LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices



Reply
 
Search this Thread
Old 10-28-2009, 08:36 PM   #1
bittus
Member
 
Registered: Aug 2006
Posts: 151

Rep: Reputation: 15
Squid not blocking websites


I am trying to configure a squid proxy in such a way that it will be blocking all the unwanted sites I list in a file. But I can see that the configuration is not getting worked.

My config is as follows :


squid.conf
Quote:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8

acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network

acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl cok src 192.168.1.0/24
acl blocksites url_regex "/usr/local/squid/blocked.domains.acl"

http_access allow cok
http_access deny blocksites
http_access allow manager localhost
http_access deny manager
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all
blocked.domains.acl
Quote:
.orkut.com
.gmail.com
.yahoo.com
.hotmail.com
I can access all the sites using this squid, even the blocked ones are getting opened

Can someone help me on this ?

I also need help on the log files of squid. I don't understand a single line from squid. Can someone suggest me an efficient squid log reader ?

Version of my squid:
The command squid -v gives me the result :
Squid Cache: Version 3.0.STABLE19

Thanks in advance.

Last edited by bittus; 10-28-2009 at 08:47 PM. Reason: additional info
 
Old 10-29-2009, 03:27 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Is this "cok" acl relevant? What are your source IP's?
 
Old 10-29-2009, 05:09 AM   #3
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,628

Rep: Reputation: Disabled
Try putting the cok acl in http_access area below blocksites. Your cok acl states all the ip addresses in the range. And if that is the range of your systems then it aint going to work. It will parse from top to bottom so the first acl that is matched is cok which allowed everything.
 
Old 11-03-2009, 07:48 PM   #4
bittus
Member
 
Registered: Aug 2006
Posts: 151

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by linuxlover.chaitanya View Post
Try putting the cok acl in http_access area below blocksites. Your cok acl states all the ip addresses in the range. And if that is the range of your systems then it aint going to work. It will parse from top to bottom so the first acl that is matched is cok which allowed everything.
Thanks Chaitanya. It works now. I dont know somehow I missed that order. Thanks again for reminding me
 
Old 11-04-2009, 04:10 AM   #5
linuxlover.chaitanya
Senior Member
 
Registered: Apr 2008
Location: Nagpur, India
Distribution: Cent OS 5/6, Ubuntu Server 10.04
Posts: 4,628

Rep: Reputation: Disabled
Good to hear you got it working.
 
  


Reply

Tags
block, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Blocking websites valdez_42 Linux - Newbie 6 06-29-2009 12:01 AM
blocking websites with squid tariq07 Linux - Security 2 03-03-2007 03:39 AM
Blocking websites in squid proxy server. crackerB Linux - Software 1 10-18-2006 03:44 AM
blocking websites fakie_flip Linux - Software 7 09-02-2006 08:57 PM
Squid problem ... blocking some websites rickyinman Linux - Networking 4 04-11-2006 01:26 PM


All times are GMT -5. The time now is 08:08 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration