Network Troublshooting > Linux Proxy Server Support
Granting access to only some select sites
sathish:
--- Quote from: "lsantana" ---acl good src "/etc/squid/goodsites.txt"
http_access allow good. All sites not include in this file will be block for access to the internet.
--- End quote ---
Hai lsantana !!
I am running my distro with redhat9.0, the above rule i have added in squid.conf.. to open only specific sites that i have mentioned in goodsites.txt files, but I am able to browse all sites.. which i have not mentioned in the goodsites.txt file.
my purpose is to block all sites,except the sites wat i have mentioned in goodsites.txt.
you have told in the previous thread that :- All sites not include in this file will be block for access to the internet.
plz can you give me step by step how to do this ??
Thanks
Sathish
lsantana:
could you put your complete acl rules to check it out? There will be something wrong like a bad acl applied.
Regards
sathish:
--- Quote from: "lsantana" ---could you put your complete acl rules to check it out? There will be something wrong like a bad acl applied.
Regards
--- End quote ---
Hello ,
here is my complete squid.conf.. plz let me know where i am going wrong
http_port 192.168.1.1:3128
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
cache_dir ufs /var/spool/squid 4500 16 256
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl good src "/etc/squid/goodsites.txt"
http_access allow good
acl all src 0.0.0.0/0.0.0.0
acl localnet src 192.168.1.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
visible_hostname ezlinuxserver
in the goodsites.txt file - i have included the following websites www.google.com and www.alltheweb.com
Thanks... plz let me know ASAP.
Sathish
lsantana:
mmmm the problem is that the acl localnet is overwriting your goodsites rules.
You can test this:
Delete the goodsites acl. Create a denysites file an put the corresponding acl before the first http_access line:
acl bad src "/etc/squid/denysites.txt"
http_access deny bad
http_access allow manager localhost
http_access .....
......
....
http_access deny all
Probe with an url you want to deny. This may be work!
This is another way because you are denying access to some sites while the other could be browse.
sathish:
--- Quote from: "lsantana" ---mmmm the problem is that the acl localnet is overwriting your goodsites rules.
You can test this:
Delete the goodsites acl. Create a denysites file an put the corresponding acl before the first http_access line:
acl bad src "/etc/squid/denysites.txt"
http_access deny bad
http_access allow manager localhost
http_access .....
......
....
http_access deny all
Probe with an url you want to deny. This may be work!
This is another way because you are denying access to some sites while the other could be browse.
--- End quote ---
hai
You mean i wan to create denysites.txt
and put those websites in denysites.txt that I don't want to browse sites.. like porno, mp3 websites.. whichever the sites.. i don't like
let me know
sathish
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version