Search squid archive

Re: cannot block a particular website

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Mayuresh M Murkunde wrote:

Hi all


I want to block site over my network, but i'm unable to do it...


1)google chat
The simple acl said that it would be be blocked throgh acl statements,
But that never helped me, finally i took the help of host file and solve the
problem.
I edited a host file, made a following entry
127.0.0.1       chatenabled.mail.google.com
And now its working as i had required.


2)www.nseindia.com & online vedio cliping sites like youtube.com and others.
I'm not finding a proper solution for blocking this particular sites...
I'm pasting my squid configuration file.


I see your problem immediately.

Firstly - *_access are checked in sequence with first match being used.

Secondly - "deny !x"  means immediately deny everything not listed in x

Between those two details you should be able to see the problem also.

Try replacing all your twisted http_access with these (in this order):

  acl nseindia dstdomain .nseindia.com
  acl youtube dstdomain .youtube.com


  http_access allow manager localhost
  http_access deny manager

  http_access deny !Safe_ports
  http_access deny CONNECT !SSL_ports

  http_access allow office
  http_access deny google_block
  http_access deny nseindia
  http_access deny youtube
  http_access allow our_networks

  http_access deny all
OR if you don't like the length of the allow our_networks line you could use: 



<snip extra config>


acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0

# this is to block the sites, lets c how it works
acl go4_sites dstdom_regex -i "/etc/squid/blocked/bsite.acl"
acl go2 url_regex -i ^http://www.nseindia.com/


eww, DONT use regex unless you absolutely have to have a regex expresion.
The above is better done with a 'dstdomain' ACL:

      acl nseindia dstdomain .nseindia.com


<snip lots of broken http_access design>


visible_hostname linux


This should be a FQDN  ie linux.example.com



httpd_accel_host linux
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
Hmm, squid 2.5 config. If you need transparency upgrade to 2.6, much easier and better for it. 


logfile_rotate 9

deny_info ERR_BLOCKED_FILES f29
deny_info ERR_BLOCKED_FILES junklist

#acl denydomain dstdomain talk.google.com
#http_access deny denydomain


yep another useless http_access line.

<snip final config details>


HTH
Amos
[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux