Linux - Server This forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to
LinuxQuestions.org , a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free.
Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please
contact us . If you need to reset your password,
click here .
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a
virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month.
Click here for more info.
02-16-2012, 01:49 AM
#1
LQ Newbie
Registered: Feb 2012
Posts: 23
Rep:
How to restrict facebook
How to block the some websites for the particular ip address in squid server.I am new to the squid server.Can any one guide me
Click here to see the post LQ members have rated as the most helpful post in this thread.
02-16-2012, 01:56 AM
#2
LQ Guru
Registered: May 2009
Location: Gibraltar, Gibraltar
Distribution: Fedora 20 with Awesome WM
Posts: 6,805
Hello,
You can use what's explained in
this blog to block Facebook access for an entire LAN or specific IP.
Kind regards,
Eric
02-16-2012, 02:07 AM
#3
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
i have created some lists like allowed.clients and restricte_sites are the files in the usr/local/etc/ path.I want to block the facebook for the particular ip addresses in the network.And i have to allow some websites to the particular user(Ip addresses)
02-16-2012, 05:23 AM
#4
Senior Member
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
which distro are you using? here is a sample syntax
Code:
acl imp_people src 10.10.10.30
acl goodsites dstdomain .yahoo.com
http_access allow CONNECT goodsites
http_access allow imp_people
https_access deny all
similarly you can block websites for few USERS
Last edited by deep27ak; 02-16-2012 at 05:35 AM .
02-16-2012, 10:19 PM
#5
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
This is i am using in squid.cof file
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webapp_port port 81
acl webapp_ip dst 10.1.7.21
acl CONNECT method CONNECT
#acl block_host src 192.168.1.200
acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
#acl badsites dstdomain "/usr/local/etc/restricted_sites"
acl isoft_net src 192.168.1.0/255.255.255.0
#acl badsites dstdomain "/usr/local/etc/restricted.site"
acl fb dstdomain .facebook.com
#http_access deny badsites
http_access allow isoft_net
http_access deny !allowed_clients fb
#http_access deny badsites
02-16-2012, 11:52 PM
#6
Senior Member
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
to block facebook for few users
Code:
acl denied_users src 192.168.1.50 192.168.1.23
acl badsite dstdomain .facebook.com
http_access deny badsite
http_access allow all
http_access allow denied_users
02-17-2012, 12:23 AM
#7
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
I have a small doubt if is place the denied ip address in a file .how to define in the squid file directory.
Ex:you have given me the ip address acl denied_users src 192.168.1.50 192.168.1.23
instead of that how to place all the ip address in one file .I want to block the some other sites also like hi5.com,orkut.com
02-17-2012, 12:47 AM
#8
Senior Member
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
Code:
acl mynetwork src 192.168.1.0/24
http_access allow mynetwork
http_access deny all
mention all the IP address with special permission in the same place
Code:
acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users
or create a file in /etc/squid
Code:
#vi badsites.acl
.facebook.com
.yahoo.com
in squid.conf
Code:
acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites
1 members found this post helpful.
02-17-2012, 01:08 AM
#9
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
Hello,
Where should i define following code in squid.conf.
And remains details in the below squid.conf file.Can you conform.If anything goes wrong total internet will distrube.i create the badsites.acl file.Can you write the code in the below squid.conf file
acl mynetwork src 192.168.1.0/24
http_access allow mynetwork
http_access deny all
mention all the IP address with special permission in the same place
Code:
acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users
or create a file in /etc/squid
Code:
#vi badsites.acl
.facebook.com
.yahoo.com
in squid.conf
Code:
acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites
#############This is the present squid.conf file in the server,##############
[U]#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl webapp_port port 81
acl webapp_ip dst 10.1.7.21
acl CONNECT method CONNECT
#acl block_host src 192.168.1.200
acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
#acl badsites dstdomain "/usr/local/etc/restricted_sites"
acl isoft_net src 192.168.1.0/255.255.255.0
#acl badsites dstdomain "/usr/local/etc/restricted.site"
acl fb dstdomain .facebook.com
#http_access deny badsites
http_access allow isoft_net
http_access deny !allowed_clients fb
#http_access deny badsites
##############################################################################3
02-17-2012, 01:13 AM
#10
Senior Member
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
Show me your allowed.clients file
put the acl where other acls are mentioned
there is a section in squid.conf
Code:
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
Code:
acl isoft_net src 192.168.1.0/255.255.255.0
http_access allow isoft_net
acl denied_users src (all the IPs)
acl bad_sites dstdomain .facebook.com .hi5.com .orkut.com
http_access deny CONNECT bad_sites
http_access allow denied users
create a file in /etc/squid
#vi badsites.acl
.facebook.com
.yahoo.com
acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites
02-17-2012, 01:32 AM
#11
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
Please check the files allowed.clients file under usr/local/etc/allowed.clients
192.168.1.17
192.168.1.6
192.168.1.55
02-17-2012, 02:54 AM
#12
Senior Member
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
I have never tried working with putting all IPs in one file so I wont be able to help if that works
02-17-2012, 03:17 AM
#13
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
I will try the above one which you guide me for the modify code in the squid.conf file.
03-04-2012, 11:32 PM
#14
LQ Newbie
Registered: Feb 2012
Posts: 23
Original Poster
Rep:
acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
acl Badsites dstdomain "/usr/local/etc/restricted_sites"
acl soft_net src 192.168.1.0/255.255.255.0
acl badsites dstdomain "/usr/local/etc/restricted.site"
In the allowed.clinets file i defined the ip address list 192.168.1.4 and 192.168.1.8
and restricted.site file defined that blocked for the remaing users
But it is not working still that users able to access the facebook and other sites
03-04-2012, 11:53 PM
#15
Senior Member
Registered: Aug 2011
Location: Bangalore, India
Distribution: RHEL 7.x, SLES 11 SP2/3/4
Posts: 1,195
Quote:
Originally Posted by
kanna411988
acl allowed_clients dstdomain "/usr/local/etc/allowed.clients"
acl Badsites dstdomain "/usr/local/etc/restricted_sites"
acl soft_net src 192.168.1.0/255.255.255.0
acl badsites dstdomain "/usr/local/etc/restricted.site"
In the allowed.clinets file i defined the ip address list 192.168.1.4 and 192.168.1.8
and restricted.site file defined that blocked for the remaing users
But it is not working still that users able to access the facebook and other sites
check and compare the syntax you are using from the one I had posted
Code:
acl badsites url_regex "/etc/squid/badsites.acl"
http_access deny badsites
and I don't see any
http_access syntax in your config file?
Now I can't go on and imagine your config file so it would be better if you post with all the related information
1 members found this post helpful.
All times are GMT -5. The time now is 04:02 AM .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know .
Latest Threads
LQ News