How to allow only particular browsers and deny all other browsers in squid3
We have configured transparent squid3 proxy server on ubuntu 11.04 O/S and also blocked https://www.facebook.com using IPTables rules. Now none of the users are able to open https://www.facebook.com even after multiple tries.
But I heard that still users are browsing facebook site using aurora web browser!!!:confused:
So we don't want allow such browsers to access the internet and please help me in achieving to allow only mozilla firefox and internet explorer browsers and to deny all other browsers in squid.conf file.
Thanks in advance for your kind help.
If you are using IPtables to block some sites, then why use squid in the first place? And how did you block the websites? What are the iptables rules? And if you have iptables rules, then it should not matter what browser the client is using, it should be blocked. Squid can know what browser client is using from the user agent of the browser. You can use this information to block the certain web browsers. But I am still not sure if the issue you think you have is genuine. You might be misinformed about the issue.
And why are you making it typical, blocking facebook using iptables rules. There is acl you can use to block facebook and some browsers also.
Like this, I have blocked facebook in my organisation-
The issue with transparent proxy is blocking secure sites. It can not handle https properly as squid is a http proxy.
Hi..Satyaveer Arya and linuxlover.chaitanya.
in squid.conf file I had already added the entry as
At last I could achieve to block https://facebook.com using IPTables FORWARD rules. Then I found, none of the users were able to open https://facebook.com even after multiple tries and even if they try to access with different browser.:cool:
Today I came to know that again they are using 3rd party softwares like ultrasurf on windows!!!:confused: and one more software(I forgot the name, I will let you know once I reached to office, and I also already checked with that software on linux and found both http://facebook.com & https://facebook.com is opening only if that software service is started and only with aurora broweser but not with any other browser.) on linux to bypass proxy/firewall!!!:confused:
I hope I can block this also using IPTables rules if I could not again I will come and request linuxquestions.org because this is the only one site that always you all are helping me in proper way.
So since I don't want allow such browser I found a link to allow only particular browsers in squid.conf in which that link says to set the rule as
So it would be appreciated if you could post the squid ACLs to block all browsers except mozilla firefox and internet explorer.
Thanks for your kind help.
squid proxy setting
(i done my squid configurataion, but client site manually give proxy settings 192.168.0.11 3128)
this is my configuration
dns_nameservers 220.127.116.11 18.104.22.168 192.168.2.11
#broken_vary_encoding allow apache
#extension_methods REPORT MERGE MKACTIVITY CHECKOUT
#acl M1 arp 00:18:8B:28:DD:7F
#acl M2 arp 00:21:9b:d3:d8:de
#http_access allow M1
#http_access allow M2
#http_access deny all
http_port 80 accel
cache_mem 1024 MB
acl lan src 22.214.171.124 192.168.2.0/24
http_access allow lan
http_access deny all
http_reply_access allow all
icp_access allow all
#cache_peer 127.0.0.1 parent 3128 0 no-query default
acl web_ports port 80
http_access allow web_ports
acl purge method PURGE
#http_access allow purge localhost
http_access deny purge
hierarchy_stoplist cgi-bin ?
And how about looking at google for help before? LQ also has a very good search functionality. Please search. It should have taken you less time to search google or LQ than write a post here.
Here is a quick search on Google Uncle :D for you, https://www.google.co.in/#hl=en&outp...w=1280&bih=831.
First go through some of the links, check what you need in your domain, apply the rules accordingly in your domain if those rules fit in there. And if you face any problem, again first search on google, if that also doesn't work for you then you can try here.
|All times are GMT -5. The time now is 05:03 PM.|