LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   Need help with Squid and capturing url traffic? (https://www.linuxquestions.org/questions/linux-software-2/need-help-with-squid-and-capturing-url-traffic-331385/)

atl02wrx 06-07-2005 09:21 PM
Need help with Squid and capturing url traffic?
 
I would like to know if this is possible...

I have Squid setup to allow access to only specific web sites. What I would like to be able to do is if they type in something like linuxquestions.org have it automatically return them to our department's web page.

So regardless of what url is typed in the browser, I want them to see the department page unless it's a site on the allowed list.

win32sux 06-25-2005 11:53 AM
squid can't do this internally... you need to use a redirector script...

the script would be called from within the squid.conf file with the tag:
Code:
redirect_program
here's the relevant info from the squid.conf.default file:
Quote:
# TAG: redirect_program
# Specify the location of the executable for the URL redirector.
# Since they can perform almost any function there isn't one included.
# See the FAQ (section 15) for information on how to write one.
# By default, a redirector is not used.
#
#Default:
# none

# TAG: redirect_children
# The number of redirector processes to spawn. If you start
# too few Squid will have to wait for them to process a backlog of
# URLs, slowing it down. If you start too many they will use RAM
# and other system resources.
#
#Default:
# redirect_children 5

# TAG: redirect_rewrites_host_header
# By default Squid rewrites any Host: header in redirected
# requests. If you are running an accelerator this may
# not be a wanted effect of a redirector.
#
#Default:
# redirect_rewrites_host_header on

# TAG: redirector_access
# If defined, this access list specifies which requests are
# sent to the redirector processes. By default all requests
# are sent.
#
#Default:
# none
here's section 15 of the squid FAQ: http://www.squid-cache.org/Doc/FAQ/FAQ-15.html

there's an example perl script there... i've never written a redirect script, but it doesn't seem to be very complicated... and for a solution as simple as the one you are trying to implement it would probably be trivial...

just my :twocents:...

everal 06-25-2005 02:02 PM
All you need is snort :-)
 
Hey,


Give a look at

www.snort.org


It is a lot of work, and I don't know how much you need to control your trafic, but if you have 5 minutes to spend, you can see the snort website

win32sux 06-25-2005 02:06 PM
Re: All you need is snort :-)
 
Quote:
Originally posted by everal
Give a look at

www.snort.org


It is a lot of work, and I don't know how much you need to control your trafic, but if you have 5 minutes to spend, you can see the snort website
ummm, snort has absolutely nothing to do with his question... :confused:

everal 06-25-2005 03:58 PM
But it could be
 
From Snort web faq:

//
5.12 How can I use Snort to log HTTP URLs or SMTP traffic?

It can be done with Snort, but you might find it faster to use mailsnarf and urlsnarf from Dug Song's dsniff package. Dsniff is available from:

//

There are some threads in this forum about how to block or re-direct things like msmessanger or orkut.

You can't do it just with squid / iptable. (orkut yes, but not msmessanger)

More then one suggested snort would help.


What are he trying to redirect? I'd say use iptable, it is simple. But if is it something like msmessenger?

I suggested snort.

Excuse if this is a little more then he possibly asked, but it is not completly wrong. And maybe it is even necessary.

win32sux 06-25-2005 05:36 PM
i have created a simple perl script to reach atl02wrx's goal using the example in section 15 of the squid FAQ...

Code:
DISCLAIMER: i am in NO WAY a coder so don't take this as
anything more than a PROOF OF CONCEPT script...
having said that, i actually tested the script somewhat on my squid 2.5 (stable10) box and it seems to work fine - AFAIK it does what it's supposed to do...

the example i've posted will allow users to connect ONLY to these HTTP sites:

- directory.google.com

- www.google.com

- news.google.com

- maps.google.com

if any other URL is entered, the user will be redirected to http://directory.google.com

to install it i just saved the script as /var/squid/example.pl, made it executable, made it owned by the squid user, and added this line to my squid.conf:
Code:
redirect_program /var/squid/example.pl
of course then i reconfigured squid with a:
Code:
squid -k reconfigure

here's the script:
Code:
#!/usr/bin/perl
$|=1;
        while (<>) {
                @X = split;
                $url = $X[0];

                if ($url =~ /^http:\/\/directory\.google\.com/) {
                        print "$url\n";
                }

                elsif ($url =~ /^http:\/\/www\.google\.com/) {
                        print "$url\n";
                }

                elsif ($url =~ /^http:\/\/news\.google\.com/) {
                        print "$url\n";
                }

                elsif ($url =~ /^http:\/\/maps\.google\.com/) {
                        print "$url\n";
                }

                else {
                        print "302:http:\/\/directory\.google\.com\n";
                }
            }


All times are GMT -5. The time now is 05:25 AM.