Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 03-06-2007, 05:34 AM   #1
Registered: Jan 2007
Posts: 41

Rep: Reputation: 15
Question squid (proxy)server problem

hi friends,
i have installed REDHAT centos on my server.i set up the squid-2.5 STABLE as a proxy server on it.Now i have blocked many sites using this proxy server.but from the client side , if anyone access the site using the ip address of respective site, then client can aess the site easily.
i.e i have blocked using the proxy server, but suppose ip of is and if client want to access the then he can easily access using .
i want the sites which i have blocked using proxy server should not be accessed using their respective ip address also.
will u please help me to solve this problem?
Old 03-09-2007, 02:30 AM   #2
Registered: Oct 2006
Location: High Wycombe, Bucks, UK.
Distribution: Debian and Fedora Core in equal measure
Posts: 264

Rep: Reputation: 33
You need to set up your IPTables (probably using some firewall manager like shorewall) to redirect all port 80 (http) traffic to another port (generally 3128), then make Squid listen on 3128. You also have to set up squid as "transparent" (there are two different ways of doing this, depending on the version of squid you are using, see comments in /etc/squid.conf).

There are loads of howtos in google, try searching "squid transparent howto"

Old 03-09-2007, 05:36 AM   #3
Registered: Dec 2005
Location: South Africa
Distribution: CentOS,Ubuntu,Fedora
Posts: 249

Rep: Reputation: 30

This is rather difficult, as some of the most popular websites actually have a number of IP addresses, eg , hotmail has 6 IP addresses


Squid will in such case reverse lookup IP addresses, but this only works
when the IP is registered as the name of the site..

To fully block access to specific IP addresses you can use the "dst"
type ACL.

Old 03-09-2007, 11:53 AM   #4
Registered: Oct 2003
Location: USA
Distribution: Ubuntu
Posts: 216

Rep: Reputation: 30
If you do not want your squid proxy users to use ip addresses in their requests do the following:

acl IPForHostname dstdom_regex ~[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$
http_access deny IPForHostname
Just make sure to include that before the usual allow rules.

I can't take credit for that as I found it in the O'Reilly 'Squid book'
Old 03-09-2007, 10:25 PM   #5
Registered: Jan 2007
Posts: 41

Original Poster
Rep: Reputation: 15
Thumbs up

thank you very much,
the solution provided by you really worked fine and now i can easily restrict the users who tries to access sites by putting the ipaddress in the url.
Old 03-11-2007, 03:43 PM   #6
Registered: Oct 2006
Location: High Wycombe, Bucks, UK.
Distribution: Debian and Fedora Core in equal measure
Posts: 264

Rep: Reputation: 33

Sorry Guys, I got the completely wrong end of the question...embarrassed or what? Thanks to the other contributors for not saying what a *complete* mess I made of that.



filter, ipaddress, squid

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
squid proxy server configuration & distribution of internet without proxy gaurav_gupta082 Linux From Scratch 2 07-31-2010 11:25 AM
proxy server using squid j0hnd0e Linux - Server 1 10-19-2006 12:05 AM
Squid Proxy server help win2Linux Linux - Server 3 09-03-2006 09:53 AM
squid proxy server msound Linux - Networking 4 06-01-2005 11:59 AM
squid proxy server cmardhekar Linux - Newbie 0 09-29-2001 05:34 AM > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 08:52 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration