Search squid archive

Re: setting up different filtering based on port number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Mon, 15 Feb 2010, Amos Jeffries wrote:
On Sun, 14 Feb 2010 18:21:25 -0600 (CST), Al - Image Hosting Services
<azick@xxxxxxxxxxxxxxxxxxxx> wrote:
Hi,

I know that this is a little bit off topic for this list, but I asked on

the squidguard list and they said that I need to run 2 instances of
squid.
I know that squid can listen on 2 ports very easily, and I have setup
squid to listen on 2 different ports. Port 8080 uses squidguard to
filter,
but port 8081 doesn't. What I would really like to be able to do is to
have less restrictive filtering on port 8081. For example, I would like
to
block youtube on port 8080, but not on port 8081. Still I would like to
be
able to block porn on port 8081. Could someone give me some assistance
on
how to do this or point me to a how to?

Best Regards,
Al

Use of the "myport" ACL type and url_rewrite_access to prevent things
being sent to the squidguard re-writer.

http://www.squid-cache.org/Doc/config/url_rewrite_access/

I should have explained that differently, so I will give it another try.

This is what I have in my squid.conf now:

acl custom-auth proxy_auth REQUIRED
acl mysite dstdomain .zickswebventures.com
acl portA myport 8080
acl portB myport 8081
url_rewrite_access allow portA
url_rewrite_program /bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 3
http_access allow mysite
http_access allow custom-auth all
http_access deny all

It works perfectly, requests sent to portA are filtered and requests that are sent to portB are not, but I need to add sort of an intermediate level of filtering.

Solution 1: It looks like squidguard can filter based on IP. If I created a portC in squid.conf, should I be able to add this to my squidguard.conf:

     src portC {
	 ip	   0.0.0.0:8082
     }

     src portA {
	 ip	   0.0.0.0:8080
     }

My question is, does squid pass the port along with the IP address to squidguard? If it does, then is my config wrong or does squidguard just not know what to do with the port information?

Solution 2: Call 2 instances of squidguard with a different config. Although, I don't know if this is possible without knowing more about how squid passes information to squidguard.

Solution 3: Create a blocklist within squid of maybe 5 to 30 sites, so my squid.conf would like:

acl custom-auth proxy_auth REQUIRED
acl mysite dstdomain .zickswebventures.com
acl block dstdomain .facebook.com .twitter.com
acl portA myport 8080
acl portB myport 8081
acl portB myport 8082

url_rewrite_access allow portA portB
url_rewrite_program /bin/squidGuard -c /etc/squid/squidGuard.conf
url_rewrite_children 3
http_access allow mysite
http_access allow custom-auth all
http_access deny all

Of course, the blank line is where I would need to tell squid to redirect to the the zickswebvenutres.com/blocked.html if it sees a one of the urls being blocked, but only on portA. Could this be done?

Best Regards,
Al



[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux