LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 02-16-2012, 01:49 AM   #1
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 16

Rep: Reputation: Disabled
How to restrict facebook


How to block the some websites for the particular ip address in squid server.I am new to the squid server.Can any one guide me
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 02-16-2012, 01:56 AM   #2
EricTRA
Guru
 
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 18 with Awesome WM
Posts: 6,805
Blog Entries: 1

Rep: Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290Reputation: 1290
Hello,

You can use what's explained in this blog to block Facebook access for an entire LAN or specific IP.

Kind regards,

Eric
 
Old 02-16-2012, 02:07 AM   #3
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
i have created some lists like allowed.clients and restricte_sites are the files in the usr/local/etc/ path.I want to block the facebook for the particular ip addresses in the network.And i have to allow some websites to the particular user(Ip addresses)
 
Old 02-16-2012, 05:23 AM   #4
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
which distro are you using? here is a sample syntax

Code:
acl imp_people src 10.10.10.30
acl goodsites dstdomain .yahoo.com
http_access allow CONNECT goodsites
http_access allow  imp_people
https_access deny all
similarly you can block websites for few USERS

Last edited by deep27ak; 02-16-2012 at 05:35 AM.
 
Old 02-16-2012, 10:19 PM   #5
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
This is i am using in squid.cof file

#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webapp_port port 81
acl webapp_ip dst 10.1.7.21
acl CONNECT method CONNECT
#acl block_host src 192.168.1.200

acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
#acl badsites dstdomain "/usr/local/etc/restricted_sites"
acl isoft_net src 192.168.1.0/255.255.255.0
#acl badsites dstdomain "/usr/local/etc/restricted.site"

acl fb dstdomain .facebook.com

#http_access deny badsites
http_access allow isoft_net
http_access deny !allowed_clients fb
#http_access deny badsites
 
Old 02-16-2012, 11:52 PM   #6
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
to block facebook for few users

Code:
acl denied_users src 192.168.1.50 192.168.1.23
acl badsite dstdomain .facebook.com
http_access deny badsite
http_access allow all
http_access allow denied_users
 
Old 02-17-2012, 12:23 AM   #7
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
I have a small doubt if is place the denied ip address in a file .how to define in the squid file directory.

Ex:you have given me the ip address acl denied_users src 192.168.1.50 192.168.1.23
instead of that how to place all the ip address in one file .I want to block the some other sites also like hi5.com,orkut.com
 
Old 02-17-2012, 12:47 AM   #8
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
Code:
acl mynetwork src 192.168.1.0/24
http_access allow mynetwork
http_access deny all
mention all the IP address with special permission in the same place
Code:
acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users
or create a file in /etc/squid
Code:
#vi badsites.acl
.facebook.com
.yahoo.com
in squid.conf
Code:
acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites
 
1 members found this post helpful.
Old 02-17-2012, 01:08 AM   #9
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Hello,

Where should i define following code in squid.conf.
And remains details in the below squid.conf file.Can you conform.If anything goes wrong total internet will distrube.i create the badsites.acl file.Can you write the code in the below squid.conf file

acl mynetwork src 192.168.1.0/24
http_access allow mynetwork
http_access deny all

mention all the IP address with special permission in the same place
Code:

acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users

or create a file in /etc/squid
Code:

#vi badsites.acl
.facebook.com
.yahoo.com

in squid.conf
Code:

acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites


#############This is the present squid.conf file in the server,##############



[U]#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webapp_port port 81
acl webapp_ip dst 10.1.7.21
acl CONNECT method CONNECT
#acl block_host src 192.168.1.200

acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
#acl badsites dstdomain "/usr/local/etc/restricted_sites"
acl isoft_net src 192.168.1.0/255.255.255.0
#acl badsites dstdomain "/usr/local/etc/restricted.site"

acl fb dstdomain .facebook.com

#http_access deny badsites
http_access allow isoft_net
http_access deny !allowed_clients fb
#http_access deny badsites


##############################################################################3
 
Old 02-17-2012, 01:13 AM   #10
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
Show me your allowed.clients file

put the acl where other acls are mentioned
there is a section in squid.conf

Code:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
Code:
acl isoft_net src 192.168.1.0/255.255.255.0
http_access allow isoft_net


acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users

create a file in /etc/squid

#vi badsites.acl
.facebook.com
.yahoo.com

acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites
 
Old 02-17-2012, 01:32 AM   #11
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
Please check the files allowed.clients file under usr/local/etc/allowed.clients

192.168.1.17
192.168.1.6
192.168.1.55
 
Old 02-17-2012, 02:54 AM   #12
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
I have never tried working with putting all IPs in one file so I wont be able to help if that works
 
Old 02-17-2012, 03:17 AM   #13
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
I will try the above one which you guide me for the modify code in the squid.conf file.
 
Old 03-04-2012, 11:32 PM   #14
kanna411988
LQ Newbie
 
Registered: Feb 2012
Posts: 16

Original Poster
Rep: Reputation: Disabled
acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
acl Badsites dstdomain "/usr/local/etc/restricted_sites"
acl soft_net src 192.168.1.0/255.255.255.0
acl badsites dstdomain "/usr/local/etc/restricted.site"

In the allowed.clinets file i defined the ip address list 192.168.1.4 and 192.168.1.8

and restricted.site file defined that blocked for the remaing users


But it is not working still that users able to access the facebook and other sites
 
Old 03-04-2012, 11:53 PM   #15
deep27ak
Senior Member
 
Registered: Aug 2011
Location: Bangalore, India
Distribution: rhel 5x,6.0,6.2, centOS 5x,6.0,6.2
Posts: 1,188
Blog Entries: 4

Rep: Reputation: 219Reputation: 219Reputation: 219
Quote:
Originally Posted by kanna411988 View Post
acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
acl Badsites dstdomain "/usr/local/etc/restricted_sites"
acl soft_net src 192.168.1.0/255.255.255.0
acl badsites dstdomain "/usr/local/etc/restricted.site"

In the allowed.clinets file i defined the ip address list 192.168.1.4 and 192.168.1.8

and restricted.site file defined that blocked for the remaing users


But it is not working still that users able to access the facebook and other sites
check and compare the syntax you are using from the one I had posted
Code:
acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites
and I don't see any http_access syntax in your config file?
Now I can't go on and imagine your config file so it would be better if you post with all the related information
 
1 members found this post helpful.
  


Reply

Tags
proxy, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Facebook Etiquette floppywhopper General 1 09-28-2011 07:46 AM
Socialbox for Facebook jdtiede Linux - Software 1 06-11-2011 12:44 PM
Facebook and Twitter online-pharmacy General 21 12-12-2009 08:30 AM
How to block facebook?.. Winanjaya Linux - Security 3 11-30-2009 09:04 AM
LQ Facebook page gymnart LQ Suggestions & Feedback 8 07-29-2009 12:56 PM


All times are GMT -5. The time now is 03:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration