Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Greetings. I am trying to prevent my users from getting to mail.google.com (Gmail). I use Google Apps for my domain so I want them to be able to access mail.google.com/a/mydomain.net.
I have IPTables set to transparently proxy all port 80 traffic. I also have it set to allow all traffic from lo and finally block all port 443 traffic.
If a user wants to get to port 443, they must point to my filter (Dansguardian on port 8080).
I added mail.google.com to my bannedsitelist and added mail.google.com/a/mydomain.net to exceptionurllist. When my users try to go to the later, they are banned.
I then tried to add mail.google.com and mail.google.com/mail to bannedurllist. When users tried to go to either of them they were blocked unless they used https.
Should I be using squid to block these? If so, an example would be terrific.
Greetings. I am trying to prevent my users from getting to mail.google.com (Gmail). I use Google Apps for my domain so I want them to be able to access mail.google.com/a/mydomain.net.
I have IPTables set to transparently proxy all port 80 traffic. I also have it set to allow all traffic from lo and finally block all port 443 traffic.
If a user wants to get to port 443, they must point to my filter (Dansguardian on port 8080).
I added mail.google.com to my bannedsitelist and added mail.google.com/a/mydomain.net to exceptionurllist. When my users try to go to the later, they are banned.
I then tried to add mail.google.com and mail.google.com/mail to bannedurllist. When users tried to go to either of them they were blocked unless they used https.
Should I be using squid to block these? If so, an example would be terrific.
Try it, and tell us what the log file says if it doesn't work.
EDIT: Please note that since Squid doesn't see an HTTPS URL (only the domain and port), one can't do regular expression matching on it. Therefore, the relevant line above is incorrect.
Thanks. I tried your sugestion, but it did not work. I can still get to https://mail.google.com
Mike
PS Log file has this in it if it helps...
1234456490.410 79 127.0.0.1 TCP_MISS/200 607 GET http://mail.google.com/ - DIRECT/74.125.45.18 text/html
1234456503.915 10134 127.0.0.1 TCP_MISS/200 6028 CONNECT www.google.com:443 - DIRECT/74.125.45.147 -
Thanks. I tried your sugestion, but it did not work. I can still get to https://mail.google.com
Mike
PS Log file has this in it if it helps...
1234456490.410 79 127.0.0.1 TCP_MISS/200 607 GET http://mail.google.com/ - DIRECT/74.125.45.18 text/html
1234456503.915 10134 127.0.0.1 TCP_MISS/200 6028 CONNECT www.google.com:443 - DIRECT/74.125.45.147 -
That's weird. Looks like mail.google.com is being allowed even though there is an ACL explicitly disallowing it. Could you post your entire squid.conf please? Use a command like this to strip the comments and empty lines:
I have tried many things... Crazy that over 4000 lines of code for this few lines of actual config... Comments help I guess...
Thanks for the help.
Mike
I just tried with your squid.conf file and it works mostly as expected for me. All I changed in your squid.conf was I added an access_log line in order to log access attempts. The result was:
-> https://mail.google.com/a/q3ait.org was denied. Looks like this fails because one gets redirected to the root directory at https://mail.google.com/ (which conflicts with the gmail ACL). Not sure at this point what a workaround for that would be. Regardless, you've got bigger fish to fry right now, as our Squid's are behaving differently with the same configurations.
https://mail.google.com/a/q3ait.org was denied. Looks like this fails because one gets redirected to the root directory at https://mail.google.com/ (which conflicts with the gmail ACL). Not sure at this point what a workaround for that would be.
Okay I seem to have found a workaround for this.
Basically, just use "www" instead of "mail" when accessing your app. So the whole thing could look like:
EDIT: Please note that since Squid doesn't see an HTTPS URL (only the domain and port), one can't do regular expression matching on it. Therefore, the relevant line above is incorrect.
Now I think I have a different problem. When I try to install software (in kubuntu/ubuntu) using apt-get, I get errors...
Code:
Err http://us.archive.ubuntu.com intrepid-updates/main konversation 1.1-0ubuntu2.1
400 Bad Request [IP: 91.189.88.45 80]
Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/k/konversation/konversation_1.1-0ubuntu2.1_i386.deb 400 Bad Request [IP: 91.189.88.45 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
I wonder if this is because apt is trying to go to an IP?
Now I think I have a different problem. When I try to install software (in kubuntu/ubuntu) using apt-get, I get errors...
Code:
Err http://us.archive.ubuntu.com intrepid-updates/main konversation 1.1-0ubuntu2.1
400 Bad Request [IP: 91.189.88.45 80]
Failed to fetch http://us.archive.ubuntu.com/ubuntu/pool/main/k/konversation/konversation_1.1-0ubuntu2.1_i386.deb 400 Bad Request [IP: 91.189.88.45 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
I wonder if this is because apt is trying to go to an IP?
Any ideas?
I don't know, although the error message is recommending that you run "apt-get update" to see if it helps. That said, please use a separate thread for this new, unrelated issue.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.