LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 08-05-2009, 11:21 AM   #1
rashid_47010
LQ Newbie
 
Registered: Nov 2004
Location: Saudi Arabia
Distribution: CentOS/Fedora
Posts: 27

Rep: Reputation: 16
restrict users to bypass the squid proxy server


Hi

I want to restrict users to bypass the proxy...
from where I can restrict users to bypass the proxy means which file I have to amend.............
 
Old 08-05-2009, 11:33 AM   #2
rashid_47010
LQ Newbie
 
Registered: Nov 2004
Location: Saudi Arabia
Distribution: CentOS/Fedora
Posts: 27

Original Poster
Rep: Reputation: 16
[root@localhost /]# vi rc.nat

iptables -A INPUT -p tcp --dport 25 -m state --state NEW -j ACCEPT # forward POP traffic
iptables -A INPUT -p tcp --dport 110 -m state --state NEW -j ACCEPT # forward POP traffic

#iptables -P FORWARD DROP # don't know about this line function please guide

#iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT # don't know about this line function please guide

#iptables -A FORWARD -i $eth1 -o $eth0 -m state --state NEW \-m mac --mac-source 00-15-B7-33-6A-57 -j ACCEPT
# bypass Squid for defined MAC

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port # To redirect the Port 80 traffic to squid
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.33.4:3128


#iptables -I INPUT -m mac --mac-source 00-15-B7-33-6A-57 -j DROP # Sample statement for droping specific mac address

#iptables -I INPUT -m mac --mac-source 00-15-B7-33-6A-57 -j ACCEPT # Sample statement for Accpet specific mac address

#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE # every request should go throught the iptables

#iptables -A FORWARD -p TCP --dport 5000-5001 -j DROP #block Yahoo voice chat
iptables -A FORWARD -p TCP --dport 1863 -j DROP # block MSN Messanger
iptables -A FORWARD -d 207.46.110.0 -j DROP # block MSN Messanger
iptables -A FORWARD -d 207.46.104.20 -j DROP # block MSN Messanger

iptables -A INPUT -j DROP -p tcp --destination-port 80 -i eth0 # try to drop port 80 traffic through this line
#iptables -A INPUT -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line

#iptables -I FORWARD 1 -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line
#iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DROP # try to drop port 80 traffic through this line

####### I am not sure which one line is correct to drop/reject the port 80 traffic I used these lines because after running this script users can bypass the proxy....... which I dont want#######################3
 
Old 08-05-2009, 11:35 AM   #3
rashid_47010
LQ Newbie
 
Registered: Nov 2004
Location: Saudi Arabia
Distribution: CentOS/Fedora
Posts: 27

Original Poster
Rep: Reputation: 16
In the result of all these lines
I got this message on client computer in IE under no configuration of Proxy

ERROR
The requested URL could not be retrieved

While trying to process the request:

GET / HTTP/1.1
Host: www.google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PREF=ID=cfc5d3a62e06a3e0:TM=1249471994:LM=1249471994:S=SziEiSVgRNcnlDFQ



The following error was encountered:

* Invalid Request

Some aspect of the HTTP Request is invalid. Possible problems:

* Missing or unknown request method
* Missing URL
* Missing HTTP Identifier (HTTP/1.0)
* Request is too large
* Content-Length missing for POST or PUT requests
* Illegal character in hostname; underscores are not allowed

Your cache administrator is root.
Generated Wed, 05 Aug 2009 14:56:41 GMT by localhost.localdomain (squid/2.6.STABLE16)



#####IS IT POSSIBLE TO AMEND THIS MESSAGE ACCOURDING TO MY NEEDS......########################
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid proxy (1): how to restrict the files above 2MB -- please help me b:z Linux - Networking 8 04-22-2010 03:41 AM
To restrict maximum download file size in Squid proxy satishap Linux - Security 3 05-23-2008 03:09 AM
How to bypass proxy auth using squid sixth_sense Linux - Networking 7 09-20-2007 07:43 PM
Using iptables to bypass squid proxy for a specific domain jcopley Linux - Security 3 07-18-2007 01:50 PM
Restrict users to browse in Squid. sapheroth Linux - Networking 2 09-30-2006 04:42 AM


All times are GMT -5. The time now is 10:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration