LinuxQuestions.org - Squid acl is not working.

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Squid acl is not working. (https://www.linuxquestions.org/questions/linux-newbie-8/squid-acl-is-not-working-909475/)

Squid acl is not working.

I want to use Linux squid server for my organization, and i configured linux with two ethernet interfaces, and edit the squid.conf in /etc/squid directory.

as

acl block dstdomain .facebook.com .orkut.com
http_access deny block

and it is not working, and i want to configure it like dat i dont want to make changes in client browsers.

Please reply me, how to do this.i vl really thankful to u.

you should probably also add some 'allow' lines, (or give more information abouw what you have in your squid.conf)

In my squid.conf i have this (with your line added)

Quote:

opensuse:/etc/squid # grep -E '^http_access|^acl' squid.conf
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/16
acl CONNECT method CONNECT
acl block dstdomain .facebook.com
http_access deny block
http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all

and this works.

Quote:

Originally Posted by anandnenwani (Post 4504976)

If you want to deny websites from being used through squid then here is what you need to do

Inside /etc/squid make a file

Code:

#cd /etc/squid



#vi bad-url.acl

.facebook.com

.twitter.com

Code:

#vi squid.conf



# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

acl blocksites url_regex "/etc/squid/bad-url.acl"

http_access deny blocksites

put this entry in /etc/squid.conf

restart the server

This is my squid.conf, /etc/squid directory.

acl all src all
acl manager proto cache_object
acl localhost src 192.168.0.59/255.255.255.0
acl to_localhost dst 10.230.0.0/255.0.0.0
acl localnet src 192.168.0.59/255.255.255.0
acl localnet src 10.230.1.1/255.255.255.0
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
acl dom dstdomain .google.co CONNECT
acl destination dst 10.230.1.0/255.0.0.0
acl localhost src 10.230.1.0/255.0.0.0
acl badsites1 dstdomain .hotmail.com
acl badsites2 srcdomain .hotmail.com

http_access deny manager
http_access allow Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow to_localhost
http_access allow all CONNECT
http_access deny all
http_access allow destination
http_access allow localhost
http_access deny badsites1 badsites2
http_access allow all

This is my configured server, and using OpenSUSE 11.4
is there any other to configure like apache or iptable, ad how to use iptables in OpenSUSE11.4.?
my eth0 has 192.168.0.59 and eth1 has 10.230.1.1..
i dont want to set all client's browsers proxy setting also. there is around 120 computers..

Here is what you need to do

Code:

#vi /etc/squid/squid.conf



httpd_accel_host virtual

httpd_accel_port 80

httpd_accel_with_proxy on

httpd_accel_uses_host_header on

acl lan src 192.168.0.59 10.230.1.0/24

http_access allow lan

IPtables configuration

Code:

#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128

#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128