Squid IP BLOCKING

secrets · 07-04-2003, 11:39 AM

Hi, I want to block some of my users to access the net i have added a acl in linux squid:
acl ban 192.168.42.1-192.168.42.11
http_access deny !ban
but this does not work.
Help Me.

david_ross · 07-04-2003, 02:02 PM

If you use iptables try:
iptables -A INPUT -s IP_OF_BAD_MACHINE -j DROP

born4linux · 07-04-2003, 02:19 PM

Quote:

Originally posted by david_ross
If you use iptables try:
iptables -A INPUT -s IP_OF_BAD_MACHINE -j DROP

why would u do that? he only asks for squid access control. your suggestion will drop all connections (incoming and active) from IP_OF_BAD_MACHINE (not just squid).

this should be the syntax:

acl banned_ips src 192.168.42.1-192.168.42.11/255.255.255.0

http_access deny banned_ips

u can also try tcpwrappers - /etc/hosts.allow, /etc/hosts.deny

hth.

helpmeforlinux · 06-13-2007, 06:43 AM

hi friends i want to block suppose yahoo.com then how can i block this site in squid as well as in iptables becasue suppose i don't user squid proxy i directly user gateway so now i wanto block sites from gateway so as many people are using internet through gateway will not be able to visit site.

Peeyush Maurya · 06-14-2007, 10:36 AM

Quote:

Originally Posted by secrets

Hi, I want to block some of my users to access the net i have added a acl in linux squid:
acl ban 192.168.42.1-192.168.42.11
http_access deny !ban
but this does not work.
Help Me.

Your ACL is incomplete

### src is source IP
acl ban src 192.168.42.1

### here we deny access to ban(with source IP 192.168.42.1). If you use '!' it will deny all but 'ban'
http_access deny ban

## now lets make it complicated
## We want to allow linuxquestions.org and linux-faqs.com from 192.168.42.2 but deny all other websites

# creating ACL for 192.168.42.2
acl LinuxIP src 192.168.42.2

# creating ACL for websites
acl LinuxSite url_regex -i linuxquestions.org
acl LinuxSite url_regex -i linux-faqs.com

# Building the List
http_access allow LinuxIP LinuxSite
http_access deny LinuxIP