squid transparent proxy restriction

salimshahzad · 06-22-2011, 02:09 AM

hello gurus

i m using centos 5.6 x86

give us guideline if possible, we have squid transparent proxy, the ip is set 10.0.1.85, this is as gateway we enter in window client pc to browse. now we want to block some website so we try below two method does not work, can you check if anything wrong in this, we enter this all starting of file squid.conf

# Add this to the bottom of the ACL section of squid.conf
acl lan src 10.0.1.0/24

# Add this at the top of the http_access section of squid.conf
http_access allow lan
acl badsites dstdomain "/etc/squid/restricted-sites.squid"
http_access deny badsites

max_filedesc 4096

kind regards
hacit

bathory · 06-22-2011, 04:23 AM

Hi,

Since the acls are read from top to bottom, you should put the allow acl last:

Code:

acl badsites dstdomain "/etc/squid/restricted-sites.squid"
http_access deny badsites
http_access allow lan

Regards

salimshahzad · 06-22-2011, 04:52 AM

let me update you

when i stop proxy squid browsing stop, now i comment all lines that added so it also stop this means the file and squid.conf configuration working fine

can you advise is firewal should be start or stop, 2nd advise what r all alertnate method to block website, is there any order sequence first last allow deny etc ACL list is properly set see this in proxy with comment line

ERROR
The requested URL could not be retrieved

--------------------------------------------------------------------------------

While trying to retrieve the URL: http://www.google.com/

The following error was encountered:

•Access Denied.
Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.

--------------------------------------------------------------------------------

Generated Wed, 22 Jun 2011 09:52:30 GMT by proxyjed1.tmsa.com (squid/2.6.STABLE21)

bathory · 06-22-2011, 05:43 AM

Hi,

Quote:

when i stop proxy squid browsing stop, now i comment all lines that added so it also stop this means the file and squid.conf configuration working fine

This is what a transparent proxy is supposed to do. All traffic to port 80 is going through it, so if it's stopped you cannot browse anything.

Quote:

can you advise is firewal should be start or stop,

You need a firewall (iptables) to redirect all traffic to port 80 to the squid server.

Quote:

2nd advise what r all alertnate method to block website, is there any order sequence first last allow deny etc ACL list is properly set see this in proxy with comment line

I suggest you to read this about acls and how they apply.

Regards