Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
but i have one query if i have 192.168.1.10-126.96.36.199, i want some ips randomly to be excuded from the acl then in such cases my acl increases for example if want 188.8.131.52,184.108.40.206,220.127.116.11 excluded then i have make
acl foo 18.104.22.168-22.214.171.124
acl bar 126.96.36.199-188.8.131.52
acl test 184.108.40.206-220.127.116.11
acl test1 18.104.22.168-22.214.171.124
hence acl increase is there any way so that we write acl as
acl foo 126.96.36.199-188.8.131.52
and after acl for excluded ips like 22,15,22
i created files download and mgdownload in etc/squid here i mentions some sites which need to block i want to allow download to foo,bar,test,test1
and deny mgdownload
and allow mgdownload and download to excluded ips
i created acl download url_regex -i "/etc/squid/download" ,in download file i enter www.yahoo.com and more sites , but due to this acl user are unable to open www.yahoo.com but able to open from http://yahoo.com pls suggest
Note that this will work also for www.gmail.com, because this URL is redirected to mail.google.com
For the 2nd part you should put a dot "." in front of yahoo.com (.yahoo.com), so it matches www.yahoo.com and yahoo.com.
Note that this will also match foo.yahoo.com, bar.yahoo.com, so it this is not what you want, you should explicitly use www.yahoo.com and yahoo.com (without the leading dot)
in squid how to restrict https sites like banking,etc
2 query -
in squid acl is applied as per IP address base , but if some one change ip to the ip which having full access then in that case how we can restrict it , i think in squid we cannot map mac address to ip , so for this any suggestion
If squid was compiled with the "-enable-arp-acl" it can use mac addresses to restrict access. See the acl arp in the 1st link above.
Other than that you can use some sort of restrictions based on users. For this you need to authenticate your users (through ldap for example) and based on the attributes assigned to them (in ldap), you can restrict or allow access to specific URLs
your first solution works
regarding second query that acl arp, i created acl arp like
acl foo arp 00:80:48:06:E0
http_access allow foo
but it shows error invalid acl fatal bungled squid.conf i think that i should compile squid with arp enable option for this if i have to reinstalled squid ? or possible in existing installed squid
in ip bases acl we define groups like acl foo 172.16.1.21-172.16.1.50, but if i used mac based acl then how the groups are possible? means how i define range of mac address as it not random pls suggest
The squid you're running was compiled without the "-enable-arp-acl option". If you want it, you have to recompile it
Note that filtering based on mac addresses works only inside a lan. If you have clients in different lans this is not going to work, as the mac address shown, is the one of the intermediate switch.
And of course you cannot short mac addresses in groups