LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (http://www.linuxquestions.org/questions/linux-server-73/)
-   -   How to restrict facebook (http://www.linuxquestions.org/questions/linux-server-73/how-to-restrict-facebook-929630/)

kanna411988 02-16-2012 02:49 AM

How to restrict facebook
 
How to block the some websites for the particular ip address in squid server.I am new to the squid server.Can any one guide me

EricTRA 02-16-2012 02:56 AM

Hello,

You can use what's explained in this blog to block Facebook access for an entire LAN or specific IP.

Kind regards,

Eric

kanna411988 02-16-2012 03:07 AM

i have created some lists like allowed.clients and restricte_sites are the files in the usr/local/etc/ path.I want to block the facebook for the particular ip addresses in the network.And i have to allow some websites to the particular user(Ip addresses)

deep27ak 02-16-2012 06:23 AM

which distro are you using? here is a sample syntax

Code:

acl imp_people src 10.10.10.30
acl goodsites dstdomain .yahoo.com
http_access allow CONNECT goodsites
http_access allow  imp_people
https_access deny all

similarly you can block websites for few USERS

kanna411988 02-16-2012 11:19 PM

This is i am using in squid.cof file

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webapp_port port 81
acl webapp_ip dst 10.1.7.21
acl CONNECT method CONNECT
#acl block_host src 192.168.1.200

acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
#acl badsites dstdomain "/usr/local/etc/restricted_sites"
acl isoft_net src 192.168.1.0/255.255.255.0
#acl badsites dstdomain "/usr/local/etc/restricted.site"

acl fb dstdomain .facebook.com

#http_access deny badsites
http_access allow isoft_net
http_access deny !allowed_clients fb
#http_access deny badsites

deep27ak 02-17-2012 12:52 AM

to block facebook for few users

Code:

acl denied_users src 192.168.1.50 192.168.1.23
acl badsite dstdomain .facebook.com
http_access deny badsite
http_access allow all
http_access allow denied_users


kanna411988 02-17-2012 01:23 AM

I have a small doubt if is place the denied ip address in a file .how to define in the squid file directory.

Ex:you have given me the ip address acl denied_users src 192.168.1.50 192.168.1.23
instead of that how to place all the ip address in one file .I want to block the some other sites also like hi5.com,orkut.com

deep27ak 02-17-2012 01:47 AM

Code:

acl mynetwork src 192.168.1.0/24
http_access allow mynetwork
http_access deny all

mention all the IP address with special permission in the same place
Code:

acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users

or create a file in /etc/squid
Code:

#vi badsites.acl
.facebook.com
.yahoo.com

in squid.conf
Code:

acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites


kanna411988 02-17-2012 02:08 AM

Hello,

Where should i define following code in squid.conf.
And remains details in the below squid.conf file.Can you conform.If anything goes wrong total internet will distrube.i create the badsites.acl file.Can you write the code in the below squid.conf file

acl mynetwork src 192.168.1.0/24
http_access allow mynetwork
http_access deny all

mention all the IP address with special permission in the same place
Code:

acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users

or create a file in /etc/squid
Code:

#vi badsites.acl
.facebook.com
.yahoo.com

in squid.conf
Code:

acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites


#############This is the present squid.conf file in the server,##############



[U]#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webapp_port port 81
acl webapp_ip dst 10.1.7.21
acl CONNECT method CONNECT
#acl block_host src 192.168.1.200

acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
#acl badsites dstdomain "/usr/local/etc/restricted_sites"
acl isoft_net src 192.168.1.0/255.255.255.0
#acl badsites dstdomain "/usr/local/etc/restricted.site"

acl fb dstdomain .facebook.com

#http_access deny badsites
http_access allow isoft_net
http_access deny !allowed_clients fb
#http_access deny badsites


##############################################################################3

deep27ak 02-17-2012 02:13 AM

Show me your allowed.clients file

put the acl where other acls are mentioned
there is a section in squid.conf

Code:

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
Code:

acl isoft_net src 192.168.1.0/255.255.255.0
http_access allow isoft_net


acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users

create a file in /etc/squid

#vi badsites.acl
.facebook.com
.yahoo.com

acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites


kanna411988 02-17-2012 02:32 AM

Please check the files allowed.clients file under usr/local/etc/allowed.clients

192.168.1.17
192.168.1.6
192.168.1.55

deep27ak 02-17-2012 03:54 AM

I have never tried working with putting all IPs in one file so I wont be able to help if that works

kanna411988 02-17-2012 04:17 AM

I will try the above one which you guide me for the modify code in the squid.conf file.

kanna411988 03-05-2012 12:32 AM

acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
acl Badsites dstdomain "/usr/local/etc/restricted_sites"
acl soft_net src 192.168.1.0/255.255.255.0
acl badsites dstdomain "/usr/local/etc/restricted.site"

In the allowed.clinets file i defined the ip address list 192.168.1.4 and 192.168.1.8

and restricted.site file defined that blocked for the remaing users


But it is not working still that users able to access the facebook and other sites

deep27ak 03-05-2012 12:53 AM

Quote:

Originally Posted by kanna411988 (Post 4618605)
acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
acl Badsites dstdomain "/usr/local/etc/restricted_sites"
acl soft_net src 192.168.1.0/255.255.255.0
acl badsites dstdomain "/usr/local/etc/restricted.site"

In the allowed.clinets file i defined the ip address list 192.168.1.4 and 192.168.1.8

and restricted.site file defined that blocked for the remaing users


But it is not working still that users able to access the facebook and other sites

check and compare the syntax you are using from the one I had posted
Code:

acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites

and I don't see any http_access syntax in your config file?
Now I can't go on and imagine your config file so it would be better if you post with all the related information


All times are GMT -5. The time now is 01:22 PM.