LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Squid3 Proxy (https://www.linuxquestions.org/questions/linux-newbie-8/squid3-proxy-918815/)

esigande 12-15-2011 12:57 AM

Squid3 Proxy
 
Hi All
I need your help on this problem
I have blocked the downloading of the files with file formats as listed
below;It works okey when you try to download by clicking on the link BUT
when you right-click on a link and select the option save link as, it
allows downloads;Does anyone know how to deal with this?

# Access Denied Section
# ============================================== #
# Only allow cachemgr access from localhost
# Only allow purge requests from localhost
acl blockfiles urlpath_regex -i "/etc/squid3/blocks.files.acl"
acl workhours1 time MTWHF 08:00-12:59
acl BlockedSites dstdomain .facebook.com .myspace.com .twitter.com
.warez.com .quepasa.com .yahoo.com .mail.google.com
acl workhours2 time MTWHF 14:00-16:59
http_access deny workhours1 BlockedSites
http_access deny BlockedSites workhours2

#Content of blocks.files.acl
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
\.[Mm][Pp]4$


Regards
Edwin.

Satyaveer Arya 12-15-2011 01:46 AM

Hello,

Which OS you are using?

I am using RHEL 5.3 and I have also put the same kind of policies and mine is working fine. When I tried the way you described that right clicking on the link and saving it and then it allows you to download, it doesn't happen in my case.

My policies are like :

acl face dstdomain .facebook.com
acl mynet time MTWHF 8:30-17:30
http_access deny face mynet


And for file formats I have put them in squid file itself, not in some other file and then making a policy of retrieving the formats from that file. Here below is my policy in squid file :

e.g.,
acl mp3s url_regex -i \.mp3$
acl mp3s url_regex -i \.wav$
acl mp3s url_regex -i \.piff$
acl mp3s url_regex -i \.scr$
http_access deny mp3s

May be all this can help you.

esigande 12-15-2011 02:08 AM

Squid3 Proxy
 
Sorry i forgot to mention the OS;
Am using Ubuntu 10.04 LTS. Please try to use any windows machine with IE or Firefox and let me know what happens;

Satyaveer Arya 12-15-2011 02:19 AM

I'm using Windows XP and I tried to do the same using MSIE and Firefox also but in my case it is not happening.

Satyaveer Arya 12-15-2011 02:28 AM

Hey,

Quote:

acl blockfiles urlpath_regex -i "/etc/squid3/blocks.files.acl"

I think you haven't blocked blockfiles also.

Add http_access deny blockfiles also to your policy.

And don't use BlockedSites in 2 lines, make it in one line only.

http_access deny workhours1 BlockedSites
http_access deny BlockedSites workhours2


just write:

http_access deny workhours1 workhours2 BlockedSites blockfiles

Try this and let me know.

esigande 12-15-2011 07:02 AM

Quote:

Originally Posted by Satyaveer Arya (Post 4550356)
Hey,




I think you haven't blocked blockfiles also.

Add http_access deny blockfiles also to your policy.

And don't use BlockedSites in 2 lines, make it in one line only.

http_access deny workhours1 BlockedSites
http_access deny BlockedSites workhours2


just write:

http_access deny workhours1 workhours2 BlockedSites blockfiles

Try this and let me know.

I have tried the above but its not just working;Here are the lines i have put,i also tried to put all in one line but still no luck
Perhaps put the lines down for me the way you have done in yours and i will put them and then try;
here are my lines:
acl blockfiles urlpath_regex -i "/etc/squid3/blocks.files.acl"
acl workhours1 time MTWHF 08:00-12:59
acl BlockedSites dstdomain .facebook.com .myspace.com .twitter.com .warez.com .quepasa.com .yahoo.com .youtube.com
acl workhours2 time MTWHF 14:00-16:59
http_access deny workhours1 workhours2
http_access deny BlockedSites
http_access deny blockfiles
thanks

Satyaveer Arya 12-16-2011 02:20 AM

Hello esigande,

Have you checked the squid service is running or not? And just check the /var/log/messages what do they say and tell me?

Satyaveer Arya 12-16-2011 02:28 AM

Hello,

One more thing I would like to add, but I'm not sure. You can try giving the single space between MTWHF.

e.g.,
acl biz_network src 10.1.42.0/24
acl biz_hours time M T W T F 9:00-17:00
http_access allow biz_network biz_hours

Try this and let us know.

esigande 12-19-2011 04:35 AM

Quote:

Originally Posted by Satyaveer Arya (Post 4551350)
Hello,

One more thing I would like to add, but I'm not sure. You can try giving the single space between MTWHF.

e.g.,
acl biz_network src 10.1.42.0/24
acl biz_hours time M T W T F 9:00-17:00
http_access allow biz_network biz_hours

Try this and let us know.

Hi Arya,
I dont really know where am going wrong,seems its not just happening
I have checked the /var/log/messages but nothing i can make sense out of it;
Should i say that for advanced users their is no way this would work because they will try to go round it?
Try this link wif you will download this mp3;
http://dc225.4shared.com/download/1p...3e3b396f6f37cd
see if your configuration will work
If you are able to give me the exact syntax of file please do so that i can copy and paste then change where appropriate

Thank you so much.

deep27ak 12-19-2011 07:19 AM

Quote:

Originally Posted by esigande (Post 4550311)
Hi All
I need your help on this problem
I have blocked the downloading of the files with file formats as listed
below;It works okey when you try to download by clicking on the link BUT
when you right-click on a link and select the option save link as, it
allows downloads;Does anyone know how to deal with this?

This sounds very unusual and please make sure when you are using right click to download, that website is http or https ?

try this link in you conf file
Code:

acl blockfiles url_regex "/etc/squid3/blocks.files.acl"
http_access deny blockfiles

and make sure the permission on blocks.file is readable

you can limit the download size to prevent download using

Code:

reply_body_max_size
I would like to see the version of your squid

esigande 12-19-2011 10:21 AM

Quote:

Originally Posted by deep27ak (Post 4553599)
This sounds very unusual and please make sure when you are using right click to download, that website is http or https ?

try this link in you conf file
Code:

acl blockfiles url_regex "/etc/squid3/blocks.files.acl"
http_access deny blockfiles

and make sure the permission on blocks.file is readable

you can limit the download size to prevent download using

Code:

reply_body_max_size
I would like to see the version of your squid

Hi,
I have done the above,unfortunately am not winning;Have you tried the other link i posted to see if its not downloading from your end?Please try this link again
http://dc225.4shared.com/download/1p...396f6f37cd,let me know if you are able to download it even after setting the config file to reject.
I will keep trying aswell,Pls use either IE or firefox

esigande 12-19-2011 10:33 AM

Quote:

Originally Posted by deep27ak (Post 4553599)
This sounds very unusual and please make sure when you are using right click to download, that website is http or https ?

try this link in you conf file
Code:

acl blockfiles url_regex "/etc/squid3/blocks.files.acl"
http_access deny blockfiles

and make sure the permission on blocks.file is readable

you can limit the download size to prevent download using

Code:

reply_body_max_size
I would like to see the version of your squid

Hi,
I have done the above,unfortunately am not winning;Have you tried the other link i posted to see if its not downloading from your end?Please try this link again
http://dc225.4shared.com/download/1p...396f6f37cd,let me know if you are able to download it even after setting the config file to reject.
I will keep trying aswell,Pls use either IE or firefox,by the way its Squid3

Satyaveer Arya 12-19-2011 12:34 PM

Yeah, I tried downloading from the link above but it was also restricted from downloading and the page wasn't opening.

esigande 12-20-2011 02:02 AM

guys,
i have equally tried to put the lines in the actual file,is this correct
acl blockfiles url_regex -i \.[Ee][Xx][Ee]$
acl blockfiles url_regex -i \.[Aa][Vv][Ii]$
acl blockfiles url_regex -i \.[Mm][Pp][Gg]$
acl blockfiles url_regex -i \.[Mm][Pp][Ee][Gg]$
acl blockfiles url_regex -i \.[Mm][Pp]3$
acl blockfiles url_regex -i \.[Mm][Pp]4$
acl workhours1 time M T W H F 08:00-12:59
acl BlockedSites dstdomain .facebook.com .myspace.com .twitter.com .warez.com .quepasa.com .yahoo.com .youtube.com
acl workhours2 time M T W H F 14:00-16:59
http_access deny workhours1 workhours2
http_access deny BlockedSites
http_access deny blockfiles


All times are GMT -5. The time now is 04:11 AM.