LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 03-06-2007, 05:34 AM   #1
pankajkarde
Member
 
Registered: Jan 2007
Posts: 41

Rep: Reputation: 15
Question squid (proxy)server problem


hi friends,
i have installed REDHAT centos on my server.i set up the squid-2.5 STABLE as a proxy server on it.Now i have blocked many sites using this proxy server.but from the client side , if anyone access the site using the ip address of respective site, then client can aess the site easily.
i.e i have blocked yahoo.com using the proxy server, but suppose ip of yahoo.com is 69.143.23.44 and if client want to access the yahoo.com then he can easily access using http://69.143.23.44 .
i want the sites which i have blocked using proxy server should not be accessed using their respective ip address also.
will u please help me to solve this problem?
 
Old 03-09-2007, 02:30 AM   #2
jimbo1954
Member
 
Registered: Oct 2006
Location: High Wycombe, Bucks, UK.
Distribution: Debian and Fedora Core in equal measure
Posts: 255

Rep: Reputation: 33
You need to set up your IPTables (probably using some firewall manager like shorewall) to redirect all port 80 (http) traffic to another port (generally 3128), then make Squid listen on 3128. You also have to set up squid as "transparent" (there are two different ways of doing this, depending on the version of squid you are using, see comments in /etc/squid.conf).

There are loads of howtos in google, try searching "squid transparent howto"

HTH
Jimbo
 
Old 03-09-2007, 05:36 AM   #3
shawnbishop
Member
 
Registered: Dec 2005
Location: South Africa
Distribution: CentOS,Ubuntu,Fedora
Posts: 249

Rep: Reputation: 30
Hi

This is rather difficult, as some of the most popular websites actually have a number of IP addresses, eg , hotmail has 6 IP addresses

but...

Squid will in such case reverse lookup IP addresses, but this only works
when the IP is registered as the name of the site..

To fully block access to specific IP addresses you can use the "dst"
type ACL.

Cheers
 
Old 03-09-2007, 11:53 AM   #4
deoren
Member
 
Registered: Oct 2003
Location: USA
Distribution: Ubuntu
Posts: 214

Rep: Reputation: 30
If you do not want your squid proxy users to use ip addresses in their requests do the following:

Code:
acl IPForHostname dstdom_regex ~[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
http_access deny IPForHostname
Just make sure to include that before the usual allow rules.

I can't take credit for that as I found it in the O'Reilly 'Squid book'
 
Old 03-09-2007, 10:25 PM   #5
pankajkarde
Member
 
Registered: Jan 2007
Posts: 41

Original Poster
Rep: Reputation: 15
Thumbs up

thank you very much,
the solution provided by you really worked fine and now i can easily restrict the users who tries to access sites by putting the ipaddress in the url.
 
Old 03-11-2007, 03:43 PM   #6
jimbo1954
Member
 
Registered: Oct 2006
Location: High Wycombe, Bucks, UK.
Distribution: Debian and Fedora Core in equal measure
Posts: 255

Rep: Reputation: 33
D'Oh!

Sorry Guys, I got the completely wrong end of the question...embarrassed or what? Thanks to the other contributors for not saying what a *complete* mess I made of that.


Jimbo
 
  


Reply

Tags
filter, ipaddress, squid


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 11:25 AM
proxy server using squid j0hnd0e Linux - Server 1 10-19-2006 12:05 AM
Squid Proxy server help win2Linux Linux - Server 3 09-03-2006 09:53 AM
squid proxy server msound Linux - Networking 4 06-01-2005 11:59 AM
squid proxy server cmardhekar Linux - Newbie 0 09-29-2001 05:34 AM


All times are GMT -5. The time now is 08:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration