On 2/03/2012 11:37 p.m., J. Bakshi wrote:
Hello list,
I have a debian server which works as a gateway as well as web server of our organization.
We use the web server as local web development server. Hence the gateway and the web-server IP is same.
I like to restrict some internet sites where squid becomes very handy. I have two problems here.
[1] Can I configure squid such a way where it just operates on WAN ethernet card,
Please explain a bit about what you mean by "operates on WAN ethernet
card". The card does not run software, so you can't be meaning the
obvious interpretation.
without any
required settings from user-end ?
Yes. But _how_ depends on where the users are.
So users can browse the locally available sites without any
modification at network settings and when they go to internet the squid comes in between and
restrict the defined sites ?
I'm reading that as saying the users are internal. So you want Squid
operating with both forward-proxy and interception proxy mode ports.
Here is the recommended network configuration for a gateway proxy such
as yours. These guidelines are designed for minimal trouble both to
users and to network admin
http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers#Recommended_network_configuration
Each of the layers has different ways to configure bypasses for your
local servers. Although Squid can act as a reverse-proxy to them easily.
So you may not in the end want to do any bypass.
[2] can I restrict the sites based on time ? Say youtube is again available after 7 pm ?
Once the traffic is in the proxy, yes. With limitations. Namely that
ACLs are only tested at certain points of the transaction, such as when
a new request is made. A transfer which is already happening when your
time boundary changes from allowed to denied will not be stopped. Only
new ones started during the deny period
Please give some focus on these issues as I have little knowledge about squid.
The place to start getting to know Squid is
http://wiki.squid-cache.org/SquidFaq
Enjoy
Amos
