LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 01-08-2009, 05:06 AM   #1
mohantorvalds
LQ Newbie
 
Registered: Sep 2008
Posts: 5

Rep: Reputation: 0
Question squid 2.6 not blocking sites even i entered ACL to block sites


Hi,

I configured proxy initially without blocking any sites....den i planned to block some site...i create some acl as below...but even i cont block the site...but my clients are connect net through my proxy only...


"I'm using squid 2.6 stable version in fedora 8"
#Squid normally listens to port 3128

http_port 192.168.1.100:3128

#Recommended minimum configuration

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT


http_access allow manager localhost
http_access deny manager

# Deny requests to unknown ports

http_access deny !Safe_ports

# Deny CONNECT to other than SSL ports

http_access deny CONNECT !SSL_ports


# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks. Adapt
# to list your (internal) IP networks from where browsing should
# be allowed
631,12 13%

acl our_networks src 192.168.1.0/24 192.168.2.0/24 #This is my network ip#
http_access allow our_networks

acl badsites dstdomain .tamilbeat.com

acl restricted-sites dstdomain "/usr/local/etc/restricted-sites" # Restricted files present in this location #

acl adult_sites url_regex -i sex adult hack crack casino gambl nude desibaba
acl download_sites dstdomain "/usr/local/etc/download-sites"
acl adult_sites url_regex -i "/usr/local/etc/restricted-domains"
acl denyfiletypes url_regex -i .mp3$ .mpg$ .mpeg$ .mp2$ .avi$ .wmv$ .wma$ .ra$ .rm$ .mid$ .mov$ .asf$ .wav$ .dat$ .qt$ .snd$ .wm$ .asx$ .aiff$ .ogg$ .ram$ .au$ .exe$
acl block dstdomain walkincareers.com careerpluz.com jobsdream.com intervieweasy.com ecareer.org hamaraphotos.com ifilm.com janubaba.com moviegupshup.net bollywoodmantra.com bollywoodmovies.us bollywoodpremiere.com buzz18.com crickethighlights.com cricketlivelinks.com cricketnext.com cricketworlduplatest.com dgreetings.com z.com .mmy88.cn/ .gazzag.com .meebo.com .topproxysites.com .proxytopsite.com .topfreeproxy.com .proxy200.com .topproxies.info .gotoproxy.com .hotproxies.com .top-proxies.com .listofproxies.com .topproxylist.com .proxyring.com .lushdxb.com .birthdaytime.com .mobilemoney.com .kproxy.com .masalaguru.com .masalaindia.com .masalaforum.com .lbnlive.com .google.com/mail/ .movies.yahoo.com .orkut.com .raaga.com .timesjob.com .jobsahead.com .monster.com .jhoos.com .thecinema.in .clickjobs.com .6sos.com .123greetings.com .myfuncards.com .egreetings.com .fropper.com .maalaimalar.com .jeevansanthi.com .simplymarry.com .matrimonials.com .careerenclave.com .500papers.com .sgeek.com .lifepartnerindia.com .geekinterview.com .behindwoods.com .aboutjobs.com .timesmatri.com .cinemanow.com .match.com .xradio.com .puretracks.com .emusic.com .mixplay.com .43things.com .friendsmahal.com .jeevansanti.com .masalapunch.com .yourspic.com .shaadi.com .onlymasti.com .desihotmasala.com .techinterview.com .threenineconsulting.com .birthdayalarm.com .amateurmatch.com .actressphoto.com .indianactress.com .friednster.com .dinamalar.com .cricinfo.com .cricbuzz.com .xxx*.com .employment.com .sex*.com .*sex.com .jobstreet.com .sunporno.com .exploitedbabysitters.com .imlive.com .sapphicgirlmovies.com .drm-fetishes.com .sextracker.com .xxxoracle.com .pornmoviesparadise.com .sexlist.com .el-ladies.com .musicgiants.com .idiatimes.com .jobsinthemoney.com .insightexpressai.com .desibaba.com .dailythanthi.com .photobucket.com .sinekithan.com .puretamil.com .employmentguide.com .cyberbrowse.com .musicnet.com .movielink.com .songtouch.com .youtube.com .smashits.com .foxsports.com .interviewcorner.com .newinterviewquestions.com .songsforteaching.com .musicmatch.com .21.com .freelotto.com .desimartini.com
# TAG: http_access
# Allowing or Denying access based on defined access lists
# And finally deny all other access to this proxy

http_access allow localhost
http_access deny badsites

http_access deny adult_sites

http_access deny download_sites
http_access deny denyfiletypes
http_access deny block
http_access deny restricted-sites

# And finally deny all other access to this proxy

http_access deny all
561,27-33 12%

============================================================================
============================================================================

#Iptables configuration#


Next, I had added following rules to forward all http requests (coming to port 80) to the Squid server port 3128 :

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to 192.168.1.100:3128

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128


Note:

here "eth0" has ip 192.168.1.100 ----> Lan ---> squid prxy configure in this ip only...

and "eth1" has static ip ----> Internet


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Plz any one help me..how to block sites...
 
Old 01-08-2009, 05:17 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
the allow for our_networks will override everything below it. move it to the bottom above the deny all
 
  


Reply

Tags
linux


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Squid to block all the sites except 1 or 2 sites winxandlinx Linux - Networking 8 10-27-2010 03:53 AM
Squid (Blocking tunneling sites) suhas! Linux - Server 4 03-30-2007 03:41 PM
squid url_regex is not blocking the sites nsampath Linux - Server 3 03-29-2007 06:04 AM
Squid Error while blocking sites winxandlinx Linux - Networking 15 06-29-2006 09:32 AM
controlling access through squid( blocking all sites except for one) jomy Linux - Networking 1 12-15-2004 07:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 12:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration