LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-23-2008, 10:54 PM   #1
jpmaxyusuf
Member
 
Registered: Jul 2008
Posts: 47

Rep: Reputation: 15
Squid Problem (squid restrict some trusted sites.).


Respected sir,


Any one can tell me wahat are safe ports, here we using squid 2.6 stale version proxy in our company we restrict the internet access to our clients but some trusted sites cant open. We need made something special. Here i put my squid configuration. It is port problem or anything.

#ACCESS CONTROL LISTS.

acl safe_ports port 80 #http
acl safe_ports port 21 #ftp
acl safe_ports port 443 #https
acl safe_ports port 70 #gopher
acl safe_ports port 210 #wais
acl safe_ports port 1025-65535 # Unregistered ports
acl safe_ports port 280 # http-mgmt
acl safe_ports port 488 # Gss-http
acl safe_ports port 591 # File Maker
acl safe_ports port 631 #tcp open ipp
acl safe_ports port 777 # Multiling HTTP
acl safe_ports port 2337 #.net3
acl CONNECT method CONNECT
acl rejpc src "/etc/squid/rejpc"
acl FTP proto FTP
acl rejsts url_regex "/etc/squid/rejsts"
acl rejsts url_regex -i sex actress girl sms top orkut cinema hollywood bollywood movie songs mp3 mpeg video audio adult xxx games youtube cricket cricinfo ibibo sms tagged imcash
#TIME BASED ACL FOR OFFICE HOUR ACCESS
acl whr time M T W H F A S 05:00-24:00

#HTTP ACCESS PERMISSION
#REJSTS IS A FILE NAME THAT FILE CONTAINS SOME UNWANTED WEBSITE NAMES.
#REJPC IS A FILE NAME THAT FILE CONTAINS CLIENT IP ADDRESS WHICH WE WANT TO RESTRICT THE INTERNET CONNECTION.
#WHR IS TIEM BASED ACL THE RESTRICTION WORK ONLY IN MORNING 5 O'CLOCK TO NIGHT 12 O'CLOCK.

http_access deny !safe_ports
http_access deny rejsts rejpc
http_access deny whr rejsts
always_direct allow FTP
----------------------------------------------------

ANY ONE CAN HELP ME TO SOLVE THE PROBLEM. THE RESTRICTION WORKING CORRECTLY. OUR ACTUAL PROBLEM IS SOME NEEDED SITES ARE NOT OPEN (THE SQUID RESTRICT SOME USEFULL SITES ALSO).

Thanks and Regards

S. A. Yusuf Sithik.
Tech. Admin.
JP MAX INFOTECH
Chennai - 32.
 
Old 12-29-2008, 10:11 AM   #2
rahuljethwa
LQ Newbie
 
Registered: Dec 2008
Posts: 9

Rep: Reputation: 0
Can you provide which sites are blocked....
seems like..the acl rejsts that blocks words in a url is the culprit.



Quote:
Originally Posted by jpmaxyusuf View Post
Respected sir,


Any one can tell me wahat are safe ports, here we using squid 2.6 stale version proxy in our company we restrict the internet access to our clients but some trusted sites cant open. We need made something special. Here i put my squid configuration. It is port problem or anything.

#ACCESS CONTROL LISTS.

acl safe_ports port 80 #http
acl safe_ports port 21 #ftp
acl safe_ports port 443 #https
acl safe_ports port 70 #gopher
acl safe_ports port 210 #wais
acl safe_ports port 1025-65535 # Unregistered ports
acl safe_ports port 280 # http-mgmt
acl safe_ports port 488 # Gss-http
acl safe_ports port 591 # File Maker
acl safe_ports port 631 #tcp open ipp
acl safe_ports port 777 # Multiling HTTP
acl safe_ports port 2337 #.net3
acl CONNECT method CONNECT
acl rejpc src "/etc/squid/rejpc"
acl FTP proto FTP
acl rejsts url_regex "/etc/squid/rejsts"
acl rejsts url_regex -i sex actress girl sms top orkut cinema hollywood bollywood movie songs mp3 mpeg video audio adult xxx games youtube cricket cricinfo ibibo sms tagged imcash
#TIME BASED ACL FOR OFFICE HOUR ACCESS
acl whr time M T W H F A S 05:00-24:00

#HTTP ACCESS PERMISSION
#REJSTS IS A FILE NAME THAT FILE CONTAINS SOME UNWANTED WEBSITE NAMES.
#REJPC IS A FILE NAME THAT FILE CONTAINS CLIENT IP ADDRESS WHICH WE WANT TO RESTRICT THE INTERNET CONNECTION.
#WHR IS TIEM BASED ACL THE RESTRICTION WORK ONLY IN MORNING 5 O'CLOCK TO NIGHT 12 O'CLOCK.

http_access deny !safe_ports
http_access deny rejsts rejpc
http_access deny whr rejsts
always_direct allow FTP
----------------------------------------------------

ANY ONE CAN HELP ME TO SOLVE THE PROBLEM. THE RESTRICTION WORKING CORRECTLY. OUR ACTUAL PROBLEM IS SOME NEEDED SITES ARE NOT OPEN (THE SQUID RESTRICT SOME USEFULL SITES ALSO).

Thanks and Regards

S. A. Yusuf Sithik.
Tech. Admin.
JP MAX INFOTECH
Chennai - 32.
 
Old 12-31-2008, 06:17 AM   #3
jpmaxyusuf
Member
 
Registered: Jul 2008
Posts: 47

Original Poster
Rep: Reputation: 15
squid blocks ASP.NET applications

hi, Thanks for your interest to reply for my query. Actually i am not sure about websites but squid block the ASP.NET application websites we can't able to compile the ASP.NET Application websites in IE when the squid proxy server is on. It displays the message like the following

ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://localhost:1053/Mortgage%20Inf...stem/Home.aspx

The following error was encountered:

Connection to 127.0.0.1 Failed
The system returned:

(111) Connection refusedThe remote host or network may be down. Please try the request again.

Your cache administrator is root.



--------------------------------------------------------------------------------

Generated Wed, 31 Dec 2008 12:11:53 GMT by www-cache.foo.org (squid/2.6.STABLE6)


Plese provide the solution to me. If i made any silly mistakes please tell me.

Thanks and Regards

S. A. Yusuf Sithik.
 
Old 01-01-2009, 11:33 AM   #4
rahuljethwa
LQ Newbie
 
Registered: Dec 2008
Posts: 9

Rep: Reputation: 0
Quote:
Originally Posted by jpmaxyusuf View Post
hi, Thanks for your interest to reply for my query. Actually i am not sure about websites but squid block the ASP.NET application websites we can't able to compile the ASP.NET Application websites in IE when the squid proxy server is on. It displays the message like the following

ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://localhost:1053/Mortgage%20Inf...stem/Home.aspx

The following error was encountered:

Connection to 127.0.0.1 Failed
The system returned:

(111) Connection refusedThe remote host or network may be down. Please try the request again.

Your cache administrator is root.




--------------------------------------------------------------------------------

Generated Wed, 31 Dec 2008 12:11:53 GMT by www-cache.foo.org (squid/2.6.STABLE6)


Plese provide the solution to me. If i made any silly mistakes please tell me.

Thanks and Regards

S. A. Yusuf Sithik.
Just check the box that says bypaas proxy for local addresses when u set the proxy in IE
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid to block all the sites except 1 or 2 sites winxandlinx Linux - Networking 8 10-27-2010 02:53 AM
Restrict users to browse in Squid. sapheroth Linux - Networking 2 09-30-2006 03:42 AM
how to restrict downloading in squid capricorn80 Linux - Networking 1 09-12-2006 06:24 AM
Squid- restrict access to url jocast Linux - Software 0 03-10-2006 01:59 PM
restrict access using squid, iptables? jgnasser Linux - Networking 3 04-13-2005 07:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 02:26 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration