LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Closed Thread
 
Search this Thread
Old 11-10-2006, 08:23 PM   #1
addipolli
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Rep: Reputation: 0
How to block urls for specific ip in squid


Hi,

I want to block some urls (yahoomail,gmail
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 11-10-2006, 08:29 PM   #2
addipolli
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Question How to block urls for specific ip in squid

Hi,

I am using squid 2 as my proxy. I want to block the urls (yahoo mail, gmail) only for some systems in the network.
How can i do this in squid

Can any one help me.
 
Old 11-10-2006, 10:00 PM   #3
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by addipolli
Hi,

I am using squid 2 as my proxy. I want to block the urls (yahoo mail, gmail) only for some systems in the network.
How can i do this in squid

Can any one help me.
it's basically three steps:

1 - make an ACL for the subnet/range you want to block the URL from...

2 - make an ACL for the URLs you wish to block...

3 - create an "http_access deny" rule using those two ACLs...

for example:
Code:
acl banned_clients src 192.168.12.0/255.255.255.0
acl sucky_url dstdomain .microsoft.com
http_access deny banned_clients sucky_url
that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com...

here's another example:
Code:
acl banned_clients src 192.168.12.12-192.168.12.65
acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com
http_access deny banned_clients sucky_urls
that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...

Last edited by win32sux; 11-11-2006 at 05:19 PM.
 
Old 11-11-2006, 02:39 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,397

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
within squid you can just use the dstdomain directive in an acl to deny domains.
Code:
acl DSTDOMAIN dstdomain .deny.com
http_access deny DSTDOMAIN
 
Old 11-11-2006, 03:17 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,280
Blog Entries: 54

Rep: Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854
To the OP: posting a question twice in a row with an interval of n minutes verges on the edge of spamming. Please be more careful. TIA
 
Old 11-14-2006, 01:45 AM   #6
addipolli
LQ Newbie
 
Registered: Apr 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by win32sux
it's basically three steps:

1 - make an ACL for the subnet/range you want to block the URL from...

2 - make an ACL for the URLs you wish to block...

3 - create an "http_access deny" rule using those two ACLs...

for example:
Code:
acl banned_clients src 192.168.12.0/255.255.255.0
acl sucky_url dstdomain .microsoft.com
http_access deny banned_clients sucky_url
that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com...

here's another example:
Code:
acl banned_clients src 192.168.12.12-192.168.12.65
acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com
http_access deny banned_clients sucky_urls
that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...

It worked & Thankyou very much
 
Old 11-20-2006, 04:54 PM   #7
cj_cheema
Member
 
Registered: Mar 2006
Location: INDIA
Distribution: RedHat, SuSE, Debian
Posts: 156

Rep: Reputation: 15
Please clear my doubt

Quote:
Originally Posted by win32sux
it's basically three steps:

1 - make an ACL for the subnet/range you want to block the URL from...

2 - make an ACL for the URLs you wish to block...

3 - create an "http_access deny" rule using those two ACLs...

for example:
Code:
acl banned_clients src 192.168.12.0/255.255.255.0
acl sucky_url dstdomain .microsoft.com
http_access deny banned_clients sucky_url
that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com...

here's another example:
Code:
acl banned_clients src 192.168.12.12-192.168.12.65
acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com
http_access deny banned_clients sucky_urls
that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...
Hi win32sux
Thanx for your steps which u have posted actually i was also searchinig this type of configuration. But i have little problem hope u may favour me, actually i'm new in linux and having no experiance. so could u tell me where i have to edit these steps in squid.conf file actually i have check in "ACCESS CONTROL" but i have found no such thing in it only this line was mention something like this in access controls ie:
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR
# CLIENTS
#
http_access deny all

In above lines where i have to edit ur steps. Please assist me.

Thanx
CJ Cheema
mail me: cj_cheema@hotmail.com

Last edited by cj_cheema; 11-20-2006 at 04:58 PM.
 
Old 11-21-2006, 05:21 AM   #8
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by cj_cheema
Hi win32sux
Thanx for your steps which u have posted actually i was also searchinig this type of configuration. But i have little problem hope u may favour me, actually i'm new in linux and having no experiance. so could u tell me where i have to edit these steps in squid.conf file actually i have check in "ACCESS CONTROL" but i have found no such thing in it only this line was mention something like this in access controls ie:
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR
# CLIENTS
#
http_access deny all

In above lines where i have to edit ur steps. Please assist me.

Thanx
CJ Cheema
mail me: cj_cheema@hotmail.com
insert the http_access rule right there in the part where it says "INSERT YOUR OWN RULES HERE" (right before the "http_access deny all"... then find the ACL section further-up and append your ACLs to the end of that section... i'd also recommend getting-rid of all the comments to make editing the file easier...
 
Old 11-22-2006, 05:54 PM   #9
cj_cheema
Member
 
Registered: Mar 2006
Location: INDIA
Distribution: RedHat, SuSE, Debian
Posts: 156

Rep: Reputation: 15
Thanx for ur assistance

Quote:
Originally Posted by win32sux
insert the http_access rule right there in the part where it says "INSERT YOUR OWN RULES HERE" (right before the "http_access deny all"... then find the ACL section further-up and append your ACLs to the end of that section... i'd also recommend getting-rid of all the comments to make editing the file easier...

Hi Win32sux

thanx for ur assistance. Now it is working.

Thanx again

Regards
CJ Cheema
 
Old 11-24-2008, 01:20 AM   #10
korexmohan
LQ Newbie
 
Registered: Nov 2008
Posts: 17

Rep: Reputation: 0
Creatind block list

Hi Pals,
Is there a option to create a file for block list and that can be linked to squid.conf. So whenever i want to add a site name in block list i can edit that external file and will be easy to handle....
 
0 members found this post helpful.
Old 11-24-2008, 02:04 AM   #11
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Quote:
Originally Posted by korexmohan View Post
Hi Pals,
Is there a option to create a file for block list and that can be linked to squid.conf. So whenever i want to add a site name in block list i can edit that external file and will be easy to handle....
Yes. Go to the ACL section of the Squid FAQ. Then, click on I want to put ACL parameters in an external file. That shows you how to do it. That said, please don't resurrect dead threads. And please do some searching before posting questions. I know for a fact this question has been asked, answered, and discussed several times here on LQ. Thread closed.

Last edited by win32sux; 11-24-2008 at 02:05 AM.
 
2 members found this post helpful.
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Restricting URLs on desktop - squid? pete_bogg Slackware 6 06-20-2006 08:47 AM
block specific users in squid alan.belizario Linux - Security 4 09-09-2005 11:43 PM
How to block specific IPs? cranium2004 Linux - Networking 3 04-01-2005 09:02 AM
Firefox URLs with Squid win32sux Linux - Software 5 03-24-2005 02:03 PM
Squid Limit Urls Roach Linux - Networking 3 12-06-2004 11:59 AM


All times are GMT -5. The time now is 02:53 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration