LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 06-07-2005, 09:21 PM   #1
atl02wrx
LQ Newbie
 
Registered: Jun 2005
Location: Atlanta, GA
Posts: 2

Rep: Reputation: 0
Need help with Squid and capturing url traffic?


I would like to know if this is possible...

I have Squid setup to allow access to only specific web sites. What I would like to be able to do is if they type in something like linuxquestions.org have it automatically return them to our department's web page.

So regardless of what url is typed in the browser, I want them to see the department page unless it's a site on the allowed list.
 
Old 06-25-2005, 11:53 AM   #2
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
squid can't do this internally... you need to use a redirector script...

the script would be called from within the squid.conf file with the tag:
Code:
redirect_program
here's the relevant info from the squid.conf.default file:
Quote:
# TAG: redirect_program
# Specify the location of the executable for the URL redirector.
# Since they can perform almost any function there isn't one included.
# See the FAQ (section 15) for information on how to write one.
# By default, a redirector is not used.
#
#Default:
# none

# TAG: redirect_children
# The number of redirector processes to spawn. If you start
# too few Squid will have to wait for them to process a backlog of
# URLs, slowing it down. If you start too many they will use RAM
# and other system resources.
#
#Default:
# redirect_children 5

# TAG: redirect_rewrites_host_header
# By default Squid rewrites any Host: header in redirected
# requests. If you are running an accelerator this may
# not be a wanted effect of a redirector.
#
#Default:
# redirect_rewrites_host_header on

# TAG: redirector_access
# If defined, this access list specifies which requests are
# sent to the redirector processes. By default all requests
# are sent.
#
#Default:
# none
here's section 15 of the squid FAQ: http://www.squid-cache.org/Doc/FAQ/FAQ-15.html

there's an example perl script there... i've never written a redirect script, but it doesn't seem to be very complicated... and for a solution as simple as the one you are trying to implement it would probably be trivial...

just my ...
 
Old 06-25-2005, 02:02 PM   #3
everal
Member
 
Registered: Nov 2004
Location: Zona Leste, Sao Paulo, Brazil, South America, Milk Way
Distribution: Slackware 10.1
Posts: 139

Rep: Reputation: 16
All you need is snort :-)

Hey,


Give a look at

www.snort.org


It is a lot of work, and I don't know how much you need to control your trafic, but if you have 5 minutes to spend, you can see the snort website
 
Old 06-25-2005, 02:06 PM   #4
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
Re: All you need is snort :-)

Quote:
Originally posted by everal
Give a look at

www.snort.org


It is a lot of work, and I don't know how much you need to control your trafic, but if you have 5 minutes to spend, you can see the snort website
ummm, snort has absolutely nothing to do with his question...
 
Old 06-25-2005, 03:58 PM   #5
everal
Member
 
Registered: Nov 2004
Location: Zona Leste, Sao Paulo, Brazil, South America, Milk Way
Distribution: Slackware 10.1
Posts: 139

Rep: Reputation: 16
But it could be

From Snort web faq:

//
5.12 How can I use Snort to log HTTP URLs or SMTP traffic?

It can be done with Snort, but you might find it faster to use mailsnarf and urlsnarf from Dug Song's dsniff package. Dsniff is available from:

//

There are some threads in this forum about how to block or re-direct things like msmessanger or orkut.

You can't do it just with squid / iptable. (orkut yes, but not msmessanger)

More then one suggested snort would help.


What are he trying to redirect? I'd say use iptable, it is simple. But if is it something like msmessenger?

I suggested snort.

Excuse if this is a little more then he possibly asked, but it is not completly wrong. And maybe it is even necessary.
 
Old 06-25-2005, 05:36 PM   #6
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
i have created a simple perl script to reach atl02wrx's goal using the example in section 15 of the squid FAQ...

Code:
DISCLAIMER: i am in NO WAY a coder so don't take this as
anything more than a PROOF OF CONCEPT script...
having said that, i actually tested the script somewhat on my squid 2.5 (stable10) box and it seems to work fine - AFAIK it does what it's supposed to do...

the example i've posted will allow users to connect ONLY to these HTTP sites:

- directory.google.com

- www.google.com

- news.google.com

- maps.google.com

if any other URL is entered, the user will be redirected to http://directory.google.com

to install it i just saved the script as /var/squid/example.pl, made it executable, made it owned by the squid user, and added this line to my squid.conf:
Code:
redirect_program /var/squid/example.pl
of course then i reconfigured squid with a:
Code:
squid -k reconfigure

here's the script:
Code:
#!/usr/bin/perl
$|=1;
        while (<>) {
                @X = split;
                $url = $X[0];

                if ($url =~ /^http:\/\/directory\.google\.com/) {
                        print "$url\n";
                }

                elsif ($url =~ /^http:\/\/www\.google\.com/) {
                        print "$url\n";
                }

                elsif ($url =~ /^http:\/\/news\.google\.com/) {
                        print "$url\n";
                }

                elsif ($url =~ /^http:\/\/maps\.google\.com/) {
                        print "$url\n";
                }

                else {
                        print "302:http:\/\/directory\.google\.com\n";
                }
            }

Last edited by win32sux; 06-26-2005 at 06:52 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Wildcard URL filters for Squid ? newbieA Linux - Software 2 06-23-2009 12:45 AM
excluding url cached by squid ilnli Linux - Software 1 11-02-2005 04:03 AM
Can I route web traffic to 2 different hosts based on URL under 1 IP Address? Marshalle Linux - Networking 5 05-14-2005 03:02 AM
Squid URL list linuxeagle Linux - Networking 2 05-12-2004 02:25 PM
url filtering using Squid RajaRC Red Hat 1 11-07-2003 07:21 AM


All times are GMT -5. The time now is 09:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration