Web Blocking
 

I have Redhat 9 linux proxy server for internet,our organisation decided to allow only 4 sites to 24 ips and allow full access to any site for 4 ips.i had searched and configured dansguaridan and squidguard for web blocking,but when i block certain url it blocks to all ips.These two softwares does not having features for only allow 4 urls to 24 ips and full access to 4 ips.please suggest me any software for my Redhat 9 linux


Satish

the features are absolutely there, I'd just say you're not configuring it correctly, as it's fairly simple stuff what you're asking for. Squid by itself can easily handle this.

for the 4 ip's you just have an http_access to allow those ip's high up in the list

for the 24 ip's to 4 urls you have an http_access to allow BOTH those acl's at once

you then deny all other traffic at the bottom of the list.

Can do this way..
I hope this works for you.

acl allowed_ip src <IP range>
acl remaining_ips src <IP Range>
acl allow_sites url_regex "/etc/squid/allowed_sites"

In http_access area:

http_access allow allowed_ip
http_access allow allow_sites remaining_ips
http_access deny all

In the file /etc/squid/allow_sites: Enter the names of the sites that you want to allow.

Gurus, correct me where ever I have faltered.

Web Blocking
 

but how to do in squid.conf,i am newbie and i don't know how to configure
http_access for all 24 ip to access only 4 sites and other 4 sites can access all sites.so please give me the full configuration on squid.conf for http_access and acl.


Regards


Satish

You've already been given a good explanation and an example, but here's one from me in case it might be a little more clear for you.Keep in mind that since you aren't using the terms site and IP consistently, it's tough to tell what exactly you mean. My example assumes you mean that twenty-four IPs will be limited to only four websites, and the rest of the IPs in the subnet can access whatever websites they want.

Web Blocking
 

it works for me all sites except 4 sites browsing, but the problem is that in our office we have one web server which works on http://192.168.1.249:8500 this link is also giving me the access denied,why this local server giving me access denied.when we had blocked all sites why this local server is giving me access denied.when i am not using my proxy setting, i can browse my local web server.also i want one more setting is that when the user access banned site it mail the ip address and banned site details to my email address.

please provide me solution on my local web server,and we don't want to remove proxy settings while accessing the local web server,because in one browser we can use our local web server and internet.


Thanks for your help


Satish

I believe most browsers have an option to specify addresses for which the proxy shouldn't be used. As for the email notification, there's several log file monitors available for GNU/Linux. Maybe start by looking at Logwatch.

This problem can also be solved by using a Transparent proxy I guess.
Any comments from Gurus?

I am not a guru, but if you are doing transparent filtering and you want to create an exception for an IP what you can do is add an ACCEPT rule to the PREROUTING chain for the IP, such that packets destined for it won't get sent to REDIRECT. However, a LAN client doesn't need to use a router/gateway in order to access a server on its own LAN, so there isn't any reason why such a request should be going that way in the first place (in a transparent setup). In a non-transparent setup, the client is told when to use the proxy, and must also be told when not to use it.

@satish: What does the Squid access log look like when a LAN client tries to access the LAN server?

web blocking
 

here is i am giving my squid.conf changes for sites blocking

acl mynetwork src 192.168.1.0/24

acl limited_access src 192.168.1.3-192.168.1.249

acl allowed_sites dstdomain www.yahoo.com
acl allowed_sites dstdomain mail.rediff.com
acl allowed_sites dstdomain f5plus.rediff.com
acl allowed_sites dstdomain f5mail.rediff.com
acl allowed_sites dstdomain www.rediff.com
acl allowed_sites dstdomain login.rediff.com
acl allowed_sites dstdomain im.rediff.com
acl allowed_sites dstdomain ads.rediff.com
acl allowed_sites dstdomain www.google.co.in
acl allowed_sites dstdomain linuxquestions.org
acl allowed_sites dstdomain 192.168.1.249


http_access allow limited_access allowed_sites
http_access deny limited_access
http_access allow mynetwork
http_access allow internalnetwork
http_access deny all

http_reply_access allow all


as you can see i had added my internal database server ip 192.168.1.249 in acl allowed list,but still i get access denied message and in my access.log file of squid is showing me like this

1212646212.396 0 192.168.1.14 TCP_DENIED/403 1459 GET http://ishare.rediff.com/images/playerimg.swf - NONE/- text/html

as i already mention that i am newbie for linux and enjoying the answers i get from you and applying on my server.


when i apply all this rules of squid.conf file you given me, i cannot access my internal web server. i don't no about transparnt filtering and iptables command.iam not familiar with iptables,so please send me the command detail for my query

Regards


Satish

First of all forgive me for making a mistake in my example. I forgot to use the dots before the domains. In other words, my example should have been:I'm not 100% sure about what the effects of not having the dots are, as I don't have a Squid box to test right now. But the proper way is to use the dots, FWIW. Now, on to the feedback:

This looks good. Just remember to add the dots in front like I mentioned above. Also, wouldn't it be much simpler for you to simply make an ACL for rediff.com instead of for each of those sub domains? Just wondering.

This isn't right, as that's an IP, not a destination domain. You should use a dst ACL instead of a dstdomain here.

Where did the internalnetwork ACL come from?

This log entry has nothing to do with the LAN access problem. Access to ishare.rediff.com is being denied because there isn't an ACL for it.

In client there is an option to "by pass proxy server for local address".
Check that box and you will be able to get the access.
If your clients are also Linux based then you will have to specify the addresses for which proxy needs to be by passed.

Yes, this was already mentioned in post #7, but if you look at the amount of clients he has I would say it's not feasible to do this manually at every client. If that is the case, he can either fix it in Squid (what he is trying to do now), or use something like WPAD.

Then I guess the safest way is to use the transparent proxy. That will help him more. He will not have to manually do the settings in the client browser.

You can find the tutorial for transparent squid at :
http://www.cyberciti.biz/tips/linux-...uid-howto.html

you are using squid for blocking urls so some one can use proxes with different port than 80 or 8080 then squid will not able to block the sites my sujestion is to use iptables to block the sites the sites if i am wrong plz tell me gurus