Go Job Hunting at the LQ Job Marketplace
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 01-08-2009, 04:06 AM   #1
LQ Newbie
Registered: Sep 2008
Posts: 5

Rep: Reputation: 0
Question squid 2.6 not blocking sites even i entered ACL to block sites


I configured proxy initially without blocking any sites....den i planned to block some site...i create some acl as below...but even i cont block the site...but my clients are connect net through my proxy only...

"I'm using squid 2.6 stable version in fedora 8"
#Squid normally listens to port 3128


#Recommended minimum configuration

acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports

http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports

http_access deny CONNECT !SSL_ports


# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
631,12 13%

acl our_networks src #This is my network ip#
http_access allow our_networks

acl badsites dstdomain

acl restricted-sites dstdomain "/usr/local/etc/restricted-sites" # Restricted files present in this location #

acl adult_sites url_regex -i sex adult hack crack casino gambl nude desibaba
acl download_sites dstdomain "/usr/local/etc/download-sites"
acl adult_sites url_regex -i "/usr/local/etc/restricted-domains"
acl denyfiletypes url_regex -i .mp3$ .mpg$ .mpeg$ .mp2$ .avi$ .wmv$ .wma$ .ra$ .rm$ .mid$ .mov$ .asf$ .wav$ .dat$ .qt$ .snd$ .wm$ .asx$ .aiff$ .ogg$ .ram$ .au$ .exe$
acl block dstdomain .xxx*.com .sex*.com .*
# TAG: http_access
# Allowing or Denying access based on defined access lists
# And finally deny all other access to this proxy

http_access allow localhost
http_access deny badsites

http_access deny adult_sites

http_access deny download_sites
http_access deny denyfiletypes
http_access deny block
http_access deny restricted-sites

# And finally deny all other access to this proxy

http_access deny all
561,27-33 12%


#Iptables configuration#

Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128


here "eth0" has ip ----> Lan ---> squid prxy configure in this ip only...

and "eth1" has static ip ----> Internet

Plz any one help to block sites...
Old 01-08-2009, 04:17 AM   #2
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971Reputation: 1971
the allow for our_networks will override everything below it. move it to the bottom above the deny all



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid to block all the sites except 1 or 2 sites winxandlinx Linux - Networking 8 10-27-2010 02:53 AM
Squid (Blocking tunneling sites) suhas! Linux - Server 4 03-30-2007 02:41 PM
squid url_regex is not blocking the sites nsampath Linux - Server 3 03-29-2007 05:04 AM
Squid Error while blocking sites winxandlinx Linux - Networking 15 06-29-2006 08:32 AM
controlling access through squid( blocking all sites except for one) jomy Linux - Networking 1 12-15-2004 06:27 AM

All times are GMT -5. The time now is 12:46 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration