LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Red Hat (https://www.linuxquestions.org/questions/red-hat-31/)
-   -   Help with acls in squid! (https://www.linuxquestions.org/questions/red-hat-31/help-with-acls-in-squid-795081/)

pappupolyster 03-13-2010 12:04 AM
Help with acls in squid!
 
Hello everyone! I've been into Linux OS for last one year and I'm using RHEL 5.3 I've been able to configure squid, wherein i've blocked a single site. But now i want to use a file where I've added the list of sites which needs to be blocked. I have tried adding the following line under squid config file and restarted the service.
acl blocksites url_regex "/etc/squid/squid_block_urls"
and then
http_access deny blocksites

I configured my web browser to use squid but am still able to access all the blocked websites. Please help me out. Am i doing something wrong here. Its very urgent.

Lexus45 03-13-2010 01:14 AM
Hi !

This is a part of my working .conf file (so, I posted only the most important lines and marked with green the lines which you have to add).

The text files with URL's/words (regular expressions) are in /etc/sqid/lists/ , tne URL/word (regular expression) per line.

Code:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl MANAGER proto cache_object
acl LOCALHOST src 127.0.0.1/32
acl TO_LOCALHOST dst 127.0.0.0/8

acl LOCALNET src 10.84.27.0/24

acl BLOCK_DSTDOMAIN dstdomain "/etc/squid/lists/block_dstdomain.txt"
acl BLOCK_DSTDOM_REGEX dstdom_regex "/etc/squid/lists/block_dstdom_regex.txt"
acl IP_DST_BLOCK dst "/etc/squid/lists/ip_dst_block.txt"

http_access deny IP_DST_BLOCK
http_access deny BLOCK_DSTDOM_REGEX
http_access deny BLOCK_DSTDOMAIN

http_access allow LOCALNET
http_access allow LOCALHOST
http_access allow SSL_ports

# And finally deny all other access to this proxy
http_access deny all
And this is a part of /etc/squid/lists/block_dstdomain.txt
Code:
.bezlimita.net
.codecs.com
.codecs.ru
.cyberfiles.ru
.cybermusic.ru
.depositfiles.com
.depositfiles.ru
.desksoft.com
.gameforge.de
.gigapeta.com
.gnezdo.ru
.homexxxru.com
And this is my /etc/squid/lists/block_dstdom_regex.txt
Code:
adult
codec
codecs
love
porno
rapidshare
sex
torrent
tube
varez
warez
P.S.: if you'd like to differentiate access from different computers of your LAN, you have to create one more ACL, say
Code:
acl VIP src 10.84.27.4 10.84.27.20 10.84.27.21 10.84.27.22 10.84.27.23
and create rules for it
Code:
http_access allow VIP BLOCK_DSTDOMAIN
http_access allow VIP BLOCK_DSTDOM_REGEX
http_access allow VIP IP_DST_BLOCK
Important!
You must place these rules above the denying rules:
Code:

http_access allow VIP IP_DST_BLOCK
http_access allow VIP BLOCK_DSTDOM_REGEX
http_access allow VIP BLOCK_DSTDOMAIN


http_access deny IP_DST_BLOCK
http_access deny BLOCK_DSTDOM_REGEX
http_access deny BLOCK_DSTDOMAIN
Heve fun :-)

pappupolyster 03-14-2010 12:12 PM
Thanks a lot. I'll try that asap.


All times are GMT -5. The time now is 07:59 PM.