SQUID www.sii.cl

Cristian Rodriguez judas.iscariote en gmail.com
Jue Nov 25 18:45:29 CLST 2004


estimado..yo tuve el mismo problema,la unica forma de solucionarlo que
encontree fue excluyendo a la ip del sii que pase por el proxy usando
iptables.




On Thu, 25 Nov 2004 18:39:53 -0300 (CLST), OLIVAREZ COTAL JOSE LUIS
<joolivar en ing.uchile.cl> wrote:
> Que esta mal ya que no puedo hacer que squid navege por www.sii.cl en
> forma segura esta configurado con
> 
> %configure \
>     --exec_prefix=/usr \
>     --bindir=%{_sbindir} \
>     --libexecdir=%{_libdir}/squid \
>     --localstatedir=/var \
>     --sysconfdir=/etc/squid \
>     --enable-poll \
>     --enable-snmp \
>     --enable-removal-policies="heap,lru" \
>     --enable-storeio="aufs,coss,diskd,null,ufs" \
>     --enable-ssl \
>     --enable-arp-acl \
>     --enable-delay-pools \
>     --enable-linux-netfilter \
>     --with-pthreads \
>     --enable-ntlm-auth-helpers="SMB,winbind" \
> 
> --enable-external-acl-helpers="ip_user,ldap_group,unix_group,wbinfo_group,winbind_group"
> \
>     --enable-auth="basic,ntlm" \
>     --with-winbind-auth-challenge \
>     --enable-useragent-log \
>     --enable-referer-log \
>     --disable-dependency-tracking \
>     --enable-cachemgr-hostname=localhost \
>     --disable-ident-lookups \
>     --enable-truncate \
>     --enable-underscores \
>     --datadir=%{_datadir} \
> 
> --enable-basic-auth-helpers="LDAP,MSNT,NCSA,PAM,SMB,YP,getpwnam,multi-domain-NTLM,SASL,winbind"
> de un spec FC2
>   , la salida del squid es
> 192.168.0.161 - - [25/Nov/2004:18:29:24 -0300] "GET
> http://accesos.sii.cl/cert/hit.dll? HTTP/1.1" 200 471 TCP_MISS:DIRECT
> 192.168.0.161 - - [25/Nov/2004:18:29:27 -0300] "GET
> http://accesos.sii.cl/cert/hit.dll? HTTP/1.1" 200 471 TCP_MISS:DIRECT
> 
> Y el Archivo de configuracion
>   http_port 3128
>   ssl_unclean_shutdown off
>   icp_port 3130
> hierarchy_stoplist cgi-bin ?
> acl QUERY urlpath_regex cgi-bin \?
> no_cache deny QUERY
>   cache_mem 256 MB
>   cache_swap_low 90
>   cache_swap_high 95
>   cache_dir ufs /var/spool/squid 256 16 256
>   cache_access_log /var/log/squid/access.log
>   cache_log /var/log/squid/cache.log
>   cache_store_log /var/log/squid/store.log
>   emulate_httpd_log on
>   log_ip_on_direct on
>   mime_table /etc/squid/mime.conf
>   pid_filename /var/run/squid.pid
>   debug_options ALL,1
>   ftp_user Squid@
>   ftp_sanitycheck on
> auth_param basic children 5
> auth_param basic realm Squid proxy-caching web server
> auth_param basic credentialsttl 2 hours
> refresh_pattern ^ftp:           1440    20%     10080
> refresh_pattern ^gopher:        1440    0%      1440
> refresh_pattern .               0       20%     4320
> acl all src 0.0.0.0/0.0.0.0
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443 563
> acl CONNECT method CONNECT
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
> http_access deny !Safe_ports
> http_access allow localhost
> icp_access allow all
> httpd_accel_host virtual
> 
> httpd_accel_port 80 443 8080 19720 19721 10000
> httpd_accel_with_proxy on
> httpd_accel_uses_host_header on
> httpd_accel_single_host off
>   logfile_rotate 10
>   icon_directory /usr/share/squid/icons
> error_directory /etc/squid/errors
> coredump_dir /var/spool/squid
> http_access allow Safe_ports
> acl ppp arp  La_mac
> http_access allow ppp  all
> http_access  deny all
> 
> La cosa es que quieren controlar el acceso a internet por lo que deje nat
> y trato de usar un proxy transparente
> cualquier ayuda se agradece
> 
>


Más información sobre la lista de distribución Linux