LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-22-2011, 02:50 AM   #1
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Rep: Reputation: Disabled
Unhappy Squid acl is not working.


I want to use Linux squid server for my organization, and i configured linux with two ethernet interfaces, and edit the squid.conf in /etc/squid directory.

as

acl block dstdomain .facebook.com .orkut.com
http_access deny block

and it is not working, and i want to configure it like dat i dont want to make changes in client browsers.

Please reply me, how to do this.i vl really thankful to u.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 10-22-2011, 07:01 AM   #2
JSkywalker
Member
 
Registered: Aug 2007
Distribution: openSUSE 12.1
Posts: 96

Rep: Reputation: 24
you should probably also add some 'allow' lines, (or give more information abouw what you have in your squid.conf)

In my squid.conf i have this (with your line added)
Quote:
opensuse:/etc/squid # grep -E '^http_access|^acl' squid.conf
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl localnet src 192.168.0.0/16
acl CONNECT method CONNECT
acl block dstdomain .facebook.com
http_access deny block
http_access allow manager localhost
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
and this works.
 
1 members found this post helpful.
Old 10-22-2011, 11:19 AM   #3
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,194
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
Quote:
Originally Posted by anandnenwani View Post
I want to use Linux squid server for my organization, and i configured linux with two ethernet interfaces, and edit the squid.conf in /etc/squid directory.

as

acl block dstdomain .facebook.com .orkut.com
http_access deny block

and it is not working, and i want to configure it like dat i dont want to make changes in client browsers.

Please reply me, how to do this.i vl really thankful to u.
If you want to deny websites from being used through squid then here is what you need to do

Inside /etc/squid make a file


Code:
#cd /etc/squid

#vi bad-url.acl
.facebook.com
.twitter.com
Code:
#vi squid.conf

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl blocksites url_regex "/etc/squid/bad-url.acl"
http_access deny blocksites
put this entry in /etc/squid.conf

restart the server
 
2 members found this post helpful.
Old 10-22-2011, 01:21 PM   #4
anandnenwani
Member
 
Registered: Oct 2011
Location: India,
Distribution: RHEL,Open SuSE
Posts: 39

Original Poster
Rep: Reputation: Disabled
This is my squid.conf, /etc/squid directory.

acl all src all
acl manager proto cache_object
acl localhost src 192.168.0.59/255.255.255.0
acl to_localhost dst 10.230.0.0/255.0.0.0
acl localnet src 192.168.0.59/255.255.255.0
acl localnet src 10.230.1.1/255.255.255.0
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl shoutcast rep_header X-HTTP09-First-Line ^ICY.[0-9]
acl apache rep_header Server ^Apache
acl dom dstdomain .google.co CONNECT
acl destination dst 10.230.1.0/255.0.0.0
acl localhost src 10.230.1.0/255.0.0.0
acl badsites1 dstdomain .hotmail.com
acl badsites2 srcdomain .hotmail.com






http_access deny manager
http_access allow Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access allow localhost
http_access allow to_localhost
http_access allow all CONNECT
http_access deny all
http_access allow destination
http_access allow localhost
http_access deny badsites1 badsites2
http_access allow all

This is my configured server, and using OpenSUSE 11.4
is there any other to configure like apache or iptable, ad how to use iptables in OpenSUSE11.4.?
my eth0 has 192.168.0.59 and eth1 has 10.230.1.1..
i dont want to set all client's browsers proxy setting also. there is around 120 computers..

Last edited by anandnenwani; 10-22-2011 at 01:40 PM.
 
Old 10-22-2011, 02:31 PM   #5
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,194
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
Here is what you need to do

Code:
#vi /etc/squid/squid.conf

httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
acl lan src 192.168.0.59 10.230.1.0/24
http_access allow lan
IPtables configuration

Code:
#iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
SQUID: Can anyone help me out with the ACL's foubie Linux - Server 5 10-07-2009 09:55 AM
squid acl stopped working uwa45 Linux - Server 5 07-31-2009 03:27 PM
src ACL not working right in Squid bslag Linux - Security 5 05-10-2008 02:00 PM
ACL not working in Squid Ahmad Gurchani Linux - Security 1 05-02-2006 07:49 PM
Squid ACL dfctve_end_user Linux - Networking 2 01-13-2003 10:30 AM


All times are GMT -5. The time now is 10:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration