONNECT
acl GET method GET

acl minimum_ports port 21 80 443
acl port_80 port 80
acl port_81 port 81

acl drevlanka_servers dst 10.0.11.0/24
acl disk_karelia_ru dstdomain disk.karelia.ru

acl rapidshare dstdom_regex -i rapidshare\.com$
acl endymion dstdomain endymion.ru


acl fake_mail_spaa_ru dst 192.168.20.254

##################################################
# LDAP Authentication
# 20070910: shiryaev: ��������� - �������� � AD
#
# squid_ldap_auth -b "cn=Users,dc=avto,dc=local" \
# -D "cn=ejabberd,cn=Users,dc=AVTO,dc=local" -W ad_pass.txt -P \
# -u sAMAccountName -f "(&(objectClass=person)(sAMAccountName=%s))" 192.168.1.101


##################################################
# ALL OFFICE
##################################################
acl office src 192.168.1.0/24

##################################################
# PC OFFICE
##################################################
acl pc_5 src 192.168.1.5
acl pc_6 src 192.168.1.6
acl pc_7 src 192.168.1.7
acl pc_8 src 192.168.1.8
acl pc_9 src 192.168.1.9
acl pc_10 src 192.168.1.10
acl pc_11 src 192.168.1.11
acl pc_12 src 192.168.1.12
acl pc_13 src 192.168.1.13
acl pc_14 src 192.168.1.14
acl pc_15 src 192.168.1.15
acl pc_16 src 192.168.1.16
acl pc_17 src 192.168.1.17
acl pc_18 src 192.168.1.18
acl pc_19 src 192.168.1.19
acl pc_20 src 192.168.1.20
acl pc_21 src 192.168.1.21
acl pc_22 src 192.168.1.22
acl pc_23 src 192.168.1.23
acl pc_24 src 192.168.1.24
acl pc_25 src 192.168.1.25
acl pc_26 src 192.168.1.26
# receptionist
acl pc_27 src 192.168.1.27
# service-secretary
acl pc_82 src 192.168.1.82
# GTO
acl pc_83 src 192.168.1.83
acl pc_28 src 192.168.1.28
acl pc_29 src 192.168.1.29
# trade-in
acl pc_30 src 192.168.1.30

# tyutin / peugeot tech instructor
acl pc_31 src 192.168.1.31
# shandrokha eth
acl pc_32 src 192.168.1.32
# masterp // �����, �������
acl pc_33 src 192.168.1.33
# belkin buh
acl pc_34 src 192.168.1.34
# peugeot sales
acl pc_35 src 192.168.1.35

# melekhova
acl pc_36 src 192.168.1.36
# taborov
acl pc_37 src 192.168.1.37
# shikhova eth
acl pc_38 src 192.168.1.38

# sklad2
acl pc_39 src 192.168.1.39

# proskurina eth
acl pc_40 src 192.168.1.40

# receptionist4 (old mazda1) wifi
acl pc_41 src 192.168.1.41
# melekhova
acl pc_42 src 192.168.1.42

# sklad3
acl pc_43 src 192.168.1.43

# MAHA
acl pc_44 src 192.168.1.44

# peugeot logistics
acl pc_45 src 192.168.1.45
# peugeot warranty
acl pc_46 src 192.168.1.46
# hyundai logistics
acl pc_47 src 192.168.1.47
# peugeot sales 2
acl pc_48 src 192.168.1.48

# receptionist3 - sudareva - belinskiy
acl pc_49 src 192.168.1.49
# new cash
acl pc_50 src 192.168.1.50
# ponomarev
acl pc_51 src 192.168.1.51
# kredit3
acl pc_52 src 192.168.1.52
# bystrov
acl pc_53 src 192.168.1.53
# sklad kuznetsova
acl pc_54 src 192.168.1.54
# carbody2
acl pc_58 src 192.168.1.58
# p-parts
acl pc_59 src 192.168.1.59
# p-parts-2
acl pc_60 src 192.168.1.60


# wifi // 6x
# morozov
acl pc_61 src 192.168.1.61

# ibm
acl pc_62 src 192.168.1.62

# asus laptop wifi
acl pc_63 src 192.168.1.63

# PEUGEOT MAHA
acl pc_64 src 192.168.1.64

# buh peugeot  - ELINA
acl pc_65 src 192.168.1.65
# asus laptop wifi2
acl pc_66 src 192.168.1.66

# p-service wifi
acl pc_68 src 192.168.1.68
# h-parts-2
acl pc_69 src 192.168.1.69

# asus laptop eth
acl pc_70 src 192.168.1.70

# colourist
acl pc_71 src 192.168.1.71
# buh-finansist
acl pc_72 src 192.168.1.72
# peugeot glavbuh - ermakova
acl pc_73 src 192.168.1.73

# marudenko - tech instructor
acl pc_74 src 192.168.1.74
# barimov
acl pc_75 src 192.168.1.75
# bystrov eeepc
acl pc_76 src 192.168.1.76

# shiryaev wifi
acl pc_90 src 192.168.1.90

# hyundai tovaroved
acl pc_94 src 192.168.1.94

# acer laptop
acl pc_111 src 192.168.1.111
# bystrov
acl pc_67 src 192.168.1.67

# founders - wifi
acl pc_80 src 192.168.1.80
acl pc_81 src 192.168.1.81

# server
acl pc_110 src 192.168.1.110

# temp
acl pc_152 src 192.168.1.152

# sales hyundai
acl sales_hyundai src 192.168.1.15 192.168.1.16 192.168.1.30

# pc16
acl sales_hyundai_tarkaniy proxy_auth tarkaniy
acl sales_hyundai_ponomarev proxy_auth ponomarev
acl sales_hyundai_peugeot proxy_auth peugeot
acl sales_hyundai_yarkov proxy_auth yarkov

# founders, vip etc.
acl vip_passwd proxy_auth vip

acl images_yandex_ru dstdom_regex images.yandex.ru im.*-tub.yandex.net$


#
acl shiryaev_passwd proxy_auth shiryaev

# ����� �� Mazda
acl mazda_dep_sites dstdom_regex -i "/etc/squid/users/mazda.txt"

# ����� �� Peugeot
acl peugeot_dep_site dstdom_regex -i "/etc/squid/users/peugeot.txt"

# ����� �� Hyundai
acl sales_dep_site dstdom_regex -i "/etc/squid/users/sales.txt"

# remzona
acl remzona_sites dstdom_regex -i  "/etc/squid/users/remzona.txt"

##################################################
# per user limit acl (sarg QUOTA)
##################################################
# SERVER_UPGRADE_FIXME
##acl per_user_limit src "/opt/sarg/etc/per_user_limit.conf"
##deny_info ERROR_STOP_TRAFFIC_EATING per_user_limit

# peugeot_hyundai_tagaz_spaa_mazda
acl peugeot_hyundai_tagaz_spaa dstdom_regex -i "/etc/squid/site/peugeot_hyundai_tagaz_spaa_mazda.txt"
acl antivir dstdom_regex -i "/etc/squid/site/antivir.txt"
acl antivir_nets dst  "/etc/squid/site/antivir_nets.txt"
acl clamav dstdom_regex \.clamav\.net$

acl sales_without_passwd dstdom_regex -i ^auto\.ru$ \.auto\.ru$ ^dhl\.ru$ \.dhl\.ru$

acl maps_yandex_ru dstdomain maps.yandex.ru
acl vip_karelia_ru dstdomain vip.karelia.ru
acl kalevala_trailers url_regex -i ^http://www\.sampo\.ru/~ddscinema/
acl maps_google_com dstdom_regex -i (kh|mt|mw|maps).*\.google\.com$ 

# ������� � ��������������
acl prikoli_failoobmen dstdom_regex -i "/etc/squid/site/prikoli_failoobmen.txt"
acl prikoli_regex url_regex -i "/etc/squid/site/prikoli_regex.txt"
deny_info ERROR_NET_PRIKOLAM prikoli_failoobmen
deny_info ERROR_NET_PRIKOLAM prikoli_regex

# ��������� �����/����� ����� �� mime-�����
# acl media_by_mime rep_mime_type audio/mpeg video/mpeg application/ogg video/x-msvideo audio/x-wav video/quicktime video/mp4
acl media_by_mime rep_mime_type application/x-mms-framed
deny_info ERROR_STOP_SOFTWARE media_by_mime

# telegin whitelist
acl telegin_whitelist dstdom_regex -i "/etc/squid/site/telegin_whitelist.txt"
# ���������� ���� - ���������� ������� http-��������� Via, ����� �� ��������
acl telegin_dafont dstdom_regex -i dafont\.com$

# statserv
acl statserv_host dstdomain statserv.sampo.ru
acl statserv_ip dst 213.59.200.242

# nights.ptz.ru
acl nights_ptz_ru dstdomain nights.ptz.ru

# youtube
acl youtube dstdom_regex -i youtube\.com$

# media.sampo.ru - FREE radio
acl media_sampo_ru dstdomain radio.sampo.ru media.sampo.ru
acl media_sampo_ru_ip dst 10.10.254.241
acl truba_karelia_ru dstdomain truba.karelia.ru

acl auto_mail_ru dstdomain auto.mail.ru

# sportbox
acl sportbox_ru_nets dst  77.108.64.0/18 87.226.128.0/21 87.226.136.0/22 80.247.43.0/26
acl sportbox_ru dstdom_regex -i sportbox\.ru$
acl sportbox_ru_wmv url_regex -i videoondemand.*wmv


# attachments mail_ru
acl attach_mail_ru dstdom_regex -i af.*.mail.ru

# netradio.onego.ru - FREE radio
acl netradio_onego_ru dstdomain netradio.onego.ru
acl netradio_port port 8000

# finnish domains
acl fin_domains dstdom_regex -i \.fi$

#
acl tagaz dstdomain tagaz-stsc.ru

# video.sampo.ru - FREE video
acl video_sampo_ru dstdomain video.sampo.ru
acl video_sampo_ru_ip dst 195.161.9.1

# suzuki
acl suzuki_ftp dstdom_regex -i iar-moscow\.ru$ orion.mtw.ru


# swap.sampo.ru
acl swap_sampo_ru url_regex -i ^http://.*swap.sampo.ru.*

# swap movie
acl swap_movie url_regex -i ^http://.*\.?swap.sampo.ru.* ^http://swap.sampo.ru.*\.(css|js)$ ^http://swap.sampo.ru/(icons|img)/ ^http://swap.sampo.ru/search.php.* web.drevlanka.ru/video.* http://video.*\.drevlanka.ru.* ^http://94\.140\.224\.41
#acl swap_time time 16:00-20:59
acl swap_time time 9:00-20:59
acl swap_time_weekend time A-S 8:30-20:59
#acl swap_time_weekend time  8:30-20:59
acl swap_movie_users src 192.168.1.43 192.168.1.25 192.168.1.39 192.168.1.12 192.168.1.90 192.168.1.28


acl time_evening time 15:00-20:59

# squid sarg reports
acl sarg_reports url_regex -i mail\.spaa\.ru.*sarg

# ������ - ���� ���������� � ����� ��-�� ������ ������ 
acl karelian_forums url_regex -i "/etc/squid/site/karelian_forums.txt"

# google pack
acl google_pack url_regex -i cache\.googlevideo\.com\/packdata

# peugeot ftp
acl peugeot_ftp dstdomain ftp.eurorscgmoradpour.ru


# colorist sites
acl colorist_sites dstdom_regex -i "/etc/squid/users/colorist.txt"

acl sarg_stat url_regex -i ^http://mail.spaa.ru/sarg-weekly-reports.*
acl heads_of_depts src 192.168.1.12  192.168.1.45 192.168.1.52 192.168.1.11 192.168.1.37 192.168.1.25 192.168.1.15 192.168.1.30 192.168.1.58 192.168.1.38 192.168.1.36 192.168.1.53  192.168.1.20


##################################################
# WORK TIME
##################################################
acl work_time time MTWHFAS 08:00-22:00
deny_info ERROR_WORK_TIME work_time

acl offtime1 time 00:00-7:59
acl offtime2 time 22:00-23:59
deny_info ERROR_WORK_TIME offtime1 
deny_info ERROR_WORK_TIME offtime2

##################################################
# banners acl
##################################################
acl banners_sites url_regex -i "/etc/squid/site/banners.txt"
deny_info ERROR_STOP_BANNERS banners_sites

# ����� ������ ���������� ������ � ��������� ��������
#
acl whitelist_for_all dstdom_regex -i "/etc/squid/site/whitelist_for_all.txt"

# ������
acl blacklist_for_all dstdom_regex -i "/etc/squid/site/blacklist_for_all.txt"


# �������� �� REJIK
acl rejik_banner url_regex -i "/etc/squid/site/banlists/banner.urls"
deny_info ERROR_STOP_BANNERS rejik_banner

acl rejik_dating url_regex -i "/etc/squid/site/banlists/dating.urls"
deny_info ERROR_DATING rejik_dating

acl rejik_porno  url_regex -i "/etc/squid/site/banlists/porno.urls"
deny_info ERROR_NO_PORNO rejik_porno


# karelia banners
acl karelia_banners url_regex -i banner\.www\.karelia\.ru

# delay sites
acl delay_sites url_regex -i vkontakte odnoklass?niki recordings\.ru porn love girl sex anal hard xxx intim klubni [color=red][b]Кю[/b][/color] teen game oboi wallpaper tub\.yandex\.net videos.*\.vk\.flv vkadre\.ru glamour\.ru prikol mail\.ru.*\.flv flash.*\.swf gall.*\.jpg$ kuchaknig\.ru 


# 20071203: added acls: 1st_floor social_nets 
# 1st floor acl
acl 1st_floor src 192.168.1.12 192.168.1.39 192.168.1.18 192.168.1.19 192.168.1.14 192.168.1.17 192.168.1.25 192.168.1.33 192.168.1.13 192.168.1.27 192.168.1.20 192.168.1.26 192.168.1.30 192.168.1.24 192.168.1.15 192.168.1.16 192.168.1.35 192.168.1.21 192.168.1.63 192.168.1.62 192.168.1.41 192.168.1.42 192.168.1.43 192.168.1.45

# drive.ru big files
acl drive_ru_big_files url_regex -i "/etc/squid/site/drive_ru_big_files.txt"

# proxies
acl proxy_list dstdom_regex -i "/etc/squid/site/proxies.txt"

# social nets 
acl social_nets dstdom_regex -i "/etc/squid/site/social_nets.txt"
acl vkontakte_odnoklass_ok dstdom_regex -i ^vkontakte\.ru$ \.vkontakte\.ru$  ^odnoklassniki\.ru$ \.odnoklassniki\.ru$ ^vk\.com$ \.vk\.com$
acl vkontakte_ru dstdom_regex -i ^vkontakte\.ru$ \.vkontakte\.ru$  ^vk\.com$ \.vk\.com$ vkfarm\.elex-tech\.us$
acl odnoklass_ok dstdom_regex -i ^odnoklassniki\.ru$ \.odnoklassniki\.ru$

acl vkontakte_odnoklass_url url_regex -i (vkontakte|odnoklass?niki)
acl vkontakte_pics url_regex -i cs[0-9]+\..*u[0-9]+.*[a-z]_[a-f0-9]+\.(jpe?g|png|gif|bmp) assets.*thumbnails.*vk\.jpg assets.*videos.*\.vk\.flv \?css/rustyle.css\?[0-9]+$ \?css/profile.css\?[0-9]+$ \?js/niftycube\.js\?[0-9]+$

# vkontakte mirrors
acl vkontakte_mirror_cookie req_header Cookie -i .*remix.*remix.*remixsid=.*

# my.mail.ru
acl my_mail_ru dstdom_regex -i my\.mail\.ru

# cookie 
acl social_nets_req_cookie req_header Cookie -i (vkontakte|odnoklass?niki)
acl social_nets_rep_cookie rep_header Set-Cookie -i (vkontakte|odnoklass?niki)
acl social_nets_rep_cookie_odn rep_header Set-Cookie -i odnoklass?niki
acl social_nets_rep_cookie_vko rep_header Set-Cookie -i vkontakte


##################################################
# media acl (audio, video, archives)
##################################################
acl media_sites url_regex -i "/etc/squid/site/media.txt"
#acl media_sites_content rep_header Content-Disposition -i "/etc/squid/site/media_content.txt"
acl media_video url_regex -i "/etc/squid/site/media_video.txt"
deny_info ERROR_STOP_SOFTWARE media_sites

#################################################
# online games
#################################################
acl online_games url_regex -i "/etc/squid/site/online_games.txt"
deny_info ERROR_NO_ONLINE_GAMES online_games

acl kasper dstdom_regex -i \.kaspersky\.com$

##################################################
# icq acl
##################################################
# acl icq_login  url_regex -i ^login.icq.com
acl icq_site dstdom_regex -i \.icq\.com$ \.oscar\.aol\.com$

# qip
acl qip_sites dstdom_regex qip\.ru$

# ICQ ban list + skype site
#
acl icq_dst dst 64.12.0.0/16 205.188.0.0/16  
# 64.12.202.116

# 64.12.200.89/32 205.188.153.121/32 205.188.179.233/32 64.12.161.153/32 64.12.161.185/32 
acl icq_dstdom_regex dstdom_regex -i icq\.com aol\.com 911\.ru meebo\.com skype\.com imo\.im$ communicationtube\.net$

# skype
acl numeric_IPs url_regex ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+
acl Skype_UA browser ^skype^

# jabber 
acl jabber_dstdom url_regex -i allports\.jabber\.ru httppoll.jabber.ru jwchat\.sourceforge jwchat\.sf\.net sourceforge\.net/jwchat

# gtalk main server
acl gtalk_server dstdom_regex -i talk.*\.google\.com
# gtalk user-agent
acl gtalk_ua browser -i Google.*Talk
# gmail with chat
acl gmail_chat dstdom_regex -i chatenabled\.mail\.google\.com
# gtalk gadget
acl gtalk_gadget dstdom_regex -i talkgadget\.google\.com

# mrim ban list
acl mrim_addr dst "/etc/squid/site/banlists/mrim.dst"
acl mrim_url_regex url_regex -i mrim.*\.mail\.ru agent\.mail\.ru mra\.mail\.ru mail\.ru.*loginagent mail\.ru.*jsagent status\.mail\.ru

#  http://wiki.squid-cache.org/KnowledgeBase/FilteringChat

# Trillian
acl trillian dst 66.216.70.167/32

# Gizmoproject & voip                                                                                    
acl gizmo dstdomain .gizmoproject.com .talqer.com .gizmocall.com .fring.com .pidgin.im 

# yahoo messenger
acl ym dstdomain .messenger.yahoo.com .psq.yahoo.com .us.il.yimg.com .msg.yahoo.com .pager.yahoo.com
acl ym dstdomain .rareedge.com .ytunnelpro.com .chat.yahoo.com .voice.yahoo.com
acl ym dstdomain .skype.com .imvu.com
acl ymregex url_regex yupdater.yim ymsgr myspaceim

# msn messenger
acl msn url_regex -i gateway.dll messenger.msn.com gateway.messenger.hotmail.com
acl msn1 req_mime_type ^application/x-msn-messenger$

acl sport_video dst 87.226.136.210

# ������, � �������� ��������� ���������� ����������
acl domains_CONNECT dstdom_regex -i "/etc/squid/site/allow_CONNECT.txt"
deny_info ERROR_NO_SSL CONNECT

acl aol_connect dstdom_regex -i \.screenname\.aol\.com$


# adobe, microsoft 404 and google safebrowsing
acl adobe_microsoft_google url_regex -i \.microsoft\.com.*\.dll \.adobe\.com.*flash\.cab \.macromedia\.com.*flash\.cab sb\.google\.com google-analytics\.com googlesyndication\.com vip-ddos\.org urs\.microsoft\.com windowsupdate\.com autocontext\.begun\.ru newsrss\.bbc\.co\.uk c\.icq\.com.*infofeed ytimg\.com\/safebrowsing \.google\.com/safebrowsing

acl go_microsoft url_regex go\.microsoft\.com runonce\.msn\.com

# filesize over 99999 bytes
#acl over_100k rep_header Content-Length [1-9][0-9]{5,}

#acl pics_flash url_regex \.(gif|png|bmp|jpe?g|flv|swf)
acl pics_flash url_regex \.(gif|png|bmp|jpe?g|swf)
acl flash url_regex \.(flv|swf)

acl foto_video_mail_ru dstdom_regex -i foto\.mail\.ru video\.mail\.ru
acl all_mail_ru dstdom_regex -i \.mail\.ru$ ^mail\.ru$
acl ero_mail_ru req_header Cookie ero_accept



# icq - squid
##################################################
# acl ICQ_DOMAIN    dstdomain    cb.icq.com http.proxy.icq.com icq.com login.icq.com aol.com
# acl ICQ_ADDR    dst             64.12.0.0/16 205.188.0.0/16
acl ICQ_PORT    port            5190 443 
# acl ICQ_PROTO    proto           HTTP
# acl ICQ_DATA    url_regex \/data\? \/monitor\?



#  TAG: http_access
#    Allowing or Denying access based on defined access lists
#
#    Access to the HTTP port:
#    http_access allow|deny [!]aclname ...
#
#    NOTE on default values:
#
#    If there are no "access" lines present, the default is to deny
#    the request.
#
#    If none of the "access" lines cause a match, the default is the
#    opposite of the last line in the list.  If the last line was
#    deny, the default is allow.  Conversely, if the last line
#    is allow, the default will be deny.  For these reasons, it is a
#    good idea to have an "deny all" or "allow all" entry at the end
#    of your access lists to avoid potential confusion.
#
#Default:
# http_access deny all
#
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# ��������� ������ CONNECT
http_access allow office fake_mail_spaa_ru port_80
http_access allow office fake_mail_spaa_ru CONNECT SSL_ports
http_access deny office fake_mail_spaa_ru

# jabber ssl 
http_access allow jabber_ports CONNECT pc_90

http_access allow pc_62 CONNECT kasper
http_access allow pc_32 CONNECT kasper

# andreev qip
http_access allow pc_36 CONNECT qip_sites jabber_ports

# morozov progs: QUIK (tcp ports 200, 15100)
http_access allow pc_22 CONNECT numeric_IPs morozov_ports
http_access allow pc_61 CONNECT numeric_IPs morozov_ports
http_access allow pc_67 CONNECT numeric_IPs morozov_ports
http_access allow pc_6 CONNECT numeric_IPs morozov_ports
http_access allow pc_76 CONNECT numeric_IPs morozov_ports

# allow swap for sklad after 18:00 and 9-21 at weekend
http_access allow swap_movie swap_movie_users port_80 swap_time
http_access allow swap_movie swap_movie_users port_80 swap_time_weekend
http_access allow swap_movie swap_movie_users port_81 swap_time
http_access allow swap_movie swap_movie_users port_81 swap_time_weekend

# swap.sampo.ru
http_access allow swap_sampo_ru pc_5
http_access allow swap_sampo_ru pc_6
http_access allow swap_sampo_ru pc_37
http_access allow swap_movie pc_39
http_access allow swap_sampo_ru pc_39
http_access deny swap_sampo_ru

# Deny requests to unknown ports
http_access deny !Safe_ports

# skype ��� ��������
http_access allow pc_6 CONNECT numeric_IPs SSL_ports
http_access allow pc_61 CONNECT numeric_IPs SSL_ports
# ssl ��� ��������
http_access allow pc_6 CONNECT SSL_ports
http_access allow pc_61 CONNECT SSL_ports

# icq shikhova
http_access allow pc_38 CONNECT icq_dst work_time
# icq vlasova
http_access allow pc_36 CONNECT icq_dst work_time
# ustyugov
http_access allow pc_22 CONNECT icq_dst work_time
# icq semine
http_access allow pc_12 CONNECT icq_dst work_time
# icq bystrov
http_access allow pc_53 CONNECT icq_dst work_time

# ���� ssl
http_access allow pc_5 CONNECT work_time SSL_ports

# /me
http_access allow pc_90 CONNECT SSL_ports

# ��� �������� (�� ������ ������������ ����-��������)
http_access allow pc_9 CONNECT numeric_IPs SSL_ports
http_access allow pc_9 CONNECT SSL_ports
# ���������-���������
http_access allow pc_72 CONNECT numeric_IPs work_time SSL_ports
http_access allow pc_72 CONNECT work_time SSL_ports

# ������������ (3 ��) - allow ssl
http_access allow pc_14 CONNECT numeric_IPs work_time SSL_ports
http_access allow pc_19 CONNECT numeric_IPs work_time SSL_ports 
http_access allow pc_52 CONNECT numeric_IPs work_time SSL_ports 


# ���� ��������� ����� CONNECT �� IP-�������
# except shikhova mrim
##http_access allow pc_38 CONNECT mrim_addr work_time SSL_ports
http_access deny CONNECT numeric_IPs

# ��������� ���� SSL � ��������� �������
http_access allow domains_CONNECT work_time SSL_ports

# Deny CONNECT to other than SSL ports
# http_access deny CONNECT !SSL_ports


# � ������� ��������� ��������� CONNECT
http_access deny CONNECT

# ����� ��������� ������ CONNECT

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
# http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
# acl our_networks src 192.168.1.0/24 192.168.2.0/24
# http_access allow our_networks




################################################# Pre group

# server clamav updates
http_access allow pc_110 clamav 

# morozov
http_access allow pc_6 

# morozov // wifi
http_access allow pc_61

# antivirs
http_access allow media_sites antivir
http_access allow media_sites google_pack

http_access allow auto_mail_ru work_time all

http_access allow pc_90
# ustyugov
http_access allow pc_22


# marudenko - mail.ru attachments
http_access allow pc_74 attach_mail_ru


http_access allow office antivir
http_access allow office antivir_nets

##http_access deny office offtime1 
##http_access deny office offtime2 

# founders
http_access allow pc_80 vip_passwd
http_access allow pc_81 vip_passwd

# ������ ��������� ������ �� ����� ��, ������ � sb.google.com
http_access deny adobe_microsoft_google

http_access allow pc_74 work_time rapidshare

http_access allow pc_35 nights_ptz_ru

# BAN ICQ 
# except semin
http_access allow pc_5 icq_dst work_time
# except u.tarkaniy
http_access allow pc_20 icq_dst work_time
# except shikhova
http_access allow pc_38 icq_dst work_time
http_access allow pc_36 icq_dst work_time
# ustyugov
http_access allow pc_22 icq_dst work_time
# except semine
http_access allow pc_12 icq_dst work_time
# except bystrov
http_access allow pc_53 icq_dst work_time
http_access deny icq_dst
http_access allow pc_5 icq_dstdom_regex work_time
http_access allow pc_20 icq_dstdom_regex work_time
http_access allow pc_38 icq_dstdom_regex work_time
http_access allow pc_36 icq_dstdom_regex work_time
http_access allow pc_22 icq_dstdom_regex work_time
http_access allow pc_12 icq_dstdom_regex work_time
http_access allow pc_53 icq_dstdom_regex work_time
http_access deny icq_dstdom_regex

# MRIM
##http_access deny mrim_addr !pc_38
##http_access deny mrim_url_regex !pc_38

# ban jabber
http_access deny jabber_dstdom

# ban gtalk
http_access deny gtalk_server
http_access deny gtalk_ua
http_access deny gmail_chat
http_access deny gtalk_gadget

# ban chat protos
http_access deny msn                                                                                      
http_access deny msn1                                                                                     
http_reply_access deny msn                                                                                
http_reply_access deny msn1                                                                               

http_access deny trillian                                                                                 
http_reply_access deny trillian                                                                           

http_access deny gizmo                                                                                    
http_reply_access deny gizmo                                                                              

# Skype: ������� + �������
http_access allow pc_6 Skype_UA 
http_access allow pc_61 Skype_UA 
http_access deny Skype_UA 

# 1-�� ����� ��������� ������ ����� � ������� �������� � drive.ru
http_access deny 1st_floor drive_ru_big_files

# ����� ������ ���������� ������ (yandex, mail.ru, etc) � ��������� ��������
# ����� drive.ru
http_access allow whitelist_for_all work_time !CONNECT

http_access allow pc_14 images_yandex_ru work_time
http_access allow pc_19 images_yandex_ru work_time

http_access allow pc_5 work_time

# ban ero mail.ru
http_access deny office foto_video_mail_ru ero_mail_ru

# ban social nets 
#    exclude sokolova
http_access allow pc_20 work_time vkontakte_odnoklass_ok
#http_access allow pc_90 work_time vkontakte_ru

# bayurova
http_access allow pc_19 work_time odnoklass_ok
# shikhova
http_access allow pc_38 work_time vkontakte_ru
# proskurina
http_access allow pc_40 work_time vkontakte_ru
# semin.e
http_access allow pc_12 work_time vkontakte_ru
# maslyakov
http_access allow pc_45 work_time vkontakte_ru
# semin
http_access allow pc_5 work_time vkontakte_odnoklass_ok

http_access deny proxy_list
http_access deny vkontakte_mirror_cookie
http_access deny social_nets_req_cookie
http_access deny social_nets_rep_cookie
http_access deny vkontakte_odnoklass_url
http_access deny vkontakte_pics



# whitelist
http_access allow pc_37 work_time
http_access allow pc_74 my_mail_ru work_time


# BAN social nets
#http_access allow pc_90 social_nets
http_access deny social_nets

# ��������� Online-���� ����, ����� ��������, �������� � �. ������
http_access deny online_games

# ����� ���������
#http_access deny rejik_dating

# deny PORNO / rejik
http_access deny rejik_porno

# ban karelian forums
# except semine
http_access allow pc_30 vip_karelia_ru
http_access allow pc_12 vip_karelia_ru
# except efimov
http_access allow pc_17 vip_karelia_ru
# except anton sklad
http_access allow pc_43 vip_karelia_ru
http_access deny 1st_floor karelian_forums

# shiryaev
http_access allow pc_90  

# ������ ���������� statserv.sampo.ru
http_access allow statserv_host pc_5
http_access allow statserv_host pc_90
http_access deny statserv_ip
http_access deny statserv_host

# sarg reports
http_access allow pc_5 sarg_reports
http_access allow pc_90 sarg_reports
http_access allow heads_of_depts sarg_stat
http_access deny sarg_reports

# �������������� ������ �� �����, ��������� � ����� peugeot, hyundai, tagaz, spaa, mazda
# � ��������� �����, ������� ��������� �� ����� ��������������
# ������� � �� ��������� ������ �����
http_access deny pc_18 media_video peugeot_hyundai_tagaz_spaa
http_access deny pc_42 media_video peugeot_hyundai_tagaz_spaa
http_access deny pc_17 media_video peugeot_hyundai_tagaz_spaa
http_access deny sales_hyundai media_video peugeot_hyundai_tagaz_spaa
http_access allow peugeot_hyundai_tagaz_spaa

# telegin ����� ������ 
http_access allow pc_7 telegin_whitelist

# ���������� ���������� ����� ��� ������� � �. ������
# semin
http_access allow pc_12 media_sampo_ru
http_access allow pc_39 media_sampo_ru
http_access allow pc_43 media_sampo_ru
http_access allow pc_90 media_sampo_ru
http_access allow pc_71 media_sampo_ru
http_access allow pc_64 media_sampo_ru
http_access allow pc_71 media_sampo_ru_ip
http_access allow pc_7 media_sampo_ru

# remzona 
http_access allow pc_18 media_sampo_ru
http_access allow pc_42 media_sampo_ru
http_access allow pc_18 kalevala_trailers
http_access allow pc_18 netradio_onego_ru netradio_port
http_access allow pc_42 netradio_onego_ru netradio_port
http_access allow pc_39 netradio_onego_ru netradio_port
http_access allow pc_71 netradio_onego_ru netradio_port

# efimov
http_access allow pc_17 media_sampo_ru
http_access allow pc_17 media_sampo_ru_ip
http_access allow pc_17 netradio_onego_ru netradio_port

http_access allow pc_12 truba_karelia_ru
http_access allow pc_37 truba_karelia_ru
http_access deny truba_karelia_ru

# ��������� ����� ��� ���� ���������
http_access deny media_sampo_ru 




# baranova
http_access allow pc_7 work_time

# semin // no quota
http_access allow pc_5 work_time

###### ���������� �������� ����� � X MB (������ �������� ��. � sarg.conf)
# SERVER_UPGRADE_FIXME
##http_access deny per_user_limit

# ������� ���������
http_access allow pc_8 disk_karelia_ru
http_access allow pc_38 disk_karelia_ru
http_access allow pc_29 disk_karelia_ru
http_access deny drevlanka_servers


## ������ �������������, ��� ������� ������� �.�. 20071009 �������� �����
# ����������� �� ������, �������� ����������� �� �������

# yakovenko - glavbuh
http_access allow pc_9 

#work_time

# taborov
http_access allow pc_37 work_time
# marudenko
http_access allow pc_74 work_time
# semine
http_access allow pc_12 work_time
# telegin
http_access allow pc_7 work_time
# shikhova 
http_access allow pc_38 work_time
# tarkaniy
http_access allow pc_20 work_time
# proskurina/aladko eth
http_access allow pc_40 work_time
# pilinovich (old timonen pc)
http_access allow pc_11 work_time
# lubimov
http_access allow pc_25 work_time
# ermakova
http_access allow pc_73 work_time
# belinskiy
http_access allow pc_49 work_time 

# deny karelian banners
http_access deny karelia_banners

# blacklist for all
http_access deny blacklist_for_all

# bystrov
http_access allow pc_67 work_time
# bystrov eeepc
http_access allow pc_76 work_time
http_access allow pc_53 work_time

# google maps - potyukov, emelyanov, lubimov
http_access allow maps_google_com pc_8 work_time
http_access allow maps_google_com pc_32 work_time
http_access allow maps_google_com pc_25 work_time

# ��������������� ����� (����-, �����-, �����-, ��������, ����������) ��������� ����, ��� ����
http_access deny prikoli_failoobmen
http_access deny prikoli_regex

# stremberg
http_access allow pc_29 work_time
# melekhova
http_access allow pc_36 work_time
# hyundai logistics
http_access allow pc_47 work_time

### deny REJIK BANNERS ####################################
# http_access deny rejik_banner

# duzhik
http_access allow pc_24 work_time

# hyundai tovaroved
http_access allow pc_94 work_time


# tarkaniy
http_access allow pc_20 work_time


# neyolova
http_access allow pc_72 work_time
# smolkova olga
http_access allow pc_10 
# mironenkova
# http_access allow pc_50 work_time

# belkin
http_access allow pc_34 work_time
# volkova 
http_access allow pc_23 work_time
# potyukov
http_access allow pc_8 work_time

### deny BANNERS ##########################################
# http_access deny banners_sites


### �������� ������� � ����� ������ ���������
http_access deny media_sites

# efimov
http_access allow pc_17 work_time
# p-parts
http_access allow pc_59 work_time
# p-parts-2
http_access allow pc_60 work_time

# new test masterp
http_access allow pc_31 work_time

# peugeot masterp
http_access allow pc_68 work_time



# peugeot logistics
http_access allow pc_45 work_time
# peugeot warranty
http_access allow pc_46 work_time

# sklad2 - fedorov
http_access allow pc_39 work_time
# sklad3 - evdokimenkov
http_access allow pc_43 work_time
# sklad4
http_access allow pc_54 work_time


# ibm scanner // wifi
http_access allow pc_62 work_time
# asus scanner // wifi
http_access allow pc_63 work_time
http_access allow pc_66 work_time
http_access allow pc_70 work_time

# peugeot sales 
http_access allow pc_35 work_time 
#http_access allow pc_48 work_time peugeot_dep_site
http_access allow pc_48 work_time

##################################### access to ICQ servers
# http_access allow icq_login 
# http_access allow ICQ_DOMAIN 
# http_access allow ICQ_ADDR ICQ_PROTO 
# http_access allow ICQ_ADDR ICQ_DATA 

##################################################### Other


# masterp hyundai
http_access allow pc_13 work_time

# kredit
http_access allow pc_14 work_time
# kredit3
http_access allow pc_52 work_time

# remzona-eth
http_access deny pc_18 numeric_IPs
http_access deny pc_18 flash
http_access allow pc_18 work_time minimum_ports
#http_access allow pc_18 work_time minimum_ports remzona_sites

# peugeot remzona
http_access deny pc_42 numeric_IPs
http_access allow pc_42 work_time minimum_ports

# bayurova
http_access allow pc_19 work_time

# receptionist hyundai
http_access allow pc_27 work_time
# service-secretary
http_access allow pc_82 work_time
# receptionist-2
http_access allow pc_21 work_time

# hyundai parts
http_access allow pc_69 work_time

# receptionist4 (old mazda1) wifi
http_access allow pc_41 work_time

# kassa
http_access allow pc_26 work_time port_80

# filatova-eth
http_access allow pc_28 work_time
# old morozov laptop
http_access allow pc_51 work_time

# masterp 
http_access allow pc_33 work_time
http_access allow pc_152 work_time


# wifi bug ELINA
#http_access allow pc_65 work_time

# shandrokha-eth
http_access allow pc_32 work_time
# carbody2
http_access allow pc_58 work_time
# barimov
http_access allow pc_75 work_time

# colourist
http_access allow pc_71 work_time 
#http_access allow pc_71 
##http_access allow pc_71 work_time colorist_sites
##http_access allow pc_71 work_time vip_karelia_ru GET

# sales / trade-in
#http_access allow pc_30 work_time sales_dep_site
http_access allow pc_30 work_time 

# sales1
#http_access allow pc_16 work_time  sales_dep_site
http_access allow pc_16 work_time

# sales suzuki
http_access allow pc_15 work_time 



############################################################
# And finally DENY ALL other access to this proxy
############################################################
http_access deny all


#  TAG: http_reply_access
#        Allow replies to client requests. This is complementary to http_access.
#
#        http_reply_access allow|deny [!] aclname ...
#
#        NOTE: if there are no access lines present, the default is to allow
#    all replies
#
#        If none of the access lines cause a match the opposite of the
#        last line will apply. Thus it is good practice to end the rules
#        with an "allow all" or "deny all" entry.
#
#Default:
# http_reply_access allow all
#
#Recommended minimum configuration:
#
# Insert your own rules here.
#
http_reply_access deny media_by_mime !pc_5 !pc_6 !pc_61 
# bayurova
http_reply_access allow pc_19 social_nets_rep_cookie_odn
# sokolova
http_reply_access allow pc_20 social_nets_rep_cookie_vko
# shikhova
http_reply_access allow pc_38 social_nets_rep_cookie_vko
# proskurina
http_reply_access allow pc_40 social_nets_rep_cookie_vko
# semin.e
http_reply_access allow pc_12 social_nets_rep_cookie_vko
# maslyakov
http_reply_access allow pc_45 social_nets_rep_cookie_vko
http_reply_access deny social_nets_rep_cookie !pc_5 !pc_6 !pc_61 !pc_38 !pc_45 !pc_40 !pc_12  !pc_60 !pc_27  !pc_59

# and finally allow by default
http_reply_access allow all


icp_access allow all

reply_body_max_size 900000000 allow !pc_5 !pc_6 !pc_61 !pc_22 !pc_90 !pc_7 !media_sampo_ru !peugeot_ftp !antivir !google_pack !kalevala_trailers !truba_karelia_ru !suzuki_ftp !whitelist_for_all !netradio_onego_ru !swap_sampo_ru !disk_karelia_ru !rapidshare !endymion !swap_movie  !pc_74 !pc_43



forwarded_for off


always_direct allow suzuki_ftp


error_directory /etc/squid/errors


snmp_port 0



# DELAY POOL PARAMETERS (all require DELAY_POOLS compilation option)
# -----------------------------------------------------------------------------

#  TAG: delay_pools
#    This represents the number of delay pools to be used.  For example,
#    if you have one class 2 delay pool and one class 3 delays pool, you
#    have a total of 2 delay pools.
#
#Default:
# delay_pools 0
delay_pools 4


delay_class 1 1
delay_class 2 1
delay_class 3 1
delay_class 4 1

#  TAG: delay_access
#    This is used to determine which delay pool a request falls into.
#
#    delay_access is sorted per pool and the matching starts with pool 1,
#           then pool 2, ..., and finally pool N. The first delay pool where the
#           request is allowed is selected for the request. If it does not allow
#    the request to any pool then the request is not delayed (default).
#
#          For example, if you want some_big_clients in delay
#    pool 1 and lotsa_little_clients in delay pool 2:
#
#Example:
# delay_access 1 allow some_big_clients
# delay_access 1 deny all
# delay_access 2 allow lotsa_little_clients
# delay_access 2 deny all
#
#Default:
# none

delay_access 1 deny pc_5
delay_access 1 deny pc_6
delay_access 1 deny pc_61
delay_access 1 deny pc_60
delay_access 1 deny pc_90
# whitelist
delay_access 1 deny peugeot_hyundai_tagaz_spaa
delay_access 1 deny whitelist_for_all
delay_access 1 deny swap_movie
delay_access 1 allow delay_sites
delay_access 1 deny all


# �� ��������� �������� ������ ����� ��� �������
delay_access 2 deny peugeot_hyundai_tagaz_spaa
delay_access 2 deny whitelist_for_all

# ��������� �������� � ���� ��� �������
# delay_access 2 deny pc_18 truba_karelia_ru
delay_access 2 allow pc_18 pics_flash
delay_access 2 deny all


#delay_access 3 allow pc_16 flash
#delay_access 3 allow pc_30 flash
delay_access 3 allow pc_71 flash
delay_access 3 deny all


# swap films
delay_access 4 allow swap_movie_users swap_movie
delay_access 4 deny all


# ��� - ������ ������ � delay_sites
delay_parameters 1 7000/7000
# ������� - �������� � ���� >100k 
delay_parameters 2 90000/90000

# sales - delay flash
delay_parameters 3 5000/5000

# swap movies - sklad
# limit 1 mbps
delay_parameters 4 1000000/1000000

комменты, правда, все равно пришлось маленько подрезать иначе непринимает текстареа...

Уважаемые посетители!

Помогите пожалуйста со squidom

Сообщений 7

1 Тема от maximus-asoi 21.08.2010 17:41:40 (21.08.2010 17:44:37 отредактировано maximus-asoi)

2 Ответ от kisil 21.08.2010 18:36:22

3 Ответ от maximus-asoi 21.08.2010 20:02:05 (21.08.2010 20:04:17 отредактировано maximus-asoi)

4 Ответ от kisil 21.08.2010 23:41:16

5 Ответ от maximus-asoi 22.08.2010 09:09:45

6 Ответ от kisil 22.08.2010 16:19:19

7 Ответ от maximus-asoi 22.08.2010 17:05:16

Сообщений 7

Просматривают тему: 2 гостей, 0 пользователей