LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 02-02-2011, 09:22 AM   #1
dinesh25d
LQ Newbie
 
Registered: Jan 2007
Location: Mumbai, India
Distribution: Ubuntu, Fedora
Posts: 9

Rep: Reputation: 0
Angry Help for Squid 3 Proxy


I want to restrict some site (Social Networking) through my newly configured squid proxy.
But It always allow those site How to block those site.

My squid.conf file is configured as follow :-

.
.
.
.
.
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#acl workhrs time MTWHFA 11:00-16:00
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 127.0.0.1/255.255.255.255 # RFC1918 possible internal network
acl our_network src 192.168.2.0/24 # RFC1918 possible internal network
acl bad dstdomain "/etc/squid/block-sites.squid"
#acl blacklist_ip src 192.168.2.11
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# TAG: http_access
.
.
.
..
.
.
.
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
#http_access deny bad workhrs blacklist_ip
http_access deny bad
http_access allow localhost
http_access allow our_network
http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all
 
Old 02-02-2011, 11:13 AM   #2
Oliv'
Senior Member
 
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014

Rep: Reputation: 36
Hello,

Well it does not work just because the syntax in your config file is incorrect. You have to put a domainname in your acl rule and not a file containing domainname. See official online doc for more info: http://www.visolve.com/squid/squid30....php#dstdomain

Regards,

Oliv'
 
Old 02-03-2011, 01:32 AM   #3
dinesh25d
LQ Newbie
 
Registered: Jan 2007
Location: Mumbai, India
Distribution: Ubuntu, Fedora
Posts: 9

Original Poster
Rep: Reputation: 0
Then how to ban more no. of site if I can't user file name in ACL
 
Old 02-03-2011, 02:59 AM   #4
dinesh25d
LQ Newbie
 
Registered: Jan 2007
Location: Mumbai, India
Distribution: Ubuntu, Fedora
Posts: 9

Original Poster
Rep: Reputation: 0
My modified squid.conf as follows but not of use unable to stop website

.
.
.
.
.
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#acl workhrs time MTWHFA 11:00-16:00
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 127.0.0.1/255.255.255.255 # RFC1918 possible internal network
acl our_network src 192.168.2.0/24 # RFC1918 possible internal network
acl bad dstdomain www.facebook.com
#acl blacklist_ip src 192.168.2.11
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
.
.
.
.
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#acl workhrs time MTWHFA 11:00-16:00
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
.
.
.
.
#http_access allow localnet
#http_access deny bad workhrs blacklist_ip
http_access deny bad
http_access allow localhost
http_access allow our_network
http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all

# TAG: http_access2
.
.
.
.
#Default:
debug_options ALL,1 33,2 28,9
 
Old 02-03-2011, 04:20 AM   #5
Oliv'
Senior Member
 
Registered: Jan 2004
Location: Montpellier (France)
Distribution: Gentoo
Posts: 1,014

Rep: Reputation: 36
From my point of view, the easiest way to do what you want is to use squidguard which an addon to squid. Have a look at this url http://www.squidguard.org/index.html for more info.

Oliv'
 
Old 02-03-2011, 08:21 AM   #6
damade
LQ Newbie
 
Registered: Feb 2011
Distribution: Red hat, Solaris, AIX, HP-UX, FreeBSD
Posts: 15

Rep: Reputation: 2
acl bad dstdomain www.facebook.com

in this line you are configuring an ACL which uses a stricted matching of www.facebook.com.
any url that have a minimun change in the domain name will be allowed (www3.facebook.com, es.facebook.com)

You can try this acl instead

acl bad dstdom_regex facebook.com

salu2
damade
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid Proxy Server on Ubuntu and WPAD - Proxy Auto Detection cheesewizz Linux - Networking 1 12-10-2010 03:49 AM
configure squid proxy with cc proxy as a parent proxy faisi Linux - Networking 1 08-10-2010 02:16 PM
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 12:25 PM
configure squid proxy with microsoft proxy as a parent proxy nintykola Linux - Software 1 08-28-2007 02:38 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 01:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration