LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   ACL not working in Squid (https://www.linuxquestions.org/questions/linux-security-4/acl-not-working-in-squid-440784/)

Ahmad Gurchani 05-02-2006 01:44 AM
ACL not working in Squid
 
Hey, i m using this squid.conf in Redhat E3,Squid Server. On my client Computers(windowsXP), these acl url_regex is not working Until i specify the ip address in the internet explorer setting (Internet Options -> Connections ->LAN Setting -> Proxy Server)manually. if i specify the ip in the setting of internet explorer proxy setting then acl url_regex works properly, but if some user uses AUTOMATICALLY DETECT SETTING and disable proxy server ip in the internet explorer setting, then this acl dont work.

...........................
http_port 80
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8

acl local_lan src 192.168.1.0/24

acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

acl blocked1 url_regex movie
acl blocked2 url_regex porn
acl blocked3 url_regex boobs
acl blocked4 url_regex casino
acl blocked5 url_regex fuck

http_access deny blocked1
http_access deny blocked2
http_access deny blocked3
http_access deny blocked4
http_access deny blocked5

http_access allow local_lan
http_access allow localhost
http_access deny all

http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid

win32sux 05-02-2006 06:49 PM
if you are concerend because they are able to bypass squid, then what you probably should do is configure squid in transparent mode... this way they don't even need to configure anything on internet exploder and they will still be using the proxy - whether they like it or not... :)

http://www.google.com/linux?&q=squid+transparent


All times are GMT -5. The time now is 05:09 PM.