LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices

Reply
 
Search this Thread
Old 03-13-2010, 12:04 AM   #1
pappupolyster
LQ Newbie
 
Registered: Jan 2009
Posts: 9

Rep: Reputation: 0
Unhappy Help with acls in squid!


Hello everyone! I've been into Linux OS for last one year and I'm using RHEL 5.3 I've been able to configure squid, wherein i've blocked a single site. But now i want to use a file where I've added the list of sites which needs to be blocked. I have tried adding the following line under squid config file and restarted the service.
acl blocksites url_regex "/etc/squid/squid_block_urls"
and then
http_access deny blocksites

I configured my web browser to use squid but am still able to access all the blocked websites. Please help me out. Am i doing something wrong here. Its very urgent.
 
Old 03-13-2010, 01:14 AM   #2
Lexus45
Member
 
Registered: Jan 2010
Location: Kurgan, Russia
Distribution: Slackware, Ubuntu
Posts: 339
Blog Entries: 3

Rep: Reputation: 47
Hi !

This is a part of my working .conf file (so, I posted only the most important lines and marked with green the lines which you have to add).

The text files with URL's/words (regular expressions) are in /etc/sqid/lists/ , tne URL/word (regular expression) per line.

Code:
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl MANAGER proto cache_object
acl LOCALHOST src 127.0.0.1/32
acl TO_LOCALHOST dst 127.0.0.0/8

acl LOCALNET src 10.84.27.0/24

acl BLOCK_DSTDOMAIN dstdomain "/etc/squid/lists/block_dstdomain.txt"
acl BLOCK_DSTDOM_REGEX dstdom_regex "/etc/squid/lists/block_dstdom_regex.txt"
acl IP_DST_BLOCK dst "/etc/squid/lists/ip_dst_block.txt"

http_access deny IP_DST_BLOCK
http_access deny BLOCK_DSTDOM_REGEX
http_access deny BLOCK_DSTDOMAIN

http_access allow LOCALNET
http_access allow LOCALHOST
http_access allow SSL_ports

# And finally deny all other access to this proxy
http_access deny all
And this is a part of /etc/squid/lists/block_dstdomain.txt
Code:
.bezlimita.net
.codecs.com
.codecs.ru
.cyberfiles.ru
.cybermusic.ru
.depositfiles.com
.depositfiles.ru
.desksoft.com
.gameforge.de
.gigapeta.com
.gnezdo.ru
.homexxxru.com
And this is my /etc/squid/lists/block_dstdom_regex.txt
Code:
adult
codec
codecs
love
porno
rapidshare
sex
torrent
tube
varez
warez
P.S.: if you'd like to differentiate access from different computers of your LAN, you have to create one more ACL, say
Code:
acl VIP src 10.84.27.4 10.84.27.20 10.84.27.21 10.84.27.22 10.84.27.23
and create rules for it
Code:
http_access allow VIP BLOCK_DSTDOMAIN
http_access allow VIP BLOCK_DSTDOM_REGEX
http_access allow VIP IP_DST_BLOCK
Important!
You must place these rules above the denying rules:
Code:

http_access allow VIP IP_DST_BLOCK
http_access allow VIP BLOCK_DSTDOM_REGEX
http_access allow VIP BLOCK_DSTDOMAIN


http_access deny IP_DST_BLOCK
http_access deny BLOCK_DSTDOM_REGEX
http_access deny BLOCK_DSTDOMAIN
Heve fun :-)

Last edited by Lexus45; 03-13-2010 at 01:25 AM.
 
Old 03-14-2010, 12:12 PM   #3
pappupolyster
LQ Newbie
 
Registered: Jan 2009
Posts: 9

Original Poster
Rep: Reputation: 0
Thanks a lot. I'll try that asap.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Check It ??Squid ACLS to Block Files for Specific Domain and to Spefic IP farrukhndm Linux - Server 0 12-06-2008 12:41 AM
help with permissions without using ACLs ehco2121 Linux - Newbie 1 02-09-2008 06:07 PM
squid acls ikinnu Linux - Networking 2 08-25-2007 04:24 PM
SQUID - seperate ACLs fr different user groups? HCBLinux Linux - Networking 0 01-30-2004 02:21 PM
SQUID - seperate ACLs fr different user groups? HCBLinux Linux - Networking 0 01-30-2004 10:20 AM


All times are GMT -5. The time now is 01:20 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration