Ubuntu 8.04: Transparent proxy using squid working but block domain not working
I have successfully set my transparent proxy using squid and one nic. I also set to block some domain using dstdomain but my client still able to access blocked domain. I wonder why... Here is my squid.conf
Quote:
Quote:
Please help me... |
Just my 2cents.
The config looks okay to me. Did you hit the full url as specified in the blockeddomain.txt when testing to see if squid blocks? Is it blocked when you access the blocked domains as specified in the txt file? I think it is better to put .example.com in the txt file, it should block all subdomain of example.com as well. |
Quote:
Quote:
Is it because the my network structure ? I have the following structure : Client PC --> Hub A --> Modem A --> Internet Squid PC ---/ Client PC (192.168.1.3) and Squid PC (192.168.1.2) connect to a Switch/Hub, the switch/hub connect to the Modem/Router (192.168.1.1) than connect to the internet. The client PC Gateway goes to Squid PC IP. The Squid PC Gateway goes to Modem/Router IP. |
Did you forward all http traffic to Squid server port 3128?
http://www.cyberciti.biz/tips/linux-...uid-howto.html |
Yes... But still the blocking is not working...
I did this : Code:
$ sudo iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-port 3128 |
Quote:
Firstly, let's not use transparent proxy first, have the client PC web broswer settings to point to the Squid PC first. Try to access the Internet on client PC and check the logs on the squid pc, to see if the proxy is working first. |
Quote:
But... Seem I found the problem. I didn't know that iptables rules are temporary... I restarted the server and it didn't work, but after I rerun the iptables again, than the blocking is work... Than case is closed :D Sorry to confuse you... Another question... Is it possible to redirect the error page ? I don't want my client PC to see plain text access denied page... I want to show something more nice :D |
Yeah it is possible to show the customized error page. You will need to change the page /etc/squid/errors/ERR_ACCESS_DENIED page to something that you need. Or create the new page and insert it in squid configuration file.
|
Quote:
I'll use squidGuard... Everything's now working as expected. Problem Solved. Thread Closed. |
Ubuntu 8.10 Squid Questions
Hi,
I am going to implement squid on my Ubuntu 8.10 with only on nic. Please tell me something, On your architecture, could your client PCs connect to Internet directly, ignoring the proxy ? My network is something like this : Various PCs ... 192.168.10.2,192.168.10.3,192.168.10.4... Router DI-624 (Gateway) ... 192.168.10.1 Now I would like to configure squid and every traffic to internet will be grabbed on my proxy. I would like to analyse some http stats, I read that awstats it's good. Sorry for this rookie questions ... ;-) Thanks in advance Quote:
|
Your question does not seem to be very clear. Also it does not seem to be related to what OP was facing. Do not hijack the thread. Instead start your own in viable forum with neat subject to get max help.
|
All times are GMT -5. The time now is 08:06 AM. |