LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-17-2016, 02:12 AM   #1
antriksh
Member
 
Registered: Aug 2010
Location: In my world
Distribution: Oracle Linux 6
Posts: 83

Rep: Reputation: 0
Question Squid allow one IP on a particular port


Hello. This is my squid configuration:

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

Now i want to allow URL http://213.145.166.138/ on port 81 (which is currently blocked) for everyone. Is it possible to configure it?
 
Old 11-17-2016, 07:30 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,824

Rep: Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775
Quote:
Originally Posted by antriksh View Post
Hello. This is my squid configuration:

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http

Now i want to allow URL http://213.145.166.138/ on port 81 (which is currently blocked) for everyone. Is it possible to configure it?
Yes. These are called ACL's (which you already have). Did you try to look at the VERY ample Squid documentation?
http://wiki.squid-cache.org/SquidFaq/SquidAcl

...or try to put "how to configure squid to allow a website" into Google?
http://wiki.squid-cache.org/ConfigEx...nticate/Bypass
 
Old 11-17-2016, 10:04 AM   #3
antriksh
Member
 
Registered: Aug 2010
Location: In my world
Distribution: Oracle Linux 6
Posts: 83

Original Poster
Rep: Reputation: 0
Yes i looked into it.

Problem here is if i allow port 81 it will be allowed for any website. I want to allow only one website for port 81. I didn't find any acl combination for that.
 
Old 11-18-2016, 08:21 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,824

Rep: Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775
Quote:
Originally Posted by antriksh View Post
Yes i looked into it.
Problem here is if i allow port 81 it will be allowed for any website. I want to allow only one website for port 81. I didn't find any acl combination for that.
Must not have looked too hard. There are examples in the documentation, and AMPLE examples you can find with a Google search to allow only ONE website...this is no different.
 
Old 11-18-2016, 05:19 PM   #5
Jjanel
Member
 
Registered: Jun 2016
Distribution: any&all, in VBox; Ol'UnixCLI; NO GUI resources
Posts: 999
Blog Entries: 12

Rep: Reputation: 361Reputation: 361Reputation: 361Reputation: 361
A bit more 'hint' needed, sorry...

I wanted to learn a bit about squid from this Thread, but I seem to need a bit more 'clue' here.
Is that URL http://213.145.166.138/ *on your server* [dst] (or *from* a src)?
I tried hour of web-searches like: allow one|specific ip|dst access "to a port" squid
but kept getting confused by thinking http_access meant port 80 only [?]
As that first doc link begins by saying:
"Squid's access control scheme is relatively comprehensive and difficult for some people to understand."
Maybe [my **guess**] something like:
acl myport port 81
acl myaddr dst 213.145.166.138
http-access allow myport myaddr
(partly based on that doc's "And/Or logic" [under "Common Mistakes"])

Maybe try that & let us know. *logs*?! (again, that is *just my guess* & may be incorrect!)

A bit more of a hint/clue/more-specific-link-quotation/... from LQ'ers is welcome here. Thanks!
 
Old 11-18-2016, 06:08 PM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,824

Rep: Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775
Quote:
Originally Posted by Jjanel View Post
I wanted to learn a bit about squid from this Thread, but I seem to need a bit more 'clue' here.
Is that URL http://213.145.166.138/ *on your server* [dst] (or *from* a src)?
I tried hour of web-searches like: allow one|specific ip|dst access "to a port" squid
but kept getting confused by thinking http_access meant port 80 only [?]
As that first doc link begins by saying:
"Squid's access control scheme is relatively comprehensive and difficult for some people to understand."
Maybe [my **guess**] something like:
acl myport port 81
acl myaddr dst 213.145.166.138
http-access allow myport myaddr
(partly based on that doc's "And/Or logic" [under "Common Mistakes"])

Maybe try that & let us know. *logs*?! (again, that is *just my guess* & may be incorrect!) A bit more of a hint/clue/more-specific-link-quotation/... from LQ'ers is welcome here. Thanks!
You need to think about what squid IS and what it is designed to DO. It's a proxy server...all it does is handle web traffic. Allowing/disallowing ports is done in broad strokes, because you need to handle port-by-port access through your firewall/iptables/NAT. Either you allow port 81 through for ALL sites, or none. No way around it. You *CAN* easily NAT traffic to/from that address on port 81, to port 80, so as far as squid is concerned, all the HTTP traffic is staying on the default port.
 
1 members found this post helpful.
Old 01-16-2019, 02:01 PM   #7
afdm74
LQ Newbie
 
Registered: Jul 2014
Posts: 2

Rep: Reputation: Disabled
Talking

Quote:
Originally Posted by Jjanel View Post
I wanted to learn a bit about squid from this Thread, but I seem to need a bit more 'clue' here.
Is that URL http://213.145.166.138/ *on your server* [dst] (or *from* a src)?
I tried hour of web-searches like: allow one|specific ip|dst access "to a port" squid
but kept getting confused by thinking http_access meant port 80 only [?]
As that first doc link begins by saying:
"Squid's access control scheme is relatively comprehensive and difficult for some people to understand."
Maybe [my **guess**] something like:
acl myport port 81
acl myaddr dst 213.145.166.138
http-access allow myport myaddr
(partly based on that doc's "And/Or logic" [under "Common Mistakes"])

Maybe try that & let us know. *logs*?! (again, that is *just my guess* & may be incorrect!)

A bit more of a hint/clue/more-specific-link-quotation/... from LQ'ers is welcome here. Thanks!
You just need to put your http-access declaration above the "http-access deny !Safe_ports". Thatīs all you got wrong...
 
Old 01-17-2019, 08:13 AM   #8
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,824

Rep: Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775Reputation: 5775
Quote:
Originally Posted by afdm74 View Post
You just need to put your http-access declaration above the "http-access deny !Safe_ports". Thatīs all you got wrong...
Right: that was done TWO YEARS AGO.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Is it possible to use squid in same ip subnet with WAN IP? Iptables Squid port problem. neopandid Linux - Server 2 03-18-2013 02:14 AM
SQUID port to port elsergio Linux - Newbie 1 07-23-2008 04:48 AM
Squid + Port Mapping? ssd26 Linux - Software 1 04-23-2007 12:13 PM
debian iptables squid - redirect port 80 to port 8080 on another machine nickleus Linux - Networking 1 08-17-2006 12:59 AM
Squid and Port Rules maxsthecat Linux - Networking 2 08-12-2006 08:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 06:57 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration