LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Blogs > baig
User Name
Password

Notices

Rate this Entry

MAC ADDRESS BASED SQUID ACL with DELAY POOLS

Posted 09-10-2011 at 03:22 PM by baig

MAC ADDRESSES are maintained in file named "unlimited.txt", "out_1mbps.txt", "out_512kbps" and "our_256kbps.txt" under /etc/squid/ directory. to create those file use "touch command"

Install squid and squid guard on yum based systems, enable rpmforge repository by downloading and installing their rpm package from their site.

Once the package is downloaded, "cd" to the directory where it is saved and then issue the following command.

Code:
yum localinstall --nogpgcheck <package_just_downloded> -y
once it is installed, do
Code:
yum clean all && yum update
then install squid and squidguard using yum

Code:
 
yum install squid squidguard -y
if you haven't created files for mac address files for delay pools, create them now by issueing
Code:
cd /etc/squid
touch unlimited.txt our_1mbps.txt out_512kbps.txt out_256kbps.txt
move squid.conf to squid.conf.ori as following

Code:
cd /etc/squid
mv squid.conf squid.conf.ori
now create a new file named squid.conf and copy paste the following squid.conf

Code:
######################## IP SOURCES FOR SQUID ##################################

acl all src 0.0.0.0/0.0.0.0
acl unlimited arp "/etc/squid/unlimited.txt"
acl our_1mbps arp "/etc/squid/our_1mbps.txt"
acl our_512kbps arp "/etc/squid/our_512kbps.txt"
acl our_256kbps arp "/etc/squid/our_256kbps.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

################################## SAFE PROT DEFINITIONS #######################

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT
acl morning time M T W H F A S 08:00-9:00
#acl blocksites url_regex "/etc/squid/block.acl"

################################## ACCESS RULES ################################
#http_access deny blocksites
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow unlimited 
http_access allow our_1mbps
http_access allow our_512kbps
http_access allow our_256kbps
http_access allow localhost
http_access deny all
icp_access allow all
######################## SQUID GUARD URL REWRITE PROGRAM LOCATION AND CONFIG FILE #####
## uncomment this if you want to setup squidguard
#url_rewrite_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf

############################ SQUID TYPE, IP AND PROT ###########################

http_port 192.168.50.1:8080

hierarchy_stoplist cgi-bin ?
################################# MAXIMUM RAM TO BE USED #######################

cache_mem 256 MB

########################### MAXIMUM OBJECT SIZE TO KEEP IN RAM #################

maximum_object_size_in_memory 20 MB

############################# CACHE DIRECTORY ##################################

cache_dir ufs /var/spool/squid 4096 16 256

############################ MAXIMUM OBJECT SIZE TO SAVE ON DISK ###############

maximum_object_size 200 MB

############################### ACCESS LOG DIRECTORY ###########################

access_log /var/log/squid/access.log squid

##################################CGI BIN QUERY ################################

acl QUERY urlpath_regex cgi-bin \?

cache deny QUERY
cache_effective_user proxy
cache_effective_group proxy
################################# REFRESH PATTERN###############################

refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern .		0	20%	4320
acl apache rep_header Server ^Apache
broken_vary_encoding allow apache

ie_refresh on

#################################CACHE MANAGER NAME#############################

cache_mgr squid@linux

################################### VISIBLE HOST NAME###########################

visible_hostname squid@linux

#####################################SHUTDOWN LIFETIME#########################

shutdown_lifetime 5 seconds

#####################################DELAY POOLS################################

delay_pools 4
delay_class 1 2
delay_access 1 allow unlimited
delay_access 1 deny all
delay_parameters 1 -1/-1 -1/-1

delay_class 2 2
delay_access 2 allow our_1mbps
delay_access 2 deny all
delay_parameters 2 -1/-1 131072/131072

delay_class 3 2
delay_access 3 allow our_512kbps
delay_access 3 deny all
delay_parameters 3 -1/-1 65536/65536

delay_class 4 2
delay_access 4 allow our_256kbps
delay_access 4 deny all
delay_parameters 4 -1/-1 32786/32786


########################################CORE DUMP DIRECTORY####################

coredump_dir /var/spool/squid

squidguard.conf is as following

Code:
#
# CONFIG FILE FOR SQUIDGUARD
#

dbhome /var/lib/squidguard/db/blacklists
logdir /var/log/squidGuard

#
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat

#time workhours {
#        weekly mtwhfas 08:00 - 16:30
#        date *-*-01  08:00 - 16:30
#}

#
# REWRITE RULES:
#

#rew dmz {
#       s@://admin/@://admin.foo.bar.no/@i
#       s@://foo.bar.no/@://www.foo.bar.no/@i
#}

#
# SOURCE ADDRESSES:
#

#src admin {
#       ip              1.2.3.4 1.2.3.5
#       user            root foo bar
#       within          workhours
#}

#src foo-clients {
#       ip              172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
#}

src ournet {
       ip              192.168.50.2-192.168.50.254
}

#
# DESTINATION CLASSES:
#

#dest good {
#}

#dest local {
#}

dest ads {
        domainlist      ads/domains
        urllist         ads/urls
	log		advertising.log
	redirect 	http://192.168.50.1/adv.gif
}

#dest aggressive {
#        domainlist      aggressive/domains
#        urllist         aggressive/urls
#	 redirect http://localhost/block.html
#
#}

#dest audio-video {
#        domainlist      audio-video/domains
#        urllist         audio-video/urls
#	 redirect http://localhost/block.html
#}

#dest drugs {
#        domainlist      drugs/domains
#        urllist         drugs/urls
#	 redirect http://localhost/block.html
#}

#dest gambling {
#        domainlist      gambling/domains
#        urllist         gambling/urls
#	 redirect http://localhost/block.html
#}


dest hacking {
        domainlist      hacking/domains
        urllist         hacking/urls
	log		hackingsites.log
	redirect http://192.168.50.1/block.html
}

dest mail {
        domainlist      mail/domains
	log		mailsites.log
	redirect 	http://192.168.50.1/adv.gif
}

dest porn {
        domainlist      porn/domains
        urllist         porn/urls
	log 		pornaccess.log
	redirect 	http://192.168.50.1/block.html
}

dest proxy {
        domainlist      proxy/domains
        urllist         proxy/urls
	log 		proxyaccess.log
	redirect 	http://192.168.50.1/adv.gif
}

dest redirector {
	domainlist      redirector/domains
	urllist         redirector/urls
	redirect 	http://192.168.50.1/adv.gif
}

dest spyware {
        domainlist      spyware/domains
        urllist         spyware/urls
	redirect 	http://192.168.50.1/block.html
}

#dest suspect {
#        domainlist      suspect/domains
#        urllist         suspect/urls
#	redirect http://localhost/block.html
#}


dest violence {
        domainlist      violence/domains
        urllist         violence/urls
	log		violence.log
	redirect 	http://192.168.50.1/block.html
}

#dest warez{
#        domainlist      warez/domains
#        urllist         warez/urls
#	redirect http://localhost/block.html
#}


acl {
	
	ournet {
		pass  !proxy !porn !redirector all 
		
	}

	default {
		pass none
		redirect 	http://192.168.50.1/block.html
	}
 }

put the mac address into appropriate file in /etc/squid/*.txt that you want to give bandwidth according to delay pool rules

and don't forget to edit several parameters according to your needs specially IP Address in squid.conf and squidguard.conf

cheers
Posted in Uncategorized
Views 1894 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 02:04 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration