Web Blocking
I have Redhat 9 linux proxy server for internet,our organisation decided to allow only 4 sites to 24 ips and allow full access to any site for 4 ips.i had searched and configured dansguaridan and squidguard for web blocking,but when i block certain url it blocks to all ips.These two softwares does not having features for only allow 4 urls to 24 ips and full access to 4 ips.please suggest me any software for my Redhat 9 linux
Satish |
the features are absolutely there, I'd just say you're not configuring it correctly, as it's fairly simple stuff what you're asking for. Squid by itself can easily handle this.
for the 4 ip's you just have an http_access to allow those ip's high up in the list for the 24 ip's to 4 urls you have an http_access to allow BOTH those acl's at once you then deny all other traffic at the bottom of the list. |
Can do this way..
I hope this works for you. acl allowed_ip src <IP range> acl remaining_ips src <IP Range> acl allow_sites url_regex "/etc/squid/allowed_sites" In http_access area: http_access allow allowed_ip http_access allow allow_sites remaining_ips http_access deny all In the file /etc/squid/allow_sites: Enter the names of the sites that you want to allow. Gurus, correct me where ever I have faltered. |
Web Blocking
but how to do in squid.conf,i am newbie and i don't know how to configure
http_access for all 24 ip to access only 4 sites and other 4 sites can access all sites.so please give me the full configuration on squid.conf for http_access and acl. Regards Satish |
Quote:
Code:
acl mynetwork src 192.168.1.0/24 |
Web Blocking
it works for me all sites except 4 sites browsing, but the problem is that in our office we have one web server which works on http://192.168.1.249:8500 this link is also giving me the access denied,why this local server giving me access denied.when we had blocked all sites why this local server is giving me access denied.when i am not using my proxy setting, i can browse my local web server.also i want one more setting is that when the user access banned site it mail the ip address and banned site details to my email address.
please provide me solution on my local web server,and we don't want to remove proxy settings while accessing the local web server,because in one browser we can use our local web server and internet. Thanks for your help Satish |
Quote:
|
This problem can also be solved by using a Transparent proxy I guess.
Any comments from Gurus? |
Quote:
@satish: What does the Squid access log look like when a LAN client tries to access the LAN server? |
web blocking
here is i am giving my squid.conf changes for sites blocking
acl mynetwork src 192.168.1.0/24 acl limited_access src 192.168.1.3-192.168.1.249 acl allowed_sites dstdomain www.yahoo.com acl allowed_sites dstdomain mail.rediff.com acl allowed_sites dstdomain f5plus.rediff.com acl allowed_sites dstdomain f5mail.rediff.com acl allowed_sites dstdomain www.rediff.com acl allowed_sites dstdomain login.rediff.com acl allowed_sites dstdomain im.rediff.com acl allowed_sites dstdomain ads.rediff.com acl allowed_sites dstdomain www.google.co.in acl allowed_sites dstdomain linuxquestions.org acl allowed_sites dstdomain 192.168.1.249 http_access allow limited_access allowed_sites http_access deny limited_access http_access allow mynetwork http_access allow internalnetwork http_access deny all http_reply_access allow all as you can see i had added my internal database server ip 192.168.1.249 in acl allowed list,but still i get access denied message and in my access.log file of squid is showing me like this 1212646212.396 0 192.168.1.14 TCP_DENIED/403 1459 GET http://ishare.rediff.com/images/playerimg.swf - NONE/- text/html as i already mention that i am newbie for linux and enjoying the answers i get from you and applying on my server. when i apply all this rules of squid.conf file you given me, i cannot access my internal web server. i don't no about transparnt filtering and iptables command.iam not familiar with iptables,so please send me the command detail for my query Regards Satish |
First of all forgive me for making a mistake in my example. I forgot to use the dots before the domains. In other words, my example should have been:
Code:
acl mynetwork src 192.168.1.0/24 Quote:
Quote:
Quote:
Quote:
|
In client there is an option to "by pass proxy server for local address".
Check that box and you will be able to get the access. If your clients are also Linux based then you will have to specify the addresses for which proxy needs to be by passed. |
Quote:
|
Then I guess the safest way is to use the transparent proxy. That will help him more. He will not have to manually do the settings in the client browser.
You can find the tutorial for transparent squid at : http://www.cyberciti.biz/tips/linux-...uid-howto.html |
you are using squid for blocking urls so some one can use proxes with different port than 80 or 8080 then squid will not able to block the sites my sujestion is to use iptables to block the sites the sites if i am wrong plz tell me gurus
|
All times are GMT -5. The time now is 02:34 PM. |