LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 09-03-2013, 08:20 AM   #1
StevenMorrison
LQ Newbie
 
Registered: Sep 2013
Posts: 2

Rep: Reputation: Disabled
Question Squid Proxy


Hi Linux Administrators

I am quite new in the Linux environment.
I am struggling getting 2 users to access specific websites through the proxy but both of them are restricted in the allowhosts.txt.
The main problem i am having is that for whatever reason the websites i add on the allowurls.txt works but not correctly.

For example dropbox.com & news24.com does not show right in IE8,9 and Firefox with the restricted access through the proxy but with full access it shows right.

I have tried everything from my side but not even google gives me a step into a direction to try anymore.

Would really appreciate some help here.
 
Old 09-03-2013, 12:47 PM   #2
cdhjrt
Member
 
Registered: Mar 2002
Location: Marysville, WA
Distribution: Redhat, Win2K, Solaris
Posts: 41

Rep: Reputation: 15
This is probably due to the sites calling out to other sites outside of their domain. You will need to watch the squid logs to determine which sites will also need to be opened. This happens on lots of web sites so you will probably need yo do this every time you add a new site. Most of the time it's just advertisements but not always.

IE: dropbox.com may be the front end but after you log in you go to securesite.com or some of the icons may come from secdropbox.com. In either case the other domain will need to be added.

Hope this helps.
 
Old 09-04-2013, 02:59 AM   #3
geox
Member
 
Registered: Jan 2012
Posts: 42

Rep: Reputation: 2
I have used Squid a number of years and to be honest: it did not bring me anything.
I decided to drop Squid years ago and glad I did. Most browsers have plenty of cache so if you are using Squid to save bandwidth it will not really save all that much.

If you want/need access restriction it is better to setup a firewall that limits outbound traffic to certain hosts. Using iptables to do that is also much, much more efficient (read: less CPU) than using Squid to do this.

If you really want/have to use Squid, and get a real answer instead , you should set exceptions for sites that do not work well using Squid. I know I spent most of my Squid administration time on adding exceptions

Last edited by geox; 09-04-2013 at 03:00 AM.
 
Old 09-04-2013, 04:59 AM   #4
SAbhi
Member
 
Registered: Aug 2009
Location: Bangaluru, India
Distribution: CentOS 6.5, SuSE SLED/ SLES 10.2 SP2 /11.2, Fedora 11/16
Posts: 664

Rep: Reputation: 80
well it is always good to share what you ahev tried so far or what is there in your configuration file...

thats ways w can figure out better what is causing you a prob..

what are these files allowuser.txt and allowurl.txt & where did you used them in your squid config ?
 
Old 09-04-2013, 05:44 AM   #5
geox
Member
 
Registered: Jan 2012
Posts: 42

Rep: Reputation: 2
I used to use a wpad.dat file on my local webserver and dug it out of my archive
You can use this to make exceptions for certain sites.
If you set your browser to "detect proxy settings automatically" they will automatically use this file.
Note that you need this file in the root of your webserver on your local network. It has to be available under 2 different filenames: proxy.pac and wpad.dat
Symlink is easiest to get this done.

Cleaned up wpad.dat/proxy.pac:
Code:
function FindProxyForURL(url, host)
{
    // For servers in the local domain, go direct. Add more exceptions as needed
    if ( isPlainHostName(host)
      || dnsDomainIs(host, ".xxx.xx")
      || dnsDomainIs(host, "xxxxxxx.net")
       )
        return "DIRECT";

    // If it's not local, use the cache server.
    return "PROXY myserver.lan:8080";
}
 
Old 09-04-2013, 09:44 AM   #6
cdhjrt
Member
 
Registered: Mar 2002
Location: Marysville, WA
Distribution: Redhat, Win2K, Solaris
Posts: 41

Rep: Reputation: 15
Quote:
Originally Posted by geox View Post

If you want/need access restriction it is better to setup a firewall that limits outbound traffic to certain hosts. Using iptables to do that is also much, much more efficient (read: less CPU) than using Squid to do this.

If you really want/have to use Squid, and get a real answer instead , you should set exceptions for sites that do not work well using Squid. I know I spent most of my Squid administration time on adding exceptions
I've also spent many years maintaining squid servers on both Windows and *nix servers. I would recommend Squid as it's a solid and tested product.

Trying to use a firewall as a web filter is easier then using a proxy? Some sites have many ip addresses how much time will it take to constantly add ip addresses to your firewall? I know we have at least 20 for our site alone. Think of all the ip's the Amazon has, www.amazon.com (1 IP address) fls-na.amazon.com (+1 IP address) all the images are called from ecx-images.amazon.com (+8 ip addresses) and that's just the beginning of the page.

So using a firewall to restrict access would leave the OP with the same problems. The sites in question call out to different sites when they build the web page. The OP will need to get the name/ip address of the 3rd part sites and add them to squid. This can be done by watching the log files (use tail -f logfilename on Linux)

StevenMorrison, you might also try squidguard one of many products with a squid back end designed as a web filter. Google search Squid web filter to find others.
 
Old 09-04-2013, 09:58 AM   #7
geox
Member
 
Registered: Jan 2012
Posts: 42

Rep: Reputation: 2
I agree that Squid is a solid and well tested product. That is why i used it for 5 years! I just found I did not really need to use it anymore.

I did not consider the multi-ip per hostname/domainname case, I agree this would be problematic to use in a production environment.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Proxy Server on Ubuntu and WPAD - Proxy Auto Detection cheesewizz Linux - Networking 1 12-10-2010 03:49 AM
configure squid proxy with cc proxy as a parent proxy faisi Linux - Networking 1 08-10-2010 02:16 PM
Using ISA Server as Parent Proxy and want to setup Squid as dwonstream proxy tauseef1 Red Hat 1 04-09-2008 02:03 AM
configure squid proxy with microsoft proxy as a parent proxy nintykola Linux - Software 1 08-28-2007 02:38 AM


All times are GMT -5. The time now is 04:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration