LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How to block urls for specific ip in squid (https://www.linuxquestions.org/questions/linux-security-4/how-to-block-urls-for-specific-ip-in-squid-500476/)

addipolli 11-10-2006 08:23 PM
How to block urls for specific ip in squid
 
Hi,

I want to block some urls (yahoomail,gmail

addipolli 11-10-2006 08:29 PM
How to block urls for specific ip in squid
 
Hi,

I am using squid 2 as my proxy. I want to block the urls (yahoo mail, gmail) only for some systems in the network.
How can i do this in squid

Can any one help me.

win32sux 11-10-2006 10:00 PM
Quote:
Originally Posted by addipolli
Hi,

I am using squid 2 as my proxy. I want to block the urls (yahoo mail, gmail) only for some systems in the network.
How can i do this in squid

Can any one help me.
it's basically three steps:

1 - make an ACL for the subnet/range you want to block the URL from...

2 - make an ACL for the URLs you wish to block...

3 - create an "http_access deny" rule using those two ACLs...

for example:
Code:
acl banned_clients src 192.168.12.0/255.255.255.0
acl sucky_url dstdomain .microsoft.com
http_access deny banned_clients sucky_url
that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com...

here's another example:
Code:
acl banned_clients src 192.168.12.12-192.168.12.65
acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com
http_access deny banned_clients sucky_urls
that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...

acid_kewpie 11-11-2006 02:39 AM
within squid you can just use the dstdomain directive in an acl to deny domains.
Code:
acl DSTDOMAIN dstdomain .deny.com
http_access deny DSTDOMAIN

unSpawn 11-11-2006 03:17 AM
To the OP: posting a question twice in a row with an interval of n minutes verges on the edge of spamming. Please be more careful. TIA

addipolli 11-14-2006 01:45 AM
Quote:
Originally Posted by win32sux
it's basically three steps:

1 - make an ACL for the subnet/range you want to block the URL from...

2 - make an ACL for the URLs you wish to block...

3 - create an "http_access deny" rule using those two ACLs...

for example:
Code:
acl banned_clients src 192.168.12.0/255.255.255.0
acl sucky_url dstdomain .microsoft.com
http_access deny banned_clients sucky_url
that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com...

here's another example:
Code:
acl banned_clients src 192.168.12.12-192.168.12.65
acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com
http_access deny banned_clients sucky_urls
that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...

It worked & Thankyou very much

cj_cheema 11-20-2006 04:54 PM
Please clear my doubt
 
Quote:
Originally Posted by win32sux
it's basically three steps:

1 - make an ACL for the subnet/range you want to block the URL from...

2 - make an ACL for the URLs you wish to block...

3 - create an "http_access deny" rule using those two ACLs...

for example:
Code:
acl banned_clients src 192.168.12.0/255.255.255.0
acl sucky_url dstdomain .microsoft.com
http_access deny banned_clients sucky_url
that would deny anybody in the 192.168.12.0/24 subnet access to microsoft.com...

here's another example:
Code:
acl banned_clients src 192.168.12.12-192.168.12.65
acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com
http_access deny banned_clients sucky_urls
that would deny anybody in the 192.168.12.12-65 IP range access to microsoft.com, sco.com, and .doubleclick.com...
:Pengy: Hi win32sux
Thanx for your steps which u have posted actually i was also searchinig this type of configuration. But i have little problem hope u may favour me, actually i'm new in linux and having no experiance. so could u tell me where i have to edit these steps in squid.conf file actually i have check in "ACCESS CONTROL" but i have found no such thing in it only this line was mention something like this in access controls ie:
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR
# CLIENTS
#
http_access deny all

In above lines where i have to edit ur steps. Please assist me.

Thanx
CJ Cheema:confused:
mail me: cj_cheema@hotmail.com

win32sux 11-21-2006 05:21 AM
Quote:
Originally Posted by cj_cheema
:Pengy: Hi win32sux
Thanx for your steps which u have posted actually i was also searchinig this type of configuration. But i have little problem hope u may favour me, actually i'm new in linux and having no experiance. so could u tell me where i have to edit these steps in squid.conf file actually i have check in "ACCESS CONTROL" but i have found no such thing in it only this line was mention something like this in access controls ie:
#Default configuration:
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR
# CLIENTS
#
http_access deny all

In above lines where i have to edit ur steps. Please assist me.

Thanx
CJ Cheema:confused:
mail me: cj_cheema@hotmail.com
insert the http_access rule right there in the part where it says "INSERT YOUR OWN RULES HERE" (right before the "http_access deny all"... then find the ACL section further-up and append your ACLs to the end of that section... i'd also recommend getting-rid of all the comments to make editing the file easier...

cj_cheema 11-22-2006 05:54 PM
Thanx for ur assistance
 
Quote:
Originally Posted by win32sux
insert the http_access rule right there in the part where it says "INSERT YOUR OWN RULES HERE" (right before the "http_access deny all"... then find the ACL section further-up and append your ACLs to the end of that section... i'd also recommend getting-rid of all the comments to make editing the file easier...

Hi Win32sux

thanx for ur assistance. Now it is working.

Thanx again

Regards
CJ Cheema :p

korexmohan 11-24-2008 01:20 AM
Creatind block list
 
Hi Pals,
Is there a option to create a file for block list and that can be linked to squid.conf. So whenever i want to add a site name in block list i can edit that external file and will be easy to handle....

win32sux 11-24-2008 02:04 AM
Quote:
Originally Posted by korexmohan (Post 3352465)
Hi Pals,
Is there a option to create a file for block list and that can be linked to squid.conf. So whenever i want to add a site name in block list i can edit that external file and will be easy to handle....
Yes. Go to the ACL section of the Squid FAQ. Then, click on I want to put ACL parameters in an external file. That shows you how to do it. That said, please don't resurrect dead threads. And please do some searching before posting questions. I know for a fact this question has been asked, answered, and discussed several times here on LQ. Thread closed.


All times are GMT -5. The time now is 05:12 PM.