Squid ?? Debian Jessie

????????? ???????????
vim /etc/apt/sources.list:

deb http://ftp.ua.debian.org/debian/ jessie main

aptitude update
aptitude install squid3 squid-langpack apache2 apache2-utils iptables-persistent

??????????? squid ?? ??????????? ?? ??????/??????. ?????? ????? ???????????? ? ????????????? ???? (digest authentication)
vim /etc/squid3/squid.conf:

#digest auth
auth_param digest program /usr/lib/squid3/digest_file_auth -c /etc/squid3/internet_users
auth_param digest realm squid
auth_param digest children 5
acl auth_users proxy_auth REQUIRED
http_access allow auth_users

#acls
acl bad_url url_regex "/etc/squid3/acl/bad_url.domain"
acl upload url_regex "/etc/squid3/acl/upload.domain"
acl filetypes urlpath_regex -i "/etc/squid3/acl/filetypes"
acl banners url_regex "/etc/squid3/acl/ads"
acl blockkeywords url_regex -i "/etc/squid3/acl/keywords"
acl blockip dst "/etc/squid3/acl/bad_ip"
http_access deny banners
http_access deny filetypes
http_access deny upload
http_access deny bad_url
http_access deny blockkeywords
http_access deny blockip

#make web pages load faster
request_header_access Referer deny all
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all

http_access deny all

#hide IP address
forwarded_for off

error_directory /usr/share/squid3/errors/Russian-1251
http_port 8080
visible_hostname myhostname

??????? ????????????? squid
htdigest -c /etc/squid3/internet_users squid user1
htdigest /etc/squid3/internet_users squid user2
chown -R proxy:proxy /etc/squid3/internet_users
chmod 640 /etc/squid3/internet_users

?????? acl ?????? ???????
mkdir /etc/squid3/acl
vim /etc/squid3/acl/bad_url.domain:

facebook.com
twitter.com
vk.com
odnoklassniki.ru
ok.ru
myspace.com
my.mail.ru

vim /etc/squid3/acl/upload.domain:

rutracker.org
rutor.org
ex.ua

vim /etc/squid3/acl/filetypes:

\.(torrent)$
\.(exe)$
\.(bin)$

vim /etc/squid3/acl/ads:

^http://r\.mail\.ru/(cl)?b[[:digit:]]+
^http://images\.rambler\.ru/upl/
^http://(www\.)?sunradio\.ru/upload/bx/
^http://(www\.)?nnm\.ru/ban/
^http://(www\.)?java2phone\.ru/pict/b
^http://([[:alpha:]]+[[:digit:]]*\.)+bigmir\.net
^http://[[:alpha:]]+[[:digit:]]*\.[[:digit:]]+mdn\.net/viewad/
^http://(www\.)?nasvyazi\.ru/img/banner_
^http://(www\.)?games\.ru/b/
^http://(www\.)?computerra\.ru/upload/bx/
^http://(www\.)?finbs\.ru/Upload/
^http://(www\.)?torrents\.ru/forum/bn/
^http://(www\.)?powerclip\.ru/baner/
^http://(www\.)?nnm\.ru/rec/[[:digit:]]+/banner
^http://[[:alpha:]-]+\.nnm\.ru/rec/[[:digit:]]+/
^http://i\.ru-board\.com/temp/
^http://adserv\.top500\.org/b/
^http://([[:alpha:]-]+\.)+traf\.spb\.ru/(upload|b)/
^http://([[:alpha:]-]+\.)*inf\.by/i/b/
^http://(www\.)?gzt\.ru/files/
^http://([[:alnum:]]+\.)*ru-board\.com/board/temp/
^http://(www\.)?rb\.ru/img/content/ushki/

vim /etc/squid3/acl/keywords:

fuck
sex
porno
naked
condon

vim /etc/squid3/acl/bad_ip:

173.252.120.6
199.16.156.70
87.240.131.118
217.20.147.94
216.178.46.224
94.100.180.25

invoke-rc.d squid3 restart

??????????? ?????????? ????? free-sa
cd /usr/src
wget http://sourceforge.net/projects/free-sa/files/free-sa-dev/2.0.0b6p7/free-sa-2.0.0b6p7.tar.gz
tar xzf free-sa-2.0.0b6p7.tar.gz
cd /usr/src/free-sa-2.0.0b6p7
cp configs/ubuntu-i586-gcc4.mk configs/ubuntu-x86_64-gcc4.mk

? ????? configs/ubuntu-x86_64-gcc4.mk ????? ???????? -march=$(SARCH) ?? -march=native
vim global.mk:

#OSTYPE = generic-any-cc
OSTYPE = ubuntu-x86_64-gcc4

make install
????????????? ?????? ?????????? ? cron
vim /etc/free-sa/free-sa_day:

#!/bin/bash
umask 0022
free_sa=/usr/bin/free-sa
date1=`date +%x`
$free_sa -d $date1-

vim /etc/crontab:

0 23 * * * root /etc/free-sa/free-sa_day

??????????? apache ??? ????????? ?????????? ????? ??? ?? ??????/??????
vim /etc/apache2/conf-enabled/freesa.conf:

Alias /fsa /var/www/free-sa/
<Directory /var/www/free-sa/>
  DirectoryIndex index.html
   AuthType Digest
   AuthName "freesa"
   AuthUserFile /etc/free-sa/.htpasswd
   Require valid-user
</Directory>

??????? ?????????????, ??????? ????? ????????????? ??????????
htdigest -c /etc/free-sa/.htpasswd freesa user1
htdigest /etc/free-sa/.htpasswd freesa user2

invoke-rc.d apache2 reload
?????????? ????? ???????? ?? ?????? http://localhost/fsa
???????? ????????? ??????? ? ????:
vim /etc/sysctl.conf:

net.ipv4.ip_forward=1

sysctl -p
vim /etc/rc.local:

sysctl -p

????????? ?????

iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -I INPUT 2 -s 192.168.0.0/24 -d 192.168.0.1 -i eth0 -p tcp -m state --state NEW -m multiport --dports 80,8080 -j ACCEPT
invoke-rc.d netfilter-persistent save

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *