Site filtering issue I am having issues with filtering of my websites. I have setup squid 2.6.STABLE17 over a Fedora 8 machine. Below is my squid.conf file. Squid seems to log all sites that are going out from other stations but does not filter and of the sites. They all go through. My denied_domains.acl has .youtube.com .hotmail.com .live.com But these sites don't seem to get blocked out. I had also issues this command thinking that it was to do with Iptables iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.1.1:3128 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 Initially squid wouldn't work; everything would be blocked so I disable the firewall which allowed access. SO I put a custom allow to port 3128 which opened it up but to all sites. -------------- squid.conf -------------- visible_hostname vanderpolgroup http_port 3128 maximum_object_size 32768 KB maximum_object_size_in_memory 128 KB cache_mem 256 MB cache_dir ufs /var/spool/squid 70000 32 512 cache_access_log /var/log/squid/access.log cache_log /var/log/squid/cache.log acl all src 0.0.0.0/0.0.0.0 acl manager proto cache_object acl localhost src 127.0.0.1/255.255.255.255 acl our_network src 192.168.10.0/24 acl to_localhost dst 127.0.0.0/8 acl SSL_ports port 443 # SSL acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 563 70 acl CONNECT method CONNECT acl custom_allowed_domains dstdomain "/etc/squid/allowed_domains.acl" acl custom_denied_domains dstdomain "/etc/squid/denied_domains.acl" acl ads_blacklist dstdom_regex "/etc/squid/blacklist/ads/domains" acl aggressive_blacklist dstdom_regex "/etc/squid/blacklist/aggressive/domains" acl audio-video_blacklist dstdom_regex "/etc/squid/blacklist/audio-video/domains" acl drugs_blacklist dstdom_regex "/etc/squid/blacklist/drugs/domains" acl gambling_blacklist dstdom_regex "/etc/squid/blacklist/gambling/domains" acl hacking_blacklist dstdom_regex "/etc/squid/blacklist/hacking/domains" acl mail_blacklist dstdom_regex "/etc/squid/blacklist/mail/domains" acl porn_blacklist dstdom_regex "/etc/squid/blacklist/porn/domains" acl proxy_blacklist dstdom_regex "/etc/squid/blacklist/proxy/domains" acl redirector_blacklist dstdom_regex "/etc/squid/blacklist/redirector/domains" acl spyware_blacklist dstdom_regex "/etc/squid/blacklist/spyware/domains" acl suspect_blacklist dstdom_regex "/etc/squid/blacklist/suspect/domains" acl violence_blacklist dstdom_regex "/etc/squid/blacklist/violence/domains" acl warez_blacklist dstdom_regex "/etc/squid/blacklist/warez/domains" acl networking_blacklist dstdom_regex "/etc/squid/blacklist/networking/domains" http_access allow manager localhost http_access deny manager http_access deny !Safe_ports http_access deny CONNECT !SSL_ports http_access allow our_network http_access deny all icp_access allow all #miss_access allow all http_access allow custom_allowed_domains http_access deny custom_denied_domains http_access deny ads_blacklist http_access deny aggressive_blacklist http_access deny audio-video_blacklist http_access deny drugs_blacklist http_access deny gambling_blacklist http_access deny hacking_blacklist http_access deny mail_blacklist http_access deny porn_blacklist http_access deny proxy_blacklist http_access deny redirector_blacklist http_access deny spyware_blacklist http_access deny suspect_blacklist http_access deny violence_blacklist http_access deny warez_blacklist http_access deny networking_blacklist cache_mgr abc@xxxxxxx Thanks Sheldon
