November 24, 2024, 07:19:57 PM

News : LinuxSolved.com Linux Help Community Forum..


Author Topic: Granting access to only some select sites  (Read 15964 times)

Offline jimmy

  • New Member
  • Posts: 3
Granting access to only some select sites
« on: December 04, 2004, 11:53:18 AM »
hi,

I'm new at Linux, I've installed RedHat 9 on my server and Squid is running as the Proxy server for my client computers. I used to run the server on WinXP with a Firewall and a Proxy server , granting access to only some sites with the "permitted sites" list in the Proxy server. But since I've intalled linux I can't do that anymore. I'd like to block all sites except for some . . . can anyone help me with this ?

I've learnt , . . . to block sites

acl badURL url_regex -i <urls xxxx xxxx xxxx xxxx xxxx>
http_access deny badUrl
http_access allow myNet
http_access deny all

to block all sites can I use *.com *.net sort of expression to define sites with .com, .net extensions to be blocked ?

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
sure!
« Reply #1 on: December 06, 2004, 05:02:51 PM »
You can create 1 file like badsites.txt, for example.  Then in your acl rules, create a new acl for this file like this(only these 2 lines):

acl badsites src "/etc/squid/badsites.txt"
http_access deny badsites

http_access allow localnet
http_access allow localhost
http_access deny all

Offline jimmy

  • New Member
  • Posts: 3
Granting access to only some select sites
« Reply #2 on: December 07, 2004, 05:26:04 AM »
Thanks for the reply but I want to block all websites and allow only some few. . . can i do it with something like this

acl goodsites src "/etc/squid/goodsites.txt"

http_access deny !goodsites


And how do I enter the sites in the .txt file
Is it something like this

.yahoo.com or *.*.edu or *.gov ?  :?:   :roll:

Thank you! again

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
Granting access to only some select sites
« Reply #3 on: December 07, 2004, 12:28:26 PM »
This rule is bad

http_access deny !goodsites

The "!" symbol means an exception.  The right way to use it would be:

http_access deny badsites !goodsites.  Wich means, squid will deny access to sites include in some badsites file except the files include in some goodsites file.

It's very easy to create and edit text files with a powerfull tool called VI.  Vi is the main editor for Unix systems and Linux and it comes in all distributions.  The following link has an extend documentation about how to use VI such as commands and other stuffs:

http://thomer.com/vi/vi.html

If you want to allow browsing for only some sites, simply create a file like goodsites.txt and then add the following lines to your squid.conf

acl good src "/etc/squid/goodsites.txt"
http_access allow good

All sites not include in this file will be block for access to the internet.

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
Granting access to only some select sites
« Reply #4 on: December 07, 2004, 12:32:27 PM »
i forgot!

To put the sites into the .txt file you can add urls and domains like this:

www.yahoo.com
yahoo.com
yahoo.com/chat/maint.html
etcetera....

Offline sathish

  • Linux Learner
  • ***
  • Posts: 73
squid - accessing specific sites
« Reply #5 on: December 15, 2004, 09:01:08 PM »
Quote from: "lsantana"
acl good src "/etc/squid/goodsites.txt"
http_access allow good. All sites not include in this file will be block for access to the internet.

Hai lsantana !!

I am running my distro with redhat9.0, the above rule i have added in squid.conf.. to open only specific sites that i have mentioned in goodsites.txt files, but I am able to browse all sites.. which i have not mentioned in the goodsites.txt file.

my purpose is to block all sites,except the sites wat i have mentioned in goodsites.txt.

you have told in the previous thread that  :- All sites not include in this file will be block for access to the internet.

plz can you give me step by step how to do this ??


Thanks

Sathish

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
Granting access to only some select sites
« Reply #6 on: December 16, 2004, 12:40:46 PM »
could you put your complete acl rules to check it out?  There will be something wrong like a bad acl applied.

Regards

Offline sathish

  • Linux Learner
  • ***
  • Posts: 73
squid
« Reply #7 on: December 16, 2004, 02:23:03 PM »
Quote from: "lsantana"
could you put your complete acl rules to check it out?  There will be something wrong like a bad acl applied.

Regards

Hello ,

here is my complete squid.conf.. plz let me know where i am going wrong

http_port 192.168.1.1:3128
icp_port 3130
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
cache_mem 64 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB
cache_dir ufs /var/spool/squid 4500 16 256
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^gopher: 1440 0%  1440
refresh_pattern . 0 20% 4320
acl good src "/etc/squid/goodsites.txt"
http_access allow good
acl all src 0.0.0.0/0.0.0.0
acl localnet src 192.168.1.0/255.255.255.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
http_access allow manager localhost
http_access allow localnet
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny all
http_access allow localhost
http_access deny all
http_reply_access allow all
icp_access allow all
coredump_dir /var/spool/squid
visible_hostname ezlinuxserver

in the goodsites.txt file - i have included the following websites www.google.com and www.alltheweb.com

Thanks... plz let me know ASAP.

Sathish

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
Granting access to only some select sites
« Reply #8 on: December 16, 2004, 02:39:23 PM »
mmmm the problem is that the acl localnet is overwriting your goodsites rules.
You can test this:

Delete the goodsites acl.  Create a denysites file an put the corresponding acl before the first http_access line:

acl bad src "/etc/squid/denysites.txt"
http_access deny bad
http_access allow manager localhost
http_access .....
......
....
http_access deny all

Probe with an url you want to deny.  This may be work!
This is another way because you are denying access to some sites while the other could be browse.

Offline sathish

  • Linux Learner
  • ***
  • Posts: 73
squid deny sites
« Reply #9 on: December 17, 2004, 08:11:04 AM »
Quote from: "lsantana"
mmmm the problem is that the acl localnet is overwriting your goodsites rules.
You can test this:

Delete the goodsites acl.  Create a denysites file an put the corresponding acl before the first http_access line:

acl bad src "/etc/squid/denysites.txt"
http_access deny bad
http_access allow manager localhost
http_access .....
......
....
http_access deny all

Probe with an url you want to deny.  This may be work!
This is another way because you are denying access to some sites while the other could be browse.


hai

You mean i wan to create denysites.txt

and put those websites in denysites.txt that I don't want to browse sites.. like porno, mp3 websites.. whichever the sites.. i don't like

let me know

sathish

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
Granting access to only some select sites
« Reply #10 on: December 17, 2004, 01:00:23 PM »
Exactly.  Put all undesired sites in the file to block them.

Offline jimmy

  • New Member
  • Posts: 3
Thank you!
« Reply #11 on: December 20, 2004, 12:37:25 PM »
Thank you! , . . .  to all of u who posted any message in this topic


i was away for my vacation and was unable to read all this while i was away  . . !

U'll try all those tips today  . . . .  and post the results tomorrow  . . .

Thank you! again . . .

pssst . . . . the Firehouse concert was great . . though I like Metallica . . !

Offline lsantana

  • Linux Noob !
  • *
  • Posts: 26
Granting access to only some select sites
« Reply #12 on: December 20, 2004, 02:44:35 PM »
welcome back jimmy

Regards!!!