Monday, December 9, 2013

About Squid

www.unixbabuforum.inI want to block orkut.com and some sexy site in squid,also i want to give access orkut.com for some IP ,suggest ASAP.


www.unixbabuforum.inSquid is capable of reading files containing lists of web sites and/or 
domains for use in ACLs. 
Follow the following steps to configure squid to deny a set of sites. 
1. create a file and add all the domains which you want to block in the 
file (one domain in a line) (ex - /etc/restricted.squid) 
2. Add the following entries in the squid.conf file. 
acl restricted_sites dstdomain "/etc/restricted.squid" 
http_access deny restricted_sites 
3. restart squid. 

www.unixbabuforum.inITtoolbox redhat-lI would begin by creating an ACL or two like this near the top of my squid configuration file. 
acl sex url_regex -i "/etc/squid/sex-sites.list" 
acl safesites url_regex -i "/etc/squid/safe-sites.list" 
acl directaccess url_regex -i "/etc/squid/direct-access.list" 
acl restrictsites url_regex -i "/etc/squid/restrict-sites.list" 
First one is a file that lists all known sex sites. Second is a list of known safe sites. Third is a file that lists websites I allow direct access to without any authentication (i.e. Bank sites, Microsoft Updates, etc). And finally, restrict-sites.lst is a list of all known sites I want to restrict from use by general populous. 
Now we create two ACLs for allowing or disallowing certain IP addresses. 
acl unlimited src 192.168.0.123/32 192.168.0.124/32 
acl my_net src 192.168.0.1/24 
The ACL named unlimited gets unrestricted access to the internet and my_net is limited to sites listed in safe-sites.list by the following rules. 
http_access allow unlimited 
http_access allow directaccess 
http_access allow my_net safesites 
http_access deny restrictsites 
http_access deny sex 
List these in the exact order within your configuration file and it should ensure admins listed under "unlimited" get full unrestricted access to the internet, followed by unrestricted access by all to known good sites that you don't want to authenticate. The fourth line above is what determines whether specific users have access to sites like orkut.com. Remember to listorkut.com as a site in the restrict-sites.lst file. Here is an example of one of my .lst files. 
# safe-sites.lst: 
.competencynavigator.com 
.symantec.com 
.stgeorge.com.au 
.x-rates.com 
One suggestion I will make is research hooking into ldap to restrict squid access based on ldap groups rather than IP addresses, as IPs will change in a DHCP environment. If your IP addresses are static the above setup should work, but it is still recommended to use ldap for a username and password based authentication. 
www.unixbabuforum.inmake a file named deny and accept and make some config change in squid.conf 
file

0 comments:

Post a Comment

 
Design by BABU | Dedicated to grandfather | welcome to BABU-UNIX-FORUM