Search squid archive

Re: Blocking Orkut (https problem)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Palula Brasil wrote:

Here is the config for my acls:

acl all src 0/0
acl minha_rede src x.x.x.x/24 (My LAN IP's)
acl lan_bloqueada src "/etc/squid/int_blocked_ips.acl"
acl lan_liberada src "/etc/squid/int_permit_ips.acl"
acl bad_strings url_regex -i "/etc/squid/bad_strings.acl"
acl bad_ips dst "/etc/squid/bad_ips.acl"
acl bad_sites dstdomain "/etc/squid/bad_sites.acl"
acl bad_files urlpath_regex "/etc/squid/bad_files.acl"
acl good_strings url_regex -i "/etc/squid/good_strings.acl"
acl good_sites dstdomain "/etc/squid/permitted.acl"
acl unproductive dstdomain "/etc/squid/unproductive.acl"
acl unprod_strings url_regex -i "/etc/squid/unprod_strings.acl"
acl trabalho time MTWHF 12:00-13:30
acl nao_trabalho time SA
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl ssl_ports port 443 563
acl CONNECT method CONNECT

acl safe_ports port 80          # http
acl safe_ports port 21          # ftp
acl safe_ports port 443         # https
acl safe_ports port 563         # snews
acl safe_ports port 70          # gopher
acl safe_ports port 210         # wais
acl safe_ports port 1025-65535  # unregistered ports
acl safe_ports port 280         # http-mgmt
acl safe_ports port 488         # gss-http
acl safe_ports port 591         # filemaker
acl safe_ports port 777         # multiling http

And here is the order of the ACL's

#http_access deny lan_bloqueada
http_access deny bad_sites !good_sites
http_access deny bad_strings !good_strings
http_access deny bad_ips
http_access deny bad_files
#http_access deny trabalho !nao_trabalho unproductive
#http_access deny trabalho !nao_trabalho unprod_strings
http_access deny CONNECT !ssl_ports
http_access allow safe_ports
http_access allow manager localhost
http_access deny manager
http_access allow minha_rede

http_access deny all

The place where I put orkut to be blocked is in the bad_sites acl.
Thank you.
Can you give an example of the bad_sites file? Are you specifically blocking www.orkut.com or are you blocking .orkut.com (note the leading period)? Are you sure it's not also in the good_sites file?
Also, you might want to change the "http_access allow minha_rede" to "http_access deny !minha_rede" and put it above any of the "http_access allow" lines. Otherwise, "http_access allow safe_ports" matches will let anyone surf to sites that are not explicitly blocked regardless of where they are coming from. 

Chris
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux