LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Squid proxy allow/deny set of clients (http://www.linuxquestions.org/questions/linux-security-4/squid-proxy-allow-deny-set-of-clients-740529/)

borganve 07-16-2009 09:12 AM

Squid proxy allow/deny set of clients
 
Hello, i am using linux server with lenny and squid proxy server installed, i configured 2 NICs with the server and packets well forwarding to my clients. Now the questions

1) I want to allow certain clients(by IP) to access internet and disallow to others how to do this in Server with squid.conf file. this setting is done only in server or some settings with clients also?, I guess clients browser should be configured to access web through proxy while doing same it was asking Address and port, so which ip and port i have to give.

2) I am using webmin as web based front end for administration, in which section i have to do this please reply me.

Thanks in advance
Shital

win32sux 07-16-2009 09:22 AM

Quote:

Originally Posted by borganve (Post 3609512)
Hello, i am using linux server with lenny and squid proxy server installed, i configured 2 NICs with the server and packets well forwarding to my clients. Now the questions

1) I want to allow certain clients(by IP) to access internet and disallow to others how to do this in Server with squid.conf file. this setting is done only in server or some settings with clients also?, I guess clients browser should be configured to access web through proxy while doing same it was asking Address and port, so which ip and port i have to give.

2) I am using webmin as web based front end for administration, in which section i have to do this please reply me.

You just need to create some ACLs for the IPs you want to allow, then deny access to all requests not matching that ACL. Here's a simple example of how it's done:
Code:

acl nice_guys src 192.168.1.104-192.168.1.157
http_access allow nice_guys
http_access deny all

The Squid which comes with Lenny will listen on port 3128 by default (as most do), so you'd need to tell your clients to use that port on Squid's IP. I don't know how any of this is done through Webmin, but it's really just a matter of adding a couple lines to squid.conf so it shouldn't be a big deal for you to do it directly. Just make sure to create proper backups, etc.

Also, keep in mind that unless you have physical control over the network, as well as administrative control over the hosts, it's easy for someone to assign themselves an IP on your allowed ACL, thereby gaining unauthorized access through Squid.


All times are GMT -5. The time now is 05:12 AM.