LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-25-2012, 08:05 AM   #1
sandeepc04
Member
 
Registered: Jun 2012
Location: India
Posts: 66

Rep: Reputation: Disabled
Need to Block Everything In Squid Expect some users


Hi Friends,

I have installed RHEL-5 & I have configured Squid Server, Now i am able to block all unwanted sites for all users by using below lines

MY SQUID.CONF ACL RULES:

acl business_hours time S M T W H F A 00:01-23:59
acl blocksite url_regex -i "/etc/squid/blocksite.txt"
acl freetime time S M T W H F A 09:00-18:00
http_access deny blocksite freetime
http_access allow blocksite


Here i have created blocksite.txt and i have entered all unwanted sites in that Exp: facebook.com youtube, sex related sites etc , and this file/acl rule is effecting to all users in office, now i wanted to give full internet access permission to some IP's (Not All IP's, There are more than 15-20 IP's need to give full access) now how can i give this 15-20 IP's full permission? I wanted to block rest all users full permission (Need to block all that sites which added in blocksite.txt), Now this file should not effect to that 15-20 Ips how to do that?

Please help me on this,

Thanks and Regards,
Sandeep CC
 
Old 09-25-2012, 09:41 AM   #2
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,520

Rep: Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502
Hi,

If you want to allow access to those IPs without any kind of restrictions, you can add an ACL defining those IPs and then use "http_access allow <ACL>" for this ACL, before any other "http_access ..." directive. E.g:
Code:
acl business_hours time S M T W H F A 00:01-23:59
acl blocksite url_regex -i "/etc/squid/blocksite.txt"
acl freetime time S M T W H F A 09:00-18:00
acl good_IPs src "/etc/squid/good_ips"

http_access allow good_IPs
http_access deny blocksite freetime
http_access allow blocksite
Regards
 
1 members found this post helpful.
Old 09-27-2012, 01:55 AM   #3
sandeepc04
Member
 
Registered: Jun 2012
Location: India
Posts: 66

Original Poster
Rep: Reputation: Disabled
Hello bathory,

Thank you very much, I have tried with your ACL rules, Its worked fine, Thank you very much,


But Here I am getting one error that i am not understanding can you give me some solution?

[root@server ~]# service squid restart
Stopping squid: 2012/09/27 11:21:22| WARNING: '172.16.4.31' is a subnetwork of '172.16.4.31'
2012/09/27 11:21:22| WARNING: because of this '172.16.4.31' is ignored to keep splay tree searching predictable
2012/09/27 11:21:22| WARNING: You should probably remove '172.16.4.31' from the ACL named 'special_users'
2012/09/27 11:21:22| WARNING: '172.16.4.31' is a subnetwork of '172.16.4.31'
2012/09/27 11:21:22| WARNING: because of this '172.16.4.31' is ignored to keep splay tree searching predictable
2012/09/27 11:21:22| WARNING: You should probably remove '172.16.4.31' from the ACL named 'special_users'
2012/09/27 11:21:22| WARNING: '172.16.4.32' is a subnetwork of '172.16.4.32'


What all IP's i have added in special_users.txt file that all IP error are showing like this,

But ACL rule have applied for all IP's + working too fine


Regards,
Sandeep CC
 
Old 09-27-2012, 02:47 AM   #4
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,520

Rep: Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502Reputation: 1502
Hi,

It's mot an error but a warning. It means that those IPs are defined elsewhere too, so squid are not loading them from the special
_users file.
You should search squid.conf and/or any other files referenced in the various ACLs, to find the duplicates

Regards
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
if squid can block ftp ac_kumar Linux - Networking 12 05-14-2012 10:06 AM
[SOLVED] Block a browser in squid linuxmen Linux - Server 6 01-21-2012 03:18 AM
Squid: I like block different users different sites iseymur Linux - Security 1 02-07-2010 12:36 AM
Block access to CDROM for some users (or all users) emil_jfb Linux - Hardware 3 07-21-2008 01:21 PM
block specific users in squid alan.belizario Linux - Security 4 09-10-2005 12:43 AM


All times are GMT -5. The time now is 04:05 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration