Linux Forums - Linux Help,Advice & support community:LinuxSolved.com
Network Troublshooting => Linux Proxy Server Support => Topic started by: jimmy on December 04, 2004, 11:53:18 AM
-
hi,
I'm new at Linux, I've installed RedHat 9 on my server and Squid is running as the Proxy server for my client computers. I used to run the server on WinXP with a Firewall and a Proxy server , granting access to only some sites with the "permitted sites" list in the Proxy server. But since I've intalled linux I can't do that anymore. I'd like to block all sites except for some . . . can anyone help me with this ?
I've learnt , . . . to block sites
acl badURL url_regex -i <urls xxxx xxxx xxxx xxxx xxxx>
http_access deny badUrl
http_access allow myNet
http_access deny all
to block all sites can I use *.com *.net sort of expression to define sites with .com, .net extensions to be blocked ?
-
You can create 1 file like badsites.txt, for example. Then in your acl rules, create a new acl for this file like this(only these 2 lines):
acl badsites src "/etc/squid/badsites.txt"
http_access deny badsites
http_access allow localnet
http_access allow localhost
http_access deny all
-
Thanks for the reply but I want to block all websites and allow only some few. . . can i do it with something like this
acl goodsites src "/etc/squid/goodsites.txt"
http_access deny !goodsites
And how do I enter the sites in the .txt file
Is it something like this
.yahoo.com or *.*.edu or *.gov ? :?: :roll:
Thank you! again
-
This rule is bad
http_access deny !goodsites
The "!" symbol means an exception. The right way to use it would be:
http_access deny badsites !goodsites. Wich means, squid will deny access to sites include in some badsites file except the files include in some goodsites file.
It's very easy to create and edit text files with a powerfull tool called VI. Vi is the main editor for Unix systems and Linux and it comes in all distributions. The following link has an extend documentation about how to use VI such as commands and other stuffs:
http://thomer.com/vi/vi.html
If you want to allow browsing for only some sites, simply create a file like goodsites.txt and then add the following lines to your squid.conf
acl good src "/etc/squid/goodsites.txt"
http_access allow good
All sites not include in this file will be block for access to the internet.
-
i forgot!
To put the sites into the .txt file you can add urls and domains like this:
www.yahoo.com
yahoo.com
yahoo.com/chat/maint.html
etcetera....
-
acl good src "/etc/squid/goodsites.txt"
http_access allow good. All sites not include in this file will be block for access to the internet.
Hai lsantana !!
I am running my distro with redhat9.0, the above rule i have added in squid.conf.. to open only specific sites that i have mentioned in goodsites.txt files, but I am able to browse all sites.. which i have not mentioned in the goodsites.txt file.
my purpose is to block all sites,except the sites wat i have mentioned in goodsites.txt.
you have told in the previous thread that :- All sites not include in this file will be block for access to the internet.
plz can you give me step by step how to do this ??
Thanks
Sathish
-
could you put your complete acl rules to check it out? There will be something wrong like a bad acl applied.
Regards
-
could you put your complete acl rules to check it out? There will be something wrong like a bad acl applied.
Regards
Hello ,
here is my complete squid.conf.. plz let me know where i am going wrong
http_port 192.168.1.1:3128
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
cache_dir ufs /var/spool/squid 4500 16 256
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl good src "/etc/squid/goodsites.txt"
http_access allow good
acl all src 0.0.0.0/0.0.0.0
acl localnet src 192.168.1.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
visible_hostname ezlinuxserver
in the goodsites.txt file - i have included the following websites www.google.com and www.alltheweb.com
Thanks... plz let me know ASAP.
Sathish
-
mmmm the problem is that the acl localnet is overwriting your goodsites rules.
You can test this:
Delete the goodsites acl. Create a denysites file an put the corresponding acl before the first http_access line:
acl bad src "/etc/squid/denysites.txt"
http_access deny bad
http_access allow manager localhost
http_access .....
......
....
http_access deny all
Probe with an url you want to deny. This may be work!
This is another way because you are denying access to some sites while the other could be browse.
-
mmmm the problem is that the acl localnet is overwriting your goodsites rules.
You can test this:
Delete the goodsites acl. Create a denysites file an put the corresponding acl before the first http_access line:
acl bad src "/etc/squid/denysites.txt"
http_access deny bad
http_access allow manager localhost
http_access .....
......
....
http_access deny all
Probe with an url you want to deny. This may be work!
This is another way because you are denying access to some sites while the other could be browse.
hai
You mean i wan to create denysites.txt
and put those websites in denysites.txt that I don't want to browse sites.. like porno, mp3 websites.. whichever the sites.. i don't like
let me know
sathish
-
Exactly. Put all undesired sites in the file to block them.
-
Thank you! , . . . to all of u who posted any message in this topic
i was away for my vacation and was unable to read all this while i was away . . !
U'll try all those tips today . . . . and post the results tomorrow . . .
Thank you! again . . .
pssst . . . . the Firehouse concert was great . . though I like Metallica . . !
-
welcome back jimmy
Regards!!!