1. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430<\/h4>\nportsnap fetch update\r\nportmaster www\/squid<\/pre>\n\u041f\u0440\u0438 \u0432\u044b\u0431\u043e\u0440\u0435 \u043e\u043f\u0446\u0438\u0439 – \u043c\u043d\u0435 \u0445\u0432\u0430\u0442\u0438\u043b\u043e \u0438\u0445 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043d\u043e, \u043d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439, \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0442\u0430\u043a\u0438\u0435:<\/p>\n
\u0412 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u0445 \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c, \u0447\u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 (IPFW) \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 LARGEFILE,\u00a0ECAP, SSL, SSL_CRTD, \u0430 \u0442\u0430\u043a\u0436\u0435, \u0435\u0441\u043b\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430, \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f HTTP-\u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u043f\u0446\u0438\u0439 via, request_header_access),\u00a0 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u043c LAX_HTTP, \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 Squid \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c –enable-http-violations.<\/p>\n
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq squid-3.5.27_3 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk\r\n x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x\r\n x x+[x] ARP_ACL ARP\/MAC\/EUI based authentification x x\r\n x x+[x] CACHE_DIGESTS Use cache digests x x\r\n x x+[ ] DEBUG Build with extended debugging support x x\r\n x x+[x] DELAY_POOLS Delay pools (bandwidth limiting) x x\r\n x x+[x] DOCS Build and\/or install documentation x x\r\n x x+[\u0445] ECAP Loadable content adaptation modules x x<\/span>\r\n x x+[ ] ESI ESI support x x\r\n x x+[x] EXAMPLES Build and\/or install examples x x\r\n x x+[x] FOLLOW_XFF Support for the X-Following-For header x x\r\n x x+[x] FS_AUFS AUFS (threaded-io) support x x\r\n x x+[x] FS_DISKD DISKD storage engine controlled by separate service x x\r\n x x+[x] FS_ROCK ROCK storage engine x x\r\n x x+[x] HTCP HTCP support x x\r\n x x+[x] ICAP the ICAP client x x\r\n x x+[x] ICMP ICMP pinging and network measurement x x\r\n x x+[x] IDENT Ident lookups (RFC 931) x x\r\n x x+[x] IPV6 IPv6 protocol support x x\r\n x x+[x] KQUEUE Kqueue(2) support x x\r\n x x+[x] LARGEFILE Support large (>2GB) cache and log files x x<\/span>\r\n x x+[x] LAX_HTTP Do not enforce strict HTTP compliance x x<\/span>\r\n x x+[ ] NETTLE Nettle MD5 algorithm support x x\r\n x x+[x] PCRE Use Perl Compatible Regular Expressions x x\r\n x x+[x] SNMP SNMP support x x\r\n x x+[x] SSL SSL gatewaying support x x<\/span>\r\n x x+[x] SSL_CRTD Use ssl_crtd to handle SSL cert requests x x<\/span>\r\n x x+[ ] STACKTRACES Enable automatic backtraces on fatal errors x x\r\n x x+[x] VIA_DB Forward\/Via database x x\r\n x x+[x] WCCP Web Cache Coordination Protocol x x\r\n x x+[x] WCCPV2 Web Cache Coordination Protocol v2 x x\r\n x xqqqqqqqqqqqqqqqqqqqqqqqqqq Authentication helpers qqqqqqqqqqqqqqqqqqqqqqqqx x\r\n x x+[ ] AUTH_LDAP Install LDAP authentication helpers x x\r\n x x+[x] AUTH_NIS Install NIS\/YP authentication helpers x x\r\n x x+[ ] AUTH_SASL Install SASL authentication helpers x x\r\n x x+[ ] AUTH_SMB Samba authentication helpers x x\r\n x x+[ ] AUTH_SQL Install SQL based auth x x\r\n x xqqqqqqqqqqqqqqqqqqqqqqq GSSAPI Security API support qqqqqqqqqqqqqqqqqqqqqqx x\r\n x x+( ) GSSAPI_NONE Disable GSSAPI support x x\r\n x x+(*) GSSAPI_BASE GSSAPI support via base system (needs Kerberos) x x\r\n x x+( ) GSSAPI_HEIMDAL GSSAPI support via security\/heimdal x x\r\n x x+( ) GSSAPI_MIT GSSAPI support via security\/krb5 x x\r\n x xqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq FW qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqx x\r\n x x+( ) TP_IPF Transparent proxying with IPFilter x x\r\n x x+(*) TP_IPFW Transparent proxying with IPFW x x<\/span>\r\n x x+( ) TP_PF Transparent proxying with PF x x\r\n x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x\r\n tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu\r\n x < OK > <Cancel> x\r\n mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj<\/pre>\n2. \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430<\/h4>\n
\u041f\u0440\u0430\u0432\u0438\u043c<\/p>\n
\/usr\/local\/etc\/squid\/squid.conf<\/pre>\n#\r\n# Recommended minimum configuration:\r\n#\r\n\r\nvisible_hostname squid\r\ndns_nameservers 194.44.219.162 8.8.8.8\r\n\r\n# Example rule allowing access from your local networks.\r\n# Adapt to list your (internal) IP networks from where browsing\r\n# should be allowed\r\n#acl localnet src 10.0.0.0\/8 # RFC1918 possible internal network\r\n#acl localnet src 172.16.0.0\/12 # RFC1918 possible internal network\r\nacl localnet src 192.168.113.0\/24 # RFC1918 possible internal network\r\n#acl localnet src fc00::\/7 # RFC 4193 local private network range\r\n#acl localnet src fe80::\/10 # RFC 4291 link-local (directly plugged) machines\r\n\r\nacl SSL_ports port 443\r\nacl Safe_ports port 80 # http\r\nacl Safe_ports port 21 # ftp\r\nacl Safe_ports port 443 # https\r\nacl Safe_ports port 70 # gopher\r\nacl Safe_ports port 210 # wais\r\nacl Safe_ports port 1025-65535 # unregistered ports\r\nacl Safe_ports port 280 # http-mgmt\r\nacl Safe_ports port 488 # gss-http\r\nacl Safe_ports port 591 # filemaker\r\nacl Safe_ports port 777 # multiling http\r\nacl CONNECT method CONNECT\r\n\r\n# \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 acl \u0441\u043f\u0438\u0441\u043a\u043e\u0432 \u0434\u043b\u044f users \u0438 urls\/domain: \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043d\u044b\u0435, \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \r\n# \u0438 \u0433\u0440\u0443\u043f\u043f\u0430 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (\u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430)\r\nacl denied_users src \"\/usr\/local\/etc\/squid\/denied_users\"\r\nacl denied_urls url_regex \"\/usr\/local\/etc\/squid\/denied_urls\"\r\nacl allowed_users src \"\/usr\/local\/etc\/squid\/allowed_users\"\r\n#acl allowed_urls url_regex \"\/usr\/local\/etc\/squid\/allowed_urls\"\r\n#acl extended_access_group src \"\/usr\/local\/etc\/squid\/extended_access_group\"\r\n\r\n# Deny requests to certain unsafe ports\r\nhttp_access deny !Safe_ports\r\n\r\n# Deny CONNECT to other than secure SSL ports\r\nhttp_access deny CONNECT !SSL_ports\r\n\r\n# Only allow cachemgr access from localhost\r\nhttp_access allow localhost manager\r\nhttp_access deny manager\r\n\r\n## \u0420\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043a\u043e\u043d\u043d\u0435\u043a\u0442 \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443, \u0435\u0441\u043b\u0438 https\r\nhttp_access allow localnet CONNECT\r\n\r\n## \u0417\u0430\u043f\u0440\u0435\u0449\u0430\u0435\u043c \u0432\u0441\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b\r\nhttp_access deny denied_users denied_urls\r\nhttp_access allow allowed_users\r\n\r\n## \u042d\u0442\u0438\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u043e\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u0432\u0441\u0435\u043c \u043a\u0442\u043e \u043d\u0435 \u0432 \u0433\u0440\u0443\u043f\u043f\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0445\u043e\u0434\u0438\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430\r\n# \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b\r\n# http_access deny !extended_access_group !allowed_urls\r\n\r\nhttp_access allow localnet\r\nhttp_access allow localhost\r\nhttp_access deny all\r\n\r\n## \u041e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0434\u0438\u043d \u0438\u0437 \u043f\u043e\u0440\u0442\u043e\u0432 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0432 \u0442\u0430\u043a\u043e\u043c \u0432\u0438\u0434\u0435 \u0438 \u044f\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0437\u0430\u0433\u043b\u0443\u0448\u043a\u043e\u0439\r\nhttp_port 3130<\/span>\r\nhttp_port 3128 intercept\r\nhttps_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=\/usr\/local\/etc\/squid\/squidCA.pem\r\n\r\nalways_direct allow all\r\nsslproxy_cert_error allow all\r\nsslproxy_flags DONT_VERIFY_PEER\r\n\r\n\r\n## \u041f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f ssl\r\n\r\n# \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0441\u043e \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (\u0432 \u0444\u0430\u0439\u043b\u0435 \u0434\u043e\u043c\u0435\u043d\u044b \u0432\u0438\u0434\u0430 .domain.com)\r\nacl blocked ssl::server_name_regex \"\/usr\/local\/etc\/squid\/denied_urls\"\r\nacl step1 at_step SslBump1\r\nssl_bump peek step1\r\n\r\n# \u0442\u0435\u0440\u043c\u0438\u043d\u0438\u0440\u0443\u0435\u043c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435, \u0435\u0441\u043b\u0438 \u043a\u043b\u0438\u0435\u043d\u0442 \u0437\u0430\u0445\u043e\u0434\u0438\u0442 \u043d\u0430 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043d\u044b\u0439 \u0440\u0435\u0441\u0443\u0440\u0441\r\nssl_bump terminate blocked\r\nssl_bump splice all\r\n\r\nsslcrtd_program \/usr\/lib\/squid\/ssl_crtd -s \/var\/lib\/ssl_db -M 4MB\r\n\r\n# Uncomment and adjust the following to add a disk cache directory.\r\n#cache_dir ufs \/var\/squid\/cache 100 16 256\r\n\r\n# Leave coredumps in the first cache dir\r\ncoredump_dir \/var\/squid\/cache\r\n\r\nrefresh_pattern ^ftp: 1440 20% 10080\r\nrefresh_pattern ^gopher: 1440 0% 1440\r\nrefresh_pattern -i (\/cgi-bin\/|\\?) 0 0% 0\r\nrefresh_pattern . 0 20% 4320<\/pre>\n\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0444\u0430\u0439\u043b\u044b:<\/p>\n
touch \/usr\/local\/etc\/squid\/denied_urls\r\ncat \/usr\/local\/etc\/squid\/denied_urls\r\n.pornhub.com\r\n.xxx.com\r\ntouch \/usr\/local\/etc\/squid\/denied_users\r\ncat \/usr\/local\/etc\/squid\/denied_users\r\n192.168.113.110 # menagers dep\r\n192.168.113.203 # \r\n\r\ntouch \/usr\/local\/etc\/squid\/allowed_users\r\ncat \/usr\/local\/etc\/squid\/allowed_users\r\n192.168.113.0\/24 # \u0432\u0441\u044f \u0441\u0435\u0442\u044c\r\ntouch \/usr\/local\/etc\/squid\/extended_access_group\r\ncat \/usr\/local\/etc\/squid\/extended_access_group\r\n192.168.0.12 # Masha\r\n192.168.0.15 # Direktor\r\n192.168.0.53 # Sasha\r\n192.168.0.54 # My Note<\/pre>\n\u0414\u0435\u043b\u0430\u0435\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442<\/p>\n
cd \/usr\/local\/etc\/squid\/\r\nopenssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout squidCA.pem -out squidCA.pem<\/pre>\n\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432 \/etc\/rc.conf<\/p>\n
squid_enable=\"YES\"<\/pre>\n\u0418\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c \u043a\u0435\u0448:<\/p>\n
squid -z<\/pre>\n\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0432 IPFW<\/p>\n
### LAN\r\n${ipfw} add allow ip from any to any via ${lan}\r\n\r\n### SQUID \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u044b\u0439\r\n${ipfw} add fwd 127.0.0.1,3128 tcp from table\\(0\\) to any 80 out via ${wan}\r\n${ipfw} add fwd 127.0.0.1,3129 tcp from table\\(0\\) to any 443 out via ${wan}<\/pre>\n\u041f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c IPFW \u0438 \u0441\u0442\u0430\u0440\u0442\u0443\u0435\u043c squid:<\/p>\n
\/etc\/rc.d\/ipfw restart\r\nservice squid start<\/pre>\n\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c.<\/p>\n
https:\/\/www.ew8bak.ru\/2017\/02\/14\/<\/a><\/p>\nhttps:\/\/wiki.squid-cache.org\/ConfigExamples\/Intercept\/Ipfw<\/a><\/p>\n <\/p>\n
![\"image_pdf\"](\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/pdf.png\" "\\"View")
<\/a>![\"image_print\"](\"https:\/\/tst-amo.net.ua\/blog\/wp-content\/plugins\/pdf-print\/images\/print.png\" "\\"Print")
<\/a><\/div>","protected":false},"excerpt":{"rendered":"\u0421\u0438\u0441\u0442\u0435\u043c\u0430: uname -a 11.1-RELEASE-p8 FreeBSD 11.1-RELEASE-p8 #0: root@amd64-builder.daemonology.net:\/usr\/obj\/usr\/src\/sys\/GENERIC amd64 1. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 portsnap fetch update portmaster www\/squid \u041f\u0440\u0438 \u0432\u044b\u0431\u043e\u0440\u0435 \u043e\u043f\u0446\u0438\u0439 – \u043c\u043d\u0435 \u0445\u0432\u0430\u0442\u0438\u043b\u043e \u0438\u0445 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043d\u043e, \u043d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439, \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0442\u0430\u043a\u0438\u0435: \u0412 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u0445 \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c, \u0447\u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 (IPFW) \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 LARGEFILE,\u00a0ECAP, SSL, SSL_CRTD, \u0430 \u0442\u0430\u043a\u0436\u0435, \u0435\u0441\u043b\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430, …<\/p>\n
\u041f\u0440\u0438 \u0432\u044b\u0431\u043e\u0440\u0435 \u043e\u043f\u0446\u0438\u0439 – \u043c\u043d\u0435 \u0445\u0432\u0430\u0442\u0438\u043b\u043e \u0438\u0445 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043d\u043e, \u043d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439, \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0442\u0430\u043a\u0438\u0435:<\/p>\n
\u0412 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u0445 \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c, \u0447\u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 (IPFW) \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 LARGEFILE,\u00a0ECAP, SSL, SSL_CRTD, \u0430 \u0442\u0430\u043a\u0436\u0435, \u0435\u0441\u043b\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430, \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044f HTTP-\u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u043e\u0432 (\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u043e\u043f\u0446\u0438\u0439 via, request_header_access),\u00a0 \u0432\u043a\u043b\u044e\u0447\u0430\u0435\u043c LAX_HTTP, \u0434\u043b\u044f \u0441\u0431\u043e\u0440\u043a\u0438 Squid \u0441 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u043c –enable-http-violations.<\/p>\n
lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq squid-3.5.27_3 qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk\r\n x lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk x\r\n x x+[x] ARP_ACL ARP\/MAC\/EUI based authentification x x\r\n x x+[x] CACHE_DIGESTS Use cache digests x x\r\n x x+[ ] DEBUG Build with extended debugging support x x\r\n x x+[x] DELAY_POOLS Delay pools (bandwidth limiting) x x\r\n x x+[x] DOCS Build and\/or install documentation x x\r\n x x+[\u0445] ECAP Loadable content adaptation modules x x<\/span>\r\n x x+[ ] ESI ESI support x x\r\n x x+[x] EXAMPLES Build and\/or install examples x x\r\n x x+[x] FOLLOW_XFF Support for the X-Following-For header x x\r\n x x+[x] FS_AUFS AUFS (threaded-io) support x x\r\n x x+[x] FS_DISKD DISKD storage engine controlled by separate service x x\r\n x x+[x] FS_ROCK ROCK storage engine x x\r\n x x+[x] HTCP HTCP support x x\r\n x x+[x] ICAP the ICAP client x x\r\n x x+[x] ICMP ICMP pinging and network measurement x x\r\n x x+[x] IDENT Ident lookups (RFC 931) x x\r\n x x+[x] IPV6 IPv6 protocol support x x\r\n x x+[x] KQUEUE Kqueue(2) support x x\r\n x x+[x] LARGEFILE Support large (>2GB) cache and log files x x<\/span>\r\n x x+[x] LAX_HTTP Do not enforce strict HTTP compliance x x<\/span>\r\n x x+[ ] NETTLE Nettle MD5 algorithm support x x\r\n x x+[x] PCRE Use Perl Compatible Regular Expressions x x\r\n x x+[x] SNMP SNMP support x x\r\n x x+[x] SSL SSL gatewaying support x x<\/span>\r\n x x+[x] SSL_CRTD Use ssl_crtd to handle SSL cert requests x x<\/span>\r\n x x+[ ] STACKTRACES Enable automatic backtraces on fatal errors x x\r\n x x+[x] VIA_DB Forward\/Via database x x\r\n x x+[x] WCCP Web Cache Coordination Protocol x x\r\n x x+[x] WCCPV2 Web Cache Coordination Protocol v2 x x\r\n x xqqqqqqqqqqqqqqqqqqqqqqqqqq Authentication helpers qqqqqqqqqqqqqqqqqqqqqqqqx x\r\n x x+[ ] AUTH_LDAP Install LDAP authentication helpers x x\r\n x x+[x] AUTH_NIS Install NIS\/YP authentication helpers x x\r\n x x+[ ] AUTH_SASL Install SASL authentication helpers x x\r\n x x+[ ] AUTH_SMB Samba authentication helpers x x\r\n x x+[ ] AUTH_SQL Install SQL based auth x x\r\n x xqqqqqqqqqqqqqqqqqqqqqqq GSSAPI Security API support qqqqqqqqqqqqqqqqqqqqqqx x\r\n x x+( ) GSSAPI_NONE Disable GSSAPI support x x\r\n x x+(*) GSSAPI_BASE GSSAPI support via base system (needs Kerberos) x x\r\n x x+( ) GSSAPI_HEIMDAL GSSAPI support via security\/heimdal x x\r\n x x+( ) GSSAPI_MIT GSSAPI support via security\/krb5 x x\r\n x xqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq FW qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqx x\r\n x x+( ) TP_IPF Transparent proxying with IPFilter x x\r\n x x+(*) TP_IPFW Transparent proxying with IPFW x x<\/span>\r\n x x+( ) TP_PF Transparent proxying with PF x x\r\n x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj x\r\n tqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqu\r\n x < OK > <Cancel> x\r\n mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj<\/pre>\n2. \u041d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430<\/h4>\n
\u041f\u0440\u0430\u0432\u0438\u043c<\/p>\n
\/usr\/local\/etc\/squid\/squid.conf<\/pre>\n#\r\n# Recommended minimum configuration:\r\n#\r\n\r\nvisible_hostname squid\r\ndns_nameservers 194.44.219.162 8.8.8.8\r\n\r\n# Example rule allowing access from your local networks.\r\n# Adapt to list your (internal) IP networks from where browsing\r\n# should be allowed\r\n#acl localnet src 10.0.0.0\/8 # RFC1918 possible internal network\r\n#acl localnet src 172.16.0.0\/12 # RFC1918 possible internal network\r\nacl localnet src 192.168.113.0\/24 # RFC1918 possible internal network\r\n#acl localnet src fc00::\/7 # RFC 4193 local private network range\r\n#acl localnet src fe80::\/10 # RFC 4291 link-local (directly plugged) machines\r\n\r\nacl SSL_ports port 443\r\nacl Safe_ports port 80 # http\r\nacl Safe_ports port 21 # ftp\r\nacl Safe_ports port 443 # https\r\nacl Safe_ports port 70 # gopher\r\nacl Safe_ports port 210 # wais\r\nacl Safe_ports port 1025-65535 # unregistered ports\r\nacl Safe_ports port 280 # http-mgmt\r\nacl Safe_ports port 488 # gss-http\r\nacl Safe_ports port 591 # filemaker\r\nacl Safe_ports port 777 # multiling http\r\nacl CONNECT method CONNECT\r\n\r\n# \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432 acl \u0441\u043f\u0438\u0441\u043a\u043e\u0432 \u0434\u043b\u044f users \u0438 urls\/domain: \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043d\u044b\u0435, \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \r\n# \u0438 \u0433\u0440\u0443\u043f\u043f\u0430 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (\u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0430)\r\nacl denied_users src \"\/usr\/local\/etc\/squid\/denied_users\"\r\nacl denied_urls url_regex \"\/usr\/local\/etc\/squid\/denied_urls\"\r\nacl allowed_users src \"\/usr\/local\/etc\/squid\/allowed_users\"\r\n#acl allowed_urls url_regex \"\/usr\/local\/etc\/squid\/allowed_urls\"\r\n#acl extended_access_group src \"\/usr\/local\/etc\/squid\/extended_access_group\"\r\n\r\n# Deny requests to certain unsafe ports\r\nhttp_access deny !Safe_ports\r\n\r\n# Deny CONNECT to other than secure SSL ports\r\nhttp_access deny CONNECT !SSL_ports\r\n\r\n# Only allow cachemgr access from localhost\r\nhttp_access allow localhost manager\r\nhttp_access deny manager\r\n\r\n## \u0420\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c \u043a\u043e\u043d\u043d\u0435\u043a\u0442 \u043a \u0440\u0435\u0441\u0443\u0440\u0441\u0443, \u0435\u0441\u043b\u0438 https\r\nhttp_access allow localnet CONNECT\r\n\r\n## \u0417\u0430\u043f\u0440\u0435\u0449\u0430\u0435\u043c \u0432\u0441\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0430 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b\r\nhttp_access deny denied_users denied_urls\r\nhttp_access allow allowed_users\r\n\r\n## \u042d\u0442\u0438\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u043e\u043c \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u043c \u0432\u0441\u0435\u043c \u043a\u0442\u043e \u043d\u0435 \u0432 \u0433\u0440\u0443\u043f\u043f\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0445\u043e\u0434\u0438\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430\r\n# \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b\r\n# http_access deny !extended_access_group !allowed_urls\r\n\r\nhttp_access allow localnet\r\nhttp_access allow localhost\r\nhttp_access deny all\r\n\r\n## \u041e\u0431\u044f\u0437\u0430\u0442\u0435\u043b\u044c\u043d\u043e \u043e\u0434\u0438\u043d \u0438\u0437 \u043f\u043e\u0440\u0442\u043e\u0432 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0432 \u0442\u0430\u043a\u043e\u043c \u0432\u0438\u0434\u0435 \u0438 \u044f\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u0437\u0430\u0433\u043b\u0443\u0448\u043a\u043e\u0439\r\nhttp_port 3130<\/span>\r\nhttp_port 3128 intercept\r\nhttps_port 3129 intercept ssl-bump options=ALL:NO_SSLv3:NO_SSLv2 connection-auth=off cert=\/usr\/local\/etc\/squid\/squidCA.pem\r\n\r\nalways_direct allow all\r\nsslproxy_cert_error allow all\r\nsslproxy_flags DONT_VERIFY_PEER\r\n\r\n\r\n## \u041f\u0440\u0430\u0432\u0438\u043b\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u0434\u043b\u044f ssl\r\n\r\n# \u043f\u0440\u0430\u0432\u0438\u043b\u043e \u0441\u043e \u0441\u043f\u0438\u0441\u043a\u043e\u043c \u0431\u043b\u043e\u043a\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432 (\u0432 \u0444\u0430\u0439\u043b\u0435 \u0434\u043e\u043c\u0435\u043d\u044b \u0432\u0438\u0434\u0430 .domain.com)\r\nacl blocked ssl::server_name_regex \"\/usr\/local\/etc\/squid\/denied_urls\"\r\nacl step1 at_step SslBump1\r\nssl_bump peek step1\r\n\r\n# \u0442\u0435\u0440\u043c\u0438\u043d\u0438\u0440\u0443\u0435\u043c \u0441\u043e\u0435\u0434\u0438\u043d\u0435\u043d\u0438\u0435, \u0435\u0441\u043b\u0438 \u043a\u043b\u0438\u0435\u043d\u0442 \u0437\u0430\u0445\u043e\u0434\u0438\u0442 \u043d\u0430 \u0437\u0430\u043f\u0440\u0435\u0449\u0435\u043d\u043d\u044b\u0439 \u0440\u0435\u0441\u0443\u0440\u0441\r\nssl_bump terminate blocked\r\nssl_bump splice all\r\n\r\nsslcrtd_program \/usr\/lib\/squid\/ssl_crtd -s \/var\/lib\/ssl_db -M 4MB\r\n\r\n# Uncomment and adjust the following to add a disk cache directory.\r\n#cache_dir ufs \/var\/squid\/cache 100 16 256\r\n\r\n# Leave coredumps in the first cache dir\r\ncoredump_dir \/var\/squid\/cache\r\n\r\nrefresh_pattern ^ftp: 1440 20% 10080\r\nrefresh_pattern ^gopher: 1440 0% 1440\r\nrefresh_pattern -i (\/cgi-bin\/|\\?) 0 0% 0\r\nrefresh_pattern . 0 20% 4320<\/pre>\n\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0444\u0430\u0439\u043b\u044b:<\/p>\n
touch \/usr\/local\/etc\/squid\/denied_urls\r\ncat \/usr\/local\/etc\/squid\/denied_urls\r\n.pornhub.com\r\n.xxx.com\r\ntouch \/usr\/local\/etc\/squid\/denied_users\r\ncat \/usr\/local\/etc\/squid\/denied_users\r\n192.168.113.110 # menagers dep\r\n192.168.113.203 # \r\n\r\ntouch \/usr\/local\/etc\/squid\/allowed_users\r\ncat \/usr\/local\/etc\/squid\/allowed_users\r\n192.168.113.0\/24 # \u0432\u0441\u044f \u0441\u0435\u0442\u044c\r\ntouch \/usr\/local\/etc\/squid\/extended_access_group\r\ncat \/usr\/local\/etc\/squid\/extended_access_group\r\n192.168.0.12 # Masha\r\n192.168.0.15 # Direktor\r\n192.168.0.53 # Sasha\r\n192.168.0.54 # My Note<\/pre>\n\u0414\u0435\u043b\u0430\u0435\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442<\/p>\n
cd \/usr\/local\/etc\/squid\/\r\nopenssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout squidCA.pem -out squidCA.pem<\/pre>\n\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0432 \/etc\/rc.conf<\/p>\n
squid_enable=\"YES\"<\/pre>\n\u0418\u043d\u0438\u0446\u0438\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u0435\u043c \u043a\u0435\u0448:<\/p>\n
squid -z<\/pre>\n\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043f\u0440\u0430\u0432\u0438\u043b\u0430 \u0432 IPFW<\/p>\n
### LAN\r\n${ipfw} add allow ip from any to any via ${lan}\r\n\r\n### SQUID \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u044b\u0439\r\n${ipfw} add fwd 127.0.0.1,3128 tcp from table\\(0\\) to any 80 out via ${wan}\r\n${ipfw} add fwd 127.0.0.1,3129 tcp from table\\(0\\) to any 443 out via ${wan}<\/pre>\n\u041f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c IPFW \u0438 \u0441\u0442\u0430\u0440\u0442\u0443\u0435\u043c squid:<\/p>\n
\/etc\/rc.d\/ipfw restart\r\nservice squid start<\/pre>\n\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c.<\/p>\n
https:\/\/www.ew8bak.ru\/2017\/02\/14\/<\/a><\/p>\nhttps:\/\/wiki.squid-cache.org\/ConfigExamples\/Intercept\/Ipfw<\/a><\/p>\n <\/p>\n
<\/a><\/a><\/div>","protected":false},"excerpt":{"rendered":"\u0421\u0438\u0441\u0442\u0435\u043c\u0430: uname -a 11.1-RELEASE-p8 FreeBSD 11.1-RELEASE-p8 #0: root@amd64-builder.daemonology.net:\/usr\/obj\/usr\/src\/sys\/GENERIC amd64 1. \u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 portsnap fetch update portmaster www\/squid \u041f\u0440\u0438 \u0432\u044b\u0431\u043e\u0440\u0435 \u043e\u043f\u0446\u0438\u0439 – \u043c\u043d\u0435 \u0445\u0432\u0430\u0442\u0438\u043b\u043e \u0438\u0445 \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e, \u043d\u043e, \u043d\u0430 \u0432\u0441\u044f\u043a\u0438\u0439 \u0441\u043b\u0443\u0447\u0430\u0439, \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u0442\u0430\u043a\u0438\u0435: \u0412 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u0445 \u0441\u0431\u043e\u0440\u043a\u0438 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c, \u0447\u0442\u043e \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u0430 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043f\u0440\u043e\u0437\u0440\u0430\u0447\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u0431\u0440\u0430\u043d\u0434\u043c\u0430\u0443\u044d\u0440\u0430 (IPFW) \u0438 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 LARGEFILE,\u00a0ECAP, SSL, SSL_CRTD, \u0430 \u0442\u0430\u043a\u0436\u0435, \u0435\u0441\u043b\u0438 \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u0430, …<\/p>\n