How to block urls for specific ip in squid

Hi,

I want to block some urls (yahoomail,gmail

Hi,

I am using squid 2 as my proxy. I want to block the urls (yahoo mail, gmail) only for some systems in the network.
How can i do this in squid

Can any one help me.

Quote:

Originally Posted by addipolli Hi, I am using squid 2 as my proxy. I want to block the urls (yahoo mail, gmail) only for some systems in the network. How can i do this in squid Can any one help me.

it's basically three steps:

1 - make an ACL for the subnet/range you want to block the URL from...

2 - make an ACL for the URLs you wish to block...

3 - create an "http_access deny" rule using those two ACLs...

for example:

Code:

acl banned_clients src 192.168.12.0/255.255.255.0
acl sucky_url dstdomain .microsoft.com
http_access deny banned_clients sucky_url

that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com...

here's another example:

Code:

acl banned_clients src 192.168.12.12-192.168.12.65
acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com
http_access deny banned_clients sucky_urls

that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...

within squid you can just use the dstdomain directive in an acl to deny domains.

Code:

acl DSTDOMAIN dstdomain .deny.com
http_access deny DSTDOMAIN

To the OP: posting a question twice in a row with an interval of n minutes verges on the edge of spamming. Please be more careful. TIA

Quote:

Originally Posted by win32sux it's basically three steps: 1 - make an ACL for the subnet/range you want to block the URL from... 2 - make an ACL for the URLs you wish to block... 3 - create an "http_access deny" rule using those two ACLs... for example: Code: acl banned_clients src 192.168.12.0/255.255.255.0 acl sucky_url dstdomain .microsoft.com http_access deny banned_clients sucky_url that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com... here's another example: Code: acl banned_clients src 192.168.12.12-192.168.12.65 acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com http_access deny banned_clients sucky_urls that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...

It worked & Thankyou very much

Quote:

Originally Posted by win32sux it's basically three steps: 1 - make an ACL for the subnet/range you want to block the URL from... 2 - make an ACL for the URLs you wish to block... 3 - create an "http_access deny" rule using those two ACLs... for example: Code: acl banned_clients src 192.168.12.0/255.255.255.0 acl sucky_url dstdomain .microsoft.com http_access deny banned_clients sucky_url that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com... here's another example: Code: acl banned_clients src 192.168.12.12-192.168.12.65 acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com http_access deny banned_clients sucky_urls that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...

Hi win32sux
Thanx for your steps which u have posted actually i was also searchinig this type of configuration. But i have little problem hope u may favour me, actually i'm new in linux and having no experiance. so could u tell me where i have to edit these steps in squid.conf file actually i have check in "ACCESS CONTROL" but i have found no such thing in it only this line was mention something like this in access controls ie:
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR
# CLIENTS
#
http_access deny all

In above lines where i have to edit ur steps. Please assist me.

Thanx
CJ Cheema
mail me: cj_cheema@hotmail.com

Quote:

Originally Posted by cj_cheema Hi win32sux Thanx for your steps which u have posted actually i was also searchinig this type of configuration. But i have little problem hope u may favour me, actually i'm new in linux and having no experiance. so could u tell me where i have to edit these steps in squid.conf file actually i have check in "ACCESS CONTROL" but i have found no such thing in it only this line was mention something like this in access controls ie: #Default configuration: http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR # CLIENTS # http_access deny all In above lines where i have to edit ur steps. Please assist me. Thanx CJ Cheema mail me: cj_cheema@hotmail.com

insert the http_access rule right there in the part where it says "INSERT YOUR OWN RULES HERE" (right before the "http_access deny all"... then find the ACL section further-up and append your ACLs to the end of that section... i'd also recommend getting-rid of all the comments to make editing the file easier...

Quote:

Originally Posted by win32sux insert the http_access rule right there in the part where it says "INSERT YOUR OWN RULES HERE" (right before the "http_access deny all"... then find the ACL section further-up and append your ACLs to the end of that section... i'd also recommend getting-rid of all the comments to make editing the file easier...

Hi Win32sux

thanx for ur assistance. Now it is working.

Thanx again

Regards
CJ Cheema

Hi Pals,
Is there a option to create a file for block list and that can be linked to squid.conf. So whenever i want to add a site name in block list i can edit that external file and will be easy to handle....

Quote:

Originally Posted by korexmohan Hi Pals, Is there a option to create a file for block list and that can be linked to squid.conf. So whenever i want to add a site name in block list i can edit that external file and will be easy to handle....

Yes. Go to the ACL section of the Squid FAQ. Then, click on I want to put ACL parameters in an external file. That shows you how to do it. That said, please don't resurrect dead threads. And please do some searching before posting questions. I know for a fact this question has been asked, answered, and discussed several times here on LQ. Thread closed.