Squid Allow Block Site TO some ip

sachin151080 · 11-04-2009, 11:07 AM

hi,

is there any way to allow blocked particular site to particular IP in squid or dansguardian.

will be very much thankfull

win32sux · 11-04-2009, 11:41 AM

Quote:

Originally Posted by sachin151080

is there any way to allow blocked particular site to particular IP in squid or dansguardian.

Yes. This was actually asked and answered less than a week ago right here.

sachin151080 · 11-05-2009, 04:37 AM

hi,

thanx for your reply

you not yet understand my question

i blocked Facebook & Orkut to all user but now i want to open only facebook to particular user or IP

Thankx

gr33d · 11-05-2009, 08:47 AM

im not intimately familiar with users in squid, but if you want to allow IPs, just add an ACL for the IP range (or several ACL's for each nonadjacent IP) and place some http_access_allow <ACL NAME> lines above the http_access_deny lines

if you provide the appropriate sections of your /etc/squid/squid.conf file, i could probably give you specific examples.

win32sux · 11-05-2009, 09:03 AM

Quote:

Originally Posted by sachin151080

i blocked Facebook & Orkut to all user but now i want to open only facebook to particular user or IP

Only allow the IP to bypass the restriction on Facebook, right (not Orkut)?

You need to stick an http_access line above the one(s) which block the domains. Example:

Code:

acl special_client src 192.168.2.36
acl facebook dstdomain .facebook.com
acl orkut dstdomain .orkut.com

http_access allow facebook special_client
http_access deny facebook
http_access deny orkut
http_access allow all

sachin151080 · 11-06-2009, 01:35 AM

hi,

thanks win32sux

finally u resoved my problem, u r genious

my last question to u it is possible to create one file like exception ip list for particular site instead of creating acl for each ip & site

For Ex.

192.168.0.2 facebook.com
192.168.0.3 orkut.com
192.168.0.50 facebook.com

because no.of acl list may affect on performance of squid proxy

Once again thanx for your quick reply.

gr33d · 11-06-2009, 05:56 AM

yes, this is possible. make your file. lets call it /etc/squid/badsites.acl and add this to your config file

acl badsites dstdomain "/etc/squid/badsites.acl"
http_access deny badsites

your file should look like this (one url per line):
url1
url2
url3

restart squid

win32sux · 11-06-2009, 12:21 PM

I think you'd wanna do like gr33d said, but with an exception IP list instead.

You'd then match that ACL to certain domains, like:

Code:

acl special_clients src "/etc/squid/special_client_ips.txt"
acl facebook dstdomain .facebook.com
acl orkut dstdomain .orkut.com
http_access allow facebook special_clients
http_access deny facebook
http_access deny orkut
http_access allow all

You could also stick both client IPs and destination domains into lists, then do like:

Code:

acl special_clients src "/etc/squid/special_client_ips.txt"
acl bad_domains dstdomain "/etc/squid/bad_domains.txt"
http_access allow bad_domains special_clients
http_access deny bad_domains
http_access allow all

subhojit · 11-07-2009, 06:34 AM

hi,
i want to restrict sites like orkut, gmail in squid but i want to give access of these sites to some specific users, how can i achieve it

win32sux · 11-07-2009, 11:20 AM

Quote:

Originally Posted by subhojit

hi,
i want to restrict sites like orkut, gmail in squid but i want to give access of these sites to some specific users, how can i achieve it

Have you tried the examples provided above?

sachin151080 · 11-08-2009, 02:22 AM

hi,

win32sux

thanx for your valuable reply i tried both the option both are working fine
u given solution exactly what i want.

thanx u r genious in linux

Regards

Sachin J.