Qnap Squid

TS-869にSquidをインストールして許可したDomainのみアクセス可能とする。

App CenterからSquidをインストール
設定画面でManual configurationに変更し、configを記載する。

### squid.conf ###
# The user name and group name Squid will operate as
cache_effective_user httpdusr
cache_effective_group everyone

#
# Recommended minimum configuration:
#
# Auth Method
#auth_param basic program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/ncsa_auth /etc/shadow
#auth_param basic children 5
#auth_param basic realm Squid proxy-caching web server
#auth_param basic credentialsttl 2 hours

acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 192.168.0.0/16
#acl homenet src 192.168.10.0/16

acl whitelist dstdomain "/share/MD0_DATA/.qpkg/Squid/whitelist"
#acl whitelist_regex url_regex "/share/MD0_DATA/.qpkg/Squid/whitelist_regex"

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

#acl ncsa_users proxy_auth REQUIRED

#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

acl noncache-servers dstdomain .tokyosteel.co.jp
no_cache deny noncache-servers

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed

http_access allow localnet whitelist
#http_access allow localnet homenet whitelist whitelist_regex
#http_access allow ncsa_users

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /share/MD0_DATA/.qpkg/Squid/opt/var/squid/cache 100 16 256

cache_mem 8 MB

# Leave coredumps in the first cache dir
coredump_dir /share/MD0_DATA/.qpkg/Squid/opt/var/squid/

access_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/access.log squid
cache_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/cache.log
cache_store_log /share/MD0_DATA/.qpkg/Squid/opt/var/squid/logs/store.log

# Add logfile rotated mechanism
logfile_rotate 7
debug_options rotate=1

#
mime_table /share/MD0_DATA/.qpkg/Squid/opt/etc/squid/mime.conf
pid_filename /share/MD0_DATA/.qpkg/Squid/opt/var/squid/run/squid.pid
diskd_program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/diskd
unlinkd_program /share/MD0_DATA/.qpkg/Squid/opt/libexec/squid/unlinkd
icon_directory /share/MD0_DATA/.qpkg/Squid/opt/share/squid/icons
err_page_stylesheet /share/MD0_DATA/.qpkg/Squid/opt/etc/squid/errorpage.css
error_default_language en-us
error_directory /share/MD0_DATA/.qpkg/Squid/opt/share/squid/errors/ja
#error_directory /share/MD0_DATA/.qpkg/Squid/opt/share/squid/errors/en-us

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

whitelistを記述する。
acl whitelist dstdomain “/share/MD0_DATA/.qpkg/Squid/whitelist”としているので、

### /share/MD0_DATA/.qpkg/Squid/whitelist ###
# White list
# government
.go.jp

# Evernote
.evernote.com

# Dell
.dell.com
.dell.co.jp
.dellcdn.com

# 電子マニフェスト
.jars.gr.jp
.jwnet.or.jp
.jwnetweb.jp
ocsp.digicert.com
crl.globalsign.net

# 関西電力
.kepco.co.jp

#google
.gstatic.com
.googleusercontent.com
.googleapis.com
.google.com
.google.co.jp

# mozilla
.mozilla.org
.mozilla.jp

# windows update
.microsoft.com
.windowsupdate.com
.windows.com

みたいに書いていけばいいじゃないか。

カテゴリー: QNAP

コメントを残す

メールアドレスが公開されることはありません。 が付いている欄は必須項目です

CAPTCHA