Quote:
Originally Posted by hhhrrrzzzzzzzzz
Code:
acl lan123 src 192.168.200.0/24 #client acl for the lan
acl lan123 src 192.168.1.0/24 #client acl for the lan
acl lan123 src 192.168.5.0/24 #client acl for the SSL VPN
###
###
#------------------------- HSE -------------------------------------
acl lan_hse src 192.168.1.0/24
acl hse_den dstdomain hse24.aps.de
deny_info http://itv.mit-xperts.com/hbbtvtest/ lan_hse
#deny_info http://192.168.1.11/hbbtv/index.html lan_hse
http_reply_access deny hse_den lan_hse
#-------------------------------------------------------------------
acl lan_rtl src 192.168.1.0/24
acl den_rtl dstdomain .digitaltext.rtl.de
acl den_rtl dstdomain hbbtv.prosiebensat1puls4.com
acl den_rtl dstdomain cdn.hbbtv.smartclip.net
acl den_rtl dstdomain connect.media-broadcast.com
acl den_rtl dstdomain hbbtv.rtl2.de
acl den_rtl dstdomain hbbtv.zdf.de
acl den_rtl dstdomain itv.ard.de
acl den_rtl dstdomain orfhbbtv.orf.at
acl den_rtl dstdomain static-cdn.arte.tv
#deny_info http://hbbtv-apps.redbutton.de/e-feed/index.html? lan_rtl
deny_info http://hbbtv.qvc.de/v2/hbbtv_qvc_app/index.php lan_rtl
http_reply_access deny den_rtl lan_rtl
#-------------------------------------------------------------------
acl badsites2 url_regex -i ad1.adfarm1.adition.com
acl badsites2 url_regex -i vt.adition.com
acl badsites2 url_regex -i googleads4.g.doubleclick.net
acl badsites2 url_regex -i ad.doubleclick.net
acl badsites2 url_regex -i s306.meetrics.net
####
acl badsites url_regex -i adserver.idg.de
acl badsites url_regex -i adserver.powerlinks.com
acl badsites url_regex -i pagead2.googlesyndication.com
acl badsites url_regex -i ^http://video.n-tv.de/.*/opener.*.mp4 #funktioniert
acl badsites url_regex -i ^syndication.exosrv.com
acl badsites url_regex -i ^main.exosrv.com
acl badsites url_regex -i .*/adcontrol/adcontrol.min.js
acl badsites url_regex -i track
acl badsites url_regex -i tracker
acl badsites url_regex -i tracking
acl badsites url_regex -i piwik
acl badsites url_regex -i ^http://.*/interne_messung/.* #funktioniert
acl badsites url_regex -i ^http://.*AdServer.* #funktioniert
acl badsites url_regex -i mobileads.msn.com
acl badsites url_regex -i ad-js.chip.de
acl badsites url_regex -i adx.chip.de
acl badsites url_regex -i ref=
acl badsites url_regex -i ^.firethepixel.click. #funktioniert???
acl badsites url_regex -i ^http://tracker..*.de
acl badsites url_regex -i trackmedia101.com
acl badsites url_regex -i linktrack.* #funktioniert
acl badsites url_regex -i slashdotmedia.com
acl badsites url_regex -i offerzone.click
acl badsites url_regex -i mobileofferplace.site
acl badsites url_regex -i analytics.edgesuite.net
acl badsites url_regex -i pixel.jpg #funktioniert
acl badsites url_regex -i triptease.net
acl badsites url_regex -i telemetry
acl badsites url_regex -i Analytics
acl badsites url_regex -i global.ssl.fastly.net/ad2
acl badsites url_regex -i fastly.net/ads
acl badsites url_regex -i track.gif
acl badsites url_regex -i blank.gif
acl badsites url_regex -i ping.gif
acl badsites url_regex -i ^http://.*sensic.net*
acl badsites url_regex -i adbroker
acl badsites url_regex -i trck.gif
acl badsites url_regex -i amazonaws.com/homad
acl badsites url_regex -i partners.webmasterplan.com
acl badsites url_regex -i clkde.tradedoubler.com/click?p=
acl badsites url_regex -i piwikext
acl badsites url_regex -i adfarm
acl badsites url_regex -i nuggad.net
acl badsites url_regex -i theadex.com
acl badsites url_regex -i doubleclick.net
acl badsites url_regex -i schneevonmorgen.com
acl badsites url_regex -i akamai.net
acl badsites url_regex -i exoclick.com
acl badsites url_regex -i exosrv.com
acl badsites url_regex -i syndication.exosrv.com
acl badsites url_regex -i static.exosrv.com
acl badsites url_regex -i ads.exosrv.com
acl badsites url_regex -i contentabc.com
acl badsites url_regex -i juicyads.com
acl badsites url_regex -i adsrvr.org/track
acl badsites url_regex -i videos.gamona.de/homad
acl badsites url_regex -i homad
acl badsites url_regex -i advertising
acl badsites url_regex -i advertisement
acl badsites url_regex -i webtrekk
acl badsites url_regex -i utm_source=taboola
acl badsites url_regex -i referral
acl badsites url_regex -i amazon-adsystem.com
acl badsites url_regex -i amazon.de
acl badsites url_regex -i amazon.at
acl badsites url_regex -i amazon.com
acl badsites url_regex -i amazon.co.uk
acl badsites url_regex -i api.amazon.de
acl badsites url_regex -i awin1.com
acl totalfail dstdomain prodcache.internal.ihg.com
acl totalfail dstdomain googleads.g.doubleclick.net
acl totalfail dstdomain doubleclick.net
acl totalfail dstdomain oewabox.at
acl totalfail dstdomain oewabox.de
acl totalfail dstdomain otaserve.net
acl totalfail dstdomain exosrv.com
acl totalfail dstdomain nexus.ensighten.com
acl totalfail dstdomain ad.yieldlab.net
acl totalfail dstdomain doubleclick.net
acl totalfail dstdomain ads.yahoo.com
acl totalfail dstdomain tag.yieldoptimizer.com
acl totalfail dstdomain secure.analytics.ihg.com
acl totalfail dstdomain demdex.net
acl totalfail dstdomain addthis.com
acl totalfail dstdomain scorecardresearch.com
acl totalfail dstdomain adform.net
acl totalfail dstdomain adsrvr.org
acl totalfail dstdomain adtech.de
acl totalfail dstdomain rackcdn.com
acl totalfail dstdomain visualwebsiteoptimizer.com
acl totalfail dstdomain google-analytics.com
acl totalfail dstdomain googleadservices.com
acl totalfail dstdomain ioam.de
acl totalfail dstdomain visualrevenue.com
acl totalfail dstdomain smartadserver.com
acl totalfail dstdomain adtech.de
acl totalfail dstdomain example.com
acl totalfail dstdomain crashlytics.com
acl totalfail dstdomain settings.crashlytics.com
acl totalfail dstdomain adjust.com
acl totalfail dstdomain lp4.io
acl totalfail dstdomain plista.com
acl totalfail dstdomain awin1.com
acl totalfail dstdomain adclear.teufelaudio.at
acl totalfail dstdomain visualrevenue.com
acl totalfail dstdomain chartbeat.com
acl totalfail dstdomain oewabox.at
acl totalfail dstdomain msads.net
acl totalfail dstdomain rad.msn.com
acl totalfail dstdomain advertising.com
acl totalfail dstdomain hitwebcounter.com
acl totalfail dstdomain fiksu.com
acl totalfail dstdomain mbdn.de
acl totalfail dstdomain himediads.com
acl totalfail dstdomain msftncsi.com
acl totalfail dstdomain emjcd.com
acl totalfail dstdomain dotomi.com
acl totalfail dstdomain jdoqocy.com
acl totalfail dstdomain csi.gstatic.com
acl totalfail dstdomain anrdoezrs.net
acl totalfail dstdomain lmgtfy.com
acl totalfail dstdomain l2.io
acl totalfail dstdomain glomex.com
acl totalfail dstdomain adservice
acl totalfail dstdomain analytic
acl totalfail dstdomain analytics
acl totalfail dstdomain analyze
acl totalfail dstdomain tracking
acl totalfail dstdomain adproxy
acl totalfail dstdomain advertisement
acl totalfail dstdomain track
acl totalfail dstdomain hbbtv-track
acl totalfail dstdomain pixel
acl totalfail dstdomain AdServer
acl totalfail dstdomain 1pix
acl totalfail dstdomain undefined
acl totalfail dstdomain trck
acl totalfail dstdomain *dcd.trk.sensic.net
acl totalfail dstdomain tvTrackGA.js.min.js
acl totalfail dstdomain amazon.de
acl totalfail dstdomain Amazon.at
acl totalfail dstdomain Amazon.com
acl totalfail dstdomain amazon.co.uk
acl totalfail dstdomain api.amazon.de
acl totalfail dstdomain assoc-eu.associates-amazon.com
acl totalfail dstdomain tracking.krone.at
acl totalfail dstdomain celera-trk.krone.at
acl totalfail dstdomain awin1.com
acl totalfail dstdomain rubiconproject.com
#-----------
acl block_tld dstdomain .to .xxx .jo .tr .il .qa .kw .sa .ga .gg .ly .vu .la .men .loan .gq .cf .ml .top .work .click .tk .gdn .fit .world .ryukyu .life .desi .okinawa .webcam .reise .racing .science .stream .site .download .accountant .xyz .link .win .bid .club .country .date .faith .kim .ninja .party .review .rocks .space .zip
http_access deny block_tld
deny_info TCP_RESET block_tld
#-----------
http_access deny totalfail
deny_info TCP_RESET totalfail
deny_info TCP_RESET badsites
deny_info TCP_RESET badsites2
deny_info TCP_RESET banned_machines_dom
deny_info TCP_RESET dstdomain
http_reply_access deny badsites lan123
http_reply_access deny badsites2 lan123
#-------------------------------------------------------------------
acl banned_machines_dom dstdomain "C:/squid/etc/domains.deny"
http_access deny banned_machines_dom
http_reply_access deny banned_machines_dom
#-------------------------------------------------------------------
acl banned_machines dstdomain "C:/squid/etc/ip.deny"
http_access deny banned_machines
http_reply_access deny banned_machines
#-------------------------------------------------------------------
acl banned_machines_kowabit dstdomain "C:/squid/etc/kowabit.deny"
http_access deny banned_machines_kowabit
http_reply_access deny banned_machines_kowabit
###########
acl Bad_ports port 1-79
acl Bad_ports port 81-442
acl Bad_ports port 444-2709
acl Bad_ports port 2709-4069
acl Bad_ports port 4071-45000
http_access_deny Bad_ports # 80 & 443 all else from 1-45000 blocked
this is one filter in the main file.
|
No, that's an ACL for Squid...which **AGAIN** can be copied to Linux. And **AGAIN** you only need to change the paths from something like "C:/squid/etc/ip.deny" to "/etc/squid/ip.deny".
Not sure what you're having problems with.