Hi..Satyaveer Arya and linuxlover.chaitanya.
in squid.conf file I had already added the entry as
Code:
acl deniedsites dstdomain "/etc/squid3/.denied_sites"
http_access deny deniedsites"
Code:
#cat /etc/squid3/.denied_sites
.facebook.com
#.some-other-sites.com
#and so on
This was blocking for only
http sites not for
https sites. So then I tried
Code:
acl facebook dstdomain .facebook.com
http_reply_access deny facebook # for http
http_access deny CONNECT facebook # for https
Since my manager had told me to block facebook at all time I didn't mention that as from what time to what time it should be blocked. So I just added the entry to be blocked at all time. But found since squid is http proxy and since we are using transparent squid proxy, now also it was unable to block
https://facebook.com and it was blocked for only
http://facebook.com. So again people started with
https://facebook.com.
At last I could achieve to block
https://facebook.com using
IPTables FORWARD rules. Then I found, none of the users were able to open
https://facebook.com even after multiple tries and even if they try to access with different browser.
Today I came to know that again they are using 3rd party softwares like ultrasurf on windows!!!
and one more software(I forgot the name, I will let you know once I reached to office, and I also already checked with that software on linux and found both
http://facebook.com &
https://facebook.com is opening only if that software service is started and only with aurora broweser but not with any other browser.) on linux to bypass proxy/firewall!!!
I hope I can block this also using IPTables rules if I could not again I will come and request linuxquestions.org because this is the only one site that always you all are helping me in proper way.
So since I don't want allow such browser I found a
link to allow only particular browsers in squid.conf in which that link says to set the rule as
Code:
acl firefox browser firefox
http_access deny !firefox
restared squid3 service and found it is not blocking other browsers. Then I also tried in squid.conf file as
Code:
acl aurora browser aurora
http_access deny aurora
restarted the service but still I can access the internet using aurora browser in my PC(client only) as well as clients PC.
So it would be appreciated if you could post the squid ACLs to block all browsers except mozilla firefox and internet explorer.
Thanks for your kind help.