{"id":270,"date":"2011-10-18T23:17:33","date_gmt":"2011-10-18T21:17:33","guid":{"rendered":"http:\/\/diablo.craem.net\/wordpress\/?p=270"},"modified":"2011-10-18T23:17:33","modified_gmt":"2011-10-18T21:17:33","slug":"squid-active-directory-parte-4","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=270","title":{"rendered":"Squid + Active Directory ::parte 4::"},"content":{"rendered":"<p>Ahora nos toca configurar el squid&#8230;.  suponemos que tenemos un grupo de usuarios en la empresa que no queremos que accedan al facebook, twitter y alguna red social m\u00e1s:<br \/>\neditamos el fichero <em>\/etc\/init.d\/squid.conf<\/em> y lo dejamos tal que:<br \/>\n<code><br \/>\nauth_param ntlm program \/usr\/bin\/ntlm_auth --helper-protocol=squid-2.5-ntlmssp<br \/>\nauth_param ntlm children 5<br \/>\nauth_param ntlm keep_alive on<br \/>\nauth_param basic program \/usr\/bin\/ntlm_auth --helper-protocol=squid-2.5-ntlmssp<br \/>\nauth_param basic children 5<br \/>\nauth_param basic realm Squid proxy-caching web server<br \/>\nauth_param basic credentialsttl 2 hours<br \/>\nauth_param basic casesensitive off<br \/>\nacl authenticated proxy_auth REQUIRED<br \/>\n########################################<br \/>\n## definimos puertos navegacion<br \/>\n########################################<br \/>\nacl https proto https<br \/>\nacl port_80 port 80<br \/>\nacl bad url_regex \"\/etc\/squid\/squid_block.acl\" # webs bloqueadas a todos<br \/>\nacl webs_redes_sociales url_regex \"\/etc\/squid\/webs_redes_sociales.acl\"<br \/>\nacl usuarios_sin_redes_sociales proxy_auth \"\/etc\/squid\/usuarios_sin_redesociales.acl\"<br \/>\nacl authenticated proxy_auth REQUIRED<br \/>\nhttps_access deny https port_80 webs_redes_sociales usuarios_sin_redes_sociales<br \/>\nhttps_access allow authenticated<br \/>\nhttps_access deny bad<br \/>\nacl all src all<br \/>\nacl manager proto cache_object<br \/>\nacl localhost src 127.0.0.1\/32<br \/>\nacl to_localhost dst 127.0.0.0\/8<br \/>\naccess_log \/var\/log\/squid\/access.log squid<br \/>\n#<br \/>\n<\/code><br \/>\nEmpezamos definiendo ficheros en <em>\/etc\/squid<\/em><br \/>\nWebs bloqueadas a todos, por ejemplo pornotube&#8230;. (sin palabras)<br \/>\n<code><br \/>\n# nano \/etc\/squid\/squid_block.acl<br \/>\n<\/code><br \/>\ny a\u00f1adimos<br \/>\n<code><br \/>\npornotube<br \/>\nyoutube<br \/>\nplanetacom<br \/>\nsex<br \/>\n<\/code><br \/>\nSi ponemos algo que contenga estas palabras, sencillamente lo bloquear\u00e1 \ud83d\ude42<br \/>\nAhora creamos el fichero <em>\/etc\/squid\/webs_redes_sociales.acl<\/em> que contendr\u00e1 la lista de las webs a bloquear de redes sociales.<br \/>\n<code><br \/>\nnano \/etc\/squid\/webs_redes_sociales.acl<br \/>\n<\/code><br \/>\ny a\u00f1adimos<br \/>\n<code><br \/>\nfacebook<br \/>\nhotmail<br \/>\ngmail<br \/>\nmsn<br \/>\nyahoo<br \/>\nforo<br \/>\ntwitter<br \/>\ntuit<br \/>\n<\/code><br \/>\nY ahora la lista de usuarios para bloquear&#8230;<br \/>\n<code><br \/>\n# nano \/etc\/squid\/usuarios_sin_redesociales.acl<br \/>\n<\/code><br \/>\ny a capar \ud83d\ude42<br \/>\n<code><br \/>\nmanolito.gafotas<br \/>\npepito.perez<br \/>\nmaria.delao<br \/>\n<\/code><br \/>\nhacemos un reload y listo \ud83d\ude42<br \/>\n<code><br \/>\n# \/etc\/init.d\/squid force-reload<br \/>\n<\/code><br \/>\nY el resto, con imaginaci\u00f3n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ahora nos toca configurar el squid&#8230;. suponemos que tenemos un grupo de usuarios en la empresa que no queremos que accedan al facebook, twitter y alguna red social m\u00e1s: editamos el fichero \/etc\/init.d\/squid.conf y lo dejamos tal que: auth_param ntlm program \/usr\/bin\/ntlm_auth &#8211;helper-protocol=squid-2.5-ntlmssp auth_param ntlm children 5 auth_param ntlm keep_alive on auth_param basic program \/usr\/bin\/ntlm_auth [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[16,58,97,102,177],"class_list":["post-270","post","type-post","status-publish","format-standard","hentry","category-linux","tag-active-directory","tag-debian","tag-kerberos","tag-linux-2","tag-squid"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=270"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/270\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}