|
squid 2.6 not blocking sites even i entered ACL to block sites
Hi,
I configured proxy initially without blocking any sites....den i planned to block some site...i create some acl as below...but even i cont block the site...but my clients are connect net through my proxy only... "I'm using squid 2.6 stable version in fedora 8" #Squid normally listens to port 3128 http_port 192.168.1.100:3128 #Recommended minimum configuration acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT http_access allow manager localhost http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # Example rule allowing access from your local networks. Adapt # to list your (internal) IP networks from where browsing should # be allowed 631,12 13% acl our_networks src 192.168.1.0/24 192.168.2.0/24 #This is my network ip# http_access allow our_networks acl badsites dstdomain .tamilbeat.com acl restricted-sites dstdomain "/usr/local/etc/restricted-sites" # Restricted files present in this location # acl adult_sites url_regex -i sex adult hack crack casino gambl nude desibaba acl download_sites dstdomain "/usr/local/etc/download-sites" acl adult_sites url_regex -i "/usr/local/etc/restricted-domains" acl denyfiletypes url_regex -i .mp3$ .mpg$ .mpeg$ .mp2$ .avi$ .wmv$ .wma$ .ra$ .rm$ .mid$ .mov$ .asf$ .wav$ .dat$ .qt$ .snd$ .wm$ .asx$ .aiff$ .ogg$ .ram$ .au$ .exe$ acl block dstdomain walkincareers.com careerpluz.com jobsdream.com intervieweasy.com ecareer.org hamaraphotos.com ifilm.com janubaba.com moviegupshup.net bollywoodmantra.com bollywoodmovies.us bollywoodpremiere.com buzz18.com crickethighlights.com cricketlivelinks.com cricketnext.com cricketworlduplatest.com dgreetings.com z.com .mmy88.cn/ .gazzag.com .meebo.com .topproxysites.com .proxytopsite.com .topfreeproxy.com .proxy200.com .topproxies.info .gotoproxy.com .hotproxies.com .top-proxies.com .listofproxies.com .topproxylist.com .proxyring.com .lushdxb.com .birthdaytime.com .mobilemoney.com .kproxy.com .masalaguru.com .masalaindia.com .masalaforum.com .lbnlive.com .google.com/mail/ .movies.yahoo.com .orkut.com .raaga.com .timesjob.com .jobsahead.com .monster.com .jhoos.com .thecinema.in .clickjobs.com .6sos.com .123greetings.com .myfuncards.com .egreetings.com .fropper.com .maalaimalar.com .jeevansanthi.com .simplymarry.com .matrimonials.com .careerenclave.com .500papers.com .sgeek.com .lifepartnerindia.com .geekinterview.com .behindwoods.com .aboutjobs.com .timesmatri.com .cinemanow.com .match.com .xradio.com .puretracks.com .emusic.com .mixplay.com .43things.com .friendsmahal.com .jeevansanti.com .masalapunch.com .yourspic.com .shaadi.com .onlymasti.com .desihotmasala.com .techinterview.com .threenineconsulting.com .birthdayalarm.com .amateurmatch.com .actressphoto.com .indianactress.com .friednster.com .dinamalar.com .cricinfo.com .cricbuzz.com .xxx*.com .employment.com .sex*.com .*sex.com .jobstreet.com .sunporno.com .exploitedbabysitters.com .imlive.com .sapphicgirlmovies.com .drm-fetishes.com .sextracker.com .xxxoracle.com .pornmoviesparadise.com .sexlist.com .el-ladies.com .musicgiants.com .idiatimes.com .jobsinthemoney.com .insightexpressai.com .desibaba.com .dailythanthi.com .photobucket.com .sinekithan.com .puretamil.com .employmentguide.com .cyberbrowse.com .musicnet.com .movielink.com .songtouch.com .youtube.com .smashits.com .foxsports.com .interviewcorner.com .newinterviewquestions.com .songsforteaching.com .musicmatch.com .21.com .freelotto.com .desimartini.com # TAG: http_access # Allowing or Denying access based on defined access lists # And finally deny all other access to this proxy http_access allow localhost http_access deny badsites http_access deny adult_sites http_access deny download_sites http_access deny denyfiletypes http_access deny block http_access deny restricted-sites # And finally deny all other access to this proxy http_access deny all 561,27-33 12% ============================================================================ ============================================================================ #Iptables configuration# Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 : iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.100:3128 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 Note: here "eth0" has ip 192.168.1.100 ----> Lan ---> squid prxy configure in this ip only... and "eth1" has static ip ----> Internet ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Plz any one help me..how to block sites... |
the allow for our_networks will override everything below it. move it to the bottom above the deny all
|
| All times are GMT -5. The time now is 08:59 AM. |