Network Troublshooting > Linux Proxy Server Support

Granting access to only some select sites

(1/3) > >>

jimmy:
hi,

I'm new at Linux, I've installed RedHat 9 on my server and Squid is running as the Proxy server for my client computers. I used to run the server on WinXP with a Firewall and a Proxy server , granting access to only some sites with the "permitted sites" list in the Proxy server. But since I've intalled linux I can't do that anymore. I'd like to block all sites except for some . . . can anyone help me with this ?

I've learnt , . . . to block sites

acl badURL url_regex -i <urls xxxx xxxx xxxx xxxx xxxx>
http_access deny badUrl
http_access allow myNet
http_access deny all

to block all sites can I use *.com *.net sort of expression to define sites with .com, .net extensions to be blocked ?

lsantana:
You can create 1 file like badsites.txt, for example.  Then in your acl rules, create a new acl for this file like this(only these 2 lines):

acl badsites src "/etc/squid/badsites.txt"
http_access deny badsites
http_access allow localnet
http_access allow localhost
http_access deny all

jimmy:
Thanks for the reply but I want to block all websites and allow only some few. . . can i do it with something like this

acl goodsites src "/etc/squid/goodsites.txt"

http_access deny !goodsites

And how do I enter the sites in the .txt file
Is it something like this

.yahoo.com or *.*.edu or *.gov ?  :?:   :roll:

Thank you! again

lsantana:
This rule is bad

http_access deny !goodsites

The "!" symbol means an exception.  The right way to use it would be:

http_access deny badsites !goodsites.  Wich means, squid will deny access to sites include in some badsites file except the files include in some goodsites file.

It's very easy to create and edit text files with a powerfull tool called VI.  Vi is the main editor for Unix systems and Linux and it comes in all distributions.  The following link has an extend documentation about how to use VI such as commands and other stuffs:

http://thomer.com/vi/vi.html

If you want to allow browsing for only some sites, simply create a file like goodsites.txt and then add the following lines to your squid.conf

acl good src "/etc/squid/goodsites.txt"
http_access allow good

All sites not include in this file will be block for access to the internet.

lsantana:
i forgot!

To put the sites into the .txt file you can add urls and domains like this:

www.yahoo.com
yahoo.com
yahoo.com/chat/maint.html
etcetera....

Navigation

[0] Message Index

[#] Next page

Go to full version