LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 02-20-2009, 11:42 AM   #1
shan23
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Rep: Reputation: 0
Exclamation how to block sites like megaupload / rapidshare


Hi,

I'm the admin in my hostel's computer lab. The problem is, some folks use the lab machines to download big files ( 100 mb and above ) almost all the time , thereby using up almost all the bandwidth allocated to the hostel. I want to ensure that people can't open certain sites like megaupload / rapidshare from the lab...Is there any way to do that ?

The machines all have Ubuntu (Hardy Heron) installed...i googled the problem, only to find solutions to block certain particular ips/sites...but i want to block a generic class of sites, say all links containing the word "megaupload" . If someone has any idea, pls help...
 
Old 02-20-2009, 11:50 AM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,497

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
you can use squid and squidguard as proxy.
 
Old 02-20-2009, 11:55 AM   #3
shan23
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by repo View Post
you can use squid and squidguard as proxy.
I'm basically looking for a solution where i could ideally block an outgoing connection to all links having a particular word ( or regular expression !! ) in them... Is it possible to do so using squid ? If so,would u pls give an example ?

Thanks
 
Old 02-20-2009, 12:03 PM   #4
netman4ttm
Member
 
Registered: Aug 2007
Distribution: FreeBSD 8.0 xubuntu
Posts: 49

Rep: Reputation: 16
Use Dansguardian on the firewall. It will block all the "bad" sites but you can open it up.

http://dansguardian.org/

Last edited by netman4ttm; 02-20-2009 at 12:07 PM. Reason: adding content
 
Old 02-20-2009, 12:12 PM   #5
shan23
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by netman4ttm View Post
Use Dansguardian on the firewall. It will block all the "bad" sites but you can open it up.

http://dansguardian.org/
I'm sorry , but it isnt very clear to me... what do u mean by using Dansguardian "on the firewall" ? I'm not using any firewall rite now, but i can enable ufw in ubuntu... so u mean i shud use Dansguardian in conjunction with ufw ?
Also, u can understand it wont really do if all users could undo what I block .... so i'm looking for a solution that would require a user to have sudo privilege to modify it....

I'll look into the website link u gave...but it would help me if u were a bit more elaborate.
 
Old 02-20-2009, 12:18 PM   #6
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,497

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
You need a central server, which will act as firewall/proxy for all the other computers.
so all configuration will happen at 1 place.
otherwise they will always change the settings on their own machine.

Last edited by repo; 02-20-2009 at 12:19 PM.
 
Old 02-20-2009, 12:29 PM   #7
shan23
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by repo View Post
You need a central server, which will act as firewall/proxy for all the other computers.
so all configuration will happen at 1 place.
otherwise they will always change the settings on their own machine.
Apparently, the problem is more complicated than i thought it is

I initially thought i could add a rule in iptables that would drop a connection having a specific word in the link...Then noone can modify the permissions w/o sudo access...But apparently, its not possible it seems....

But in my case, all the m/cs are standalone machines...i want them to individually block the said sites...else some1 will just shutdown the proxy server itself , to bypass it , as it wont be possible to deny physical access to the server !!
 
Old 02-20-2009, 12:36 PM   #8
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,497

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
You could add the sites in the /etc/hosts file

127.0.0.1 whateversite.com

so they will be redirected to 127.0.0.1
they need root rights to change them.


there are sample hostsfiles on the net, so you can also block porn, ebay......

Last edited by repo; 02-20-2009 at 12:37 PM.
 
Old 02-20-2009, 12:49 PM   #9
shan23
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by repo View Post
You could add the sites in the /etc/hosts file

127.0.0.1 whateversite.com

so they will be redirected to 127.0.0.1
they need root rights to change them.


there are sample hostsfiles on the net, so you can also block porn, ebay......
Yes, i had got that solution when i used google...but the catch is, this will only work when it one particular site/sites i want to block...but will this approach work when trying to block all links containing the word "megaupload" ? I'm not sure it will... and i possibly cant add all megaupload links ever posted on the net to the /etc/hosts file
 
Old 02-20-2009, 01:10 PM   #10
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,497

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
Quote:
but will this approach work when trying to block all links containing the word "megaupload"
No wildcards are allowed and only the main domain name is a valid entry.


Seems to me the best thing to do is to setup a server, and then use squid and squidguard or dansguardian.
And when you are at it, you can use it as a firewall.
 
Old 02-20-2009, 01:24 PM   #11
shan23
LQ Newbie
 
Registered: Feb 2009
Posts: 8

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by repo View Post
No wildcards are allowed and only the main domain name is a valid entry.


Seems to me the best thing to do is to setup a server, and then use squid and squidguard or dansguardian.
And when you are at it, you can use it as a firewall.
Hehe...i'm installing dansguardian as i type on all machines in the lab...

Is it possible for each machine to act as its own server , where i would then use dansguardian / squid etc ? If its a dumb thing to ask, pls bear with me...but as i said , setting up a single server for all machines in the lab is not an option, since shutting it down would either disable the firewall or worse, disable internet access on all the other machines...as the old saying goes, who guards the guard(s) ?
 
Old 02-20-2009, 01:30 PM   #12
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,497

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
They just need to disabke proxy in the browser to use rapidshare

Code:
since shutting it down would either disable the firewall or worse, disable internet access on all the other machines
why would they shut it down?
Then they have no internet....
 
  


Reply

Tags
block


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid to block all the sites except 1 or 2 sites winxandlinx Linux - Networking 8 10-27-2010 02:53 AM
squid 2.6 not blocking sites even i entered ACL to block sites mohantorvalds Linux - Server 1 01-08-2009 04:17 AM
Using Rapidshare, Megaupload As Binary Linux Repository btbx General 1 12-17-2007 09:27 AM
how to block sites 4ajaysingh Linux - Networking 1 01-23-2007 09:01 AM
block some sites nkutty Linux - Security 1 10-03-2005 04:15 AM


All times are GMT -5. The time now is 01:26 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration