LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-15-2011, 12:57 AM   #1
esigande
LQ Newbie
 
Registered: Apr 2010
Posts: 14

Rep: Reputation: 0
Squid3 Proxy


Hi All
I need your help on this problem
I have blocked the downloading of the files with file formats as listed
below;It works okey when you try to download by clicking on the link BUT
when you right-click on a link and select the option save link as, it
allows downloads;Does anyone know how to deal with this?

# Access Denied Section
# ============================================== #
# Only allow cachemgr access from localhost
# Only allow purge requests from localhost
acl blockfiles urlpath_regex -i "/etc/squid3/blocks.files.acl"
acl workhours1 time MTWHF 08:00-12:59
acl BlockedSites dstdomain .facebook.com .myspace.com .twitter.com
.warez.com .quepasa.com .yahoo.com .mail.google.com
acl workhours2 time MTWHF 14:00-16:59
http_access deny workhours1 BlockedSites
http_access deny BlockedSites workhours2

#Content of blocks.files.acl
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
\.[Mm][Pp]4$


Regards
Edwin.
 
Old 12-15-2011, 01:46 AM   #2
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
Hello,

Which OS you are using?

I am using RHEL 5.3 and I have also put the same kind of policies and mine is working fine. When I tried the way you described that right clicking on the link and saving it and then it allows you to download, it doesn't happen in my case.

My policies are like :

acl face dstdomain .facebook.com
acl mynet time MTWHF 8:30-17:30
http_access deny face mynet


And for file formats I have put them in squid file itself, not in some other file and then making a policy of retrieving the formats from that file. Here below is my policy in squid file :

e.g.,
acl mp3s url_regex -i \.mp3$
acl mp3s url_regex -i \.wav$
acl mp3s url_regex -i \.piff$
acl mp3s url_regex -i \.scr$
http_access deny mp3s

May be all this can help you.
 
1 members found this post helpful.
Old 12-15-2011, 02:08 AM   #3
esigande
LQ Newbie
 
Registered: Apr 2010
Posts: 14

Original Poster
Rep: Reputation: 0
Squid3 Proxy

Sorry i forgot to mention the OS;
Am using Ubuntu 10.04 LTS. Please try to use any windows machine with IE or Firefox and let me know what happens;
 
Old 12-15-2011, 02:19 AM   #4
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
I'm using Windows XP and I tried to do the same using MSIE and Firefox also but in my case it is not happening.
 
Old 12-15-2011, 02:28 AM   #5
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
Hey,

Quote:
acl blockfiles urlpath_regex -i "/etc/squid3/blocks.files.acl"

I think you haven't blocked blockfiles also.

Add http_access deny blockfiles also to your policy.

And don't use BlockedSites in 2 lines, make it in one line only.

http_access deny workhours1 BlockedSites
http_access deny BlockedSites workhours2


just write:

http_access deny workhours1 workhours2 BlockedSites blockfiles

Try this and let me know.
 
1 members found this post helpful.
Old 12-15-2011, 07:02 AM   #6
esigande
LQ Newbie
 
Registered: Apr 2010
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Satyaveer Arya View Post
Hey,




I think you haven't blocked blockfiles also.

Add http_access deny blockfiles also to your policy.

And don't use BlockedSites in 2 lines, make it in one line only.

http_access deny workhours1 BlockedSites
http_access deny BlockedSites workhours2


just write:

http_access deny workhours1 workhours2 BlockedSites blockfiles

Try this and let me know.
I have tried the above but its not just working;Here are the lines i have put,i also tried to put all in one line but still no luck
Perhaps put the lines down for me the way you have done in yours and i will put them and then try;
here are my lines:
acl blockfiles urlpath_regex -i "/etc/squid3/blocks.files.acl"
acl workhours1 time MTWHF 08:00-12:59
acl BlockedSites dstdomain .facebook.com .myspace.com .twitter.com .warez.com .quepasa.com .yahoo.com .youtube.com
acl workhours2 time MTWHF 14:00-16:59
http_access deny workhours1 workhours2
http_access deny BlockedSites
http_access deny blockfiles
thanks

Last edited by esigande; 12-15-2011 at 07:22 AM.
 
Old 12-16-2011, 02:20 AM   #7
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
Hello esigande,

Have you checked the squid service is running or not? And just check the /var/log/messages what do they say and tell me?
 
Old 12-16-2011, 02:28 AM   #8
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
Hello,

One more thing I would like to add, but I'm not sure. You can try giving the single space between MTWHF.

e.g.,
acl biz_network src 10.1.42.0/24
acl biz_hours time M T W T F 9:00-17:00
http_access allow biz_network biz_hours

Try this and let us know.
 
1 members found this post helpful.
Old 12-19-2011, 04:35 AM   #9
esigande
LQ Newbie
 
Registered: Apr 2010
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Satyaveer Arya View Post
Hello,

One more thing I would like to add, but I'm not sure. You can try giving the single space between MTWHF.

e.g.,
acl biz_network src 10.1.42.0/24
acl biz_hours time M T W T F 9:00-17:00
http_access allow biz_network biz_hours

Try this and let us know.
Hi Arya,
I dont really know where am going wrong,seems its not just happening
I have checked the /var/log/messages but nothing i can make sense out of it;
Should i say that for advanced users their is no way this would work because they will try to go round it?
Try this link wif you will download this mp3;
http://dc225.4shared.com/download/1p...3e3b396f6f37cd
see if your configuration will work
If you are able to give me the exact syntax of file please do so that i can copy and paste then change where appropriate

Thank you so much.
 
Old 12-19-2011, 07:19 AM   #10
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
Blog Entries: 4

Rep: Reputation: 221Reputation: 221Reputation: 221
Quote:
Originally Posted by esigande View Post
Hi All
I need your help on this problem
I have blocked the downloading of the files with file formats as listed
below;It works okey when you try to download by clicking on the link BUT
when you right-click on a link and select the option save link as, it
allows downloads;Does anyone know how to deal with this?
This sounds very unusual and please make sure when you are using right click to download, that website is http or https ?

try this link in you conf file
Code:
acl blockfiles url_regex "/etc/squid3/blocks.files.acl"
http_access deny blockfiles
and make sure the permission on blocks.file is readable

you can limit the download size to prevent download using

Code:
reply_body_max_size
I would like to see the version of your squid
 
Old 12-19-2011, 10:21 AM   #11
esigande
LQ Newbie
 
Registered: Apr 2010
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by deep27ak View Post
This sounds very unusual and please make sure when you are using right click to download, that website is http or https ?

try this link in you conf file
Code:
acl blockfiles url_regex "/etc/squid3/blocks.files.acl"
http_access deny blockfiles
and make sure the permission on blocks.file is readable

you can limit the download size to prevent download using

Code:
reply_body_max_size
I would like to see the version of your squid
Hi,
I have done the above,unfortunately am not winning;Have you tried the other link i posted to see if its not downloading from your end?Please try this link again
http://dc225.4shared.com/download/1p...396f6f37cd,let me know if you are able to download it even after setting the config file to reject.
I will keep trying aswell,Pls use either IE or firefox
 
Old 12-19-2011, 10:33 AM   #12
esigande
LQ Newbie
 
Registered: Apr 2010
Posts: 14

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by deep27ak View Post
This sounds very unusual and please make sure when you are using right click to download, that website is http or https ?

try this link in you conf file
Code:
acl blockfiles url_regex "/etc/squid3/blocks.files.acl"
http_access deny blockfiles
and make sure the permission on blocks.file is readable

you can limit the download size to prevent download using

Code:
reply_body_max_size
I would like to see the version of your squid
Hi,
I have done the above,unfortunately am not winning;Have you tried the other link i posted to see if its not downloading from your end?Please try this link again
http://dc225.4shared.com/download/1p...396f6f37cd,let me know if you are able to download it even after setting the config file to reject.
I will keep trying aswell,Pls use either IE or firefox,by the way its Squid3
 
Old 12-19-2011, 12:34 PM   #13
Satyaveer Arya
Senior Member
 
Registered: May 2010
Location: Palm Island
Distribution: RHEL, CentOS, Debian, Oracle Solaris 10
Posts: 1,420

Rep: Reputation: 305Reputation: 305Reputation: 305Reputation: 305
Yeah, I tried downloading from the link above but it was also restricted from downloading and the page wasn't opening.
 
Old 12-20-2011, 02:02 AM   #14
esigande
LQ Newbie
 
Registered: Apr 2010
Posts: 14

Original Poster
Rep: Reputation: 0
guys,
i have equally tried to put the lines in the actual file,is this correct
acl blockfiles url_regex -i \.[Ee][Xx][Ee]$
acl blockfiles url_regex -i \.[Aa][Vv][Ii]$
acl blockfiles url_regex -i \.[Mm][Pp][Gg]$
acl blockfiles url_regex -i \.[Mm][Pp][Ee][Gg]$
acl blockfiles url_regex -i \.[Mm][Pp]3$
acl blockfiles url_regex -i \.[Mm][Pp]4$
acl workhours1 time M T W H F 08:00-12:59
acl BlockedSites dstdomain .facebook.com .myspace.com .twitter.com .warez.com .quepasa.com .yahoo.com .youtube.com
acl workhours2 time M T W H F 14:00-16:59
http_access deny workhours1 workhours2
http_access deny BlockedSites
http_access deny blockfiles
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
squid3 for debian romazetiawan Linux - Software 1 04-15-2011 12:28 AM
transparent proxy with squid3 proxy help wanted to get it working keevill Linux - Newbie 11 02-21-2011 02:59 AM
Squid3 on fedora 11 alexdagr8est Linux - Server 0 08-18-2009 09:52 PM
Totally messed up with squid3 as transparent proxy PATRINOS06 Linux - Networking 2 10-12-2008 01:10 PM
squid3 use only RAM xxxx Linux - Server 0 09-16-2008 03:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:50 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration