Search squid archive

Re: squid with dansguardian

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



hi Dave,

so, i changed the line

http_access deny myLan

to

http_access deny myLan all.

but it's the same behavior. Squid doesn't stop.

In the logs file there is 127.0.0.1 for every http request, what does it mean?



2013/10/8 Dave Burkholder <dave@xxxxxxxxxxxxxxxxxxxx>:
> There's no acl to deny in
>
> http_access deny myLan
>
>
> Try something like
>
> http_access deny myLan all
>
>
> Or you could try:
>
> acl fb dstdomain .facebook.com
> http_access deny mLan fb
>
> In your squid logs are you seeing the LAN IP address or 127.0.0.1 for every
> request? If the latter then you need the follow_x_forwarded_for that Amos
> mentioned.
>
> -Dave
>
>
>
>
> On 10/8/2013 2:13 AM, Stefano Malini wrote:
>>
>> Yes Dave,
>> in squid.conf i set
>> acl myLan src 192.168.1.0/24
>> and
>> http_access deny myLan
>>
>> to try if squid stops me but i can browse. I don't understand why
>>
>> My iptables rule:
>>
>> target     prot opt source               destination
>> REDIRECT   tcp  --  anywhere             anywhere             tcp
>> dpt:http redir ports 8080
>>
>> Dansguardian network config.
>>
>> # the port that DansGuardian listens to.
>> filterport = 8080
>>
>> # the ip of the proxy (default is the loopback - i.e. this server)
>> proxyip = 127.0.0.1
>>
>> # the port DansGuardian connects to proxy on
>> proxyport = 3128
>>
>> Squid
>>
>> acl myLan src 192.168.1.0/24
>> and
>> http_access deny myLan
>>
>> http_port 3128
>>
>> Dansguardian runs because it stops me browsing some blocked site! I
>> have to retry other times this evening.
>>
>>
>>
>> Amos thanks, I'll try this evening, i don't know that directive.
>>
>> 2013/10/8 Amos Jeffries <squid3@xxxxxxxxxxxxx>:
>>>
>>> On 8/10/2013 12:58 p.m., Dave Burkholder wrote:
>>>>
>>>> No squid is not bypassed.  The order flow is:
>>>>
>>>> Browser -> Dansguardian -> Squid -> Internet
>>>>
>>>> If you're wanting to limit access via squid ACLs, that's another aspect
>>>> altogether.
>>>>
>>>> acl myLan src 10.0.4.0/24
>>>>
>>>> http_access deny myLan all
>>>>
>>>>
>>>> Do you have something like that in squid.conf?
>>>
>>>
>>> Don't forget the follow_x_forwarded_for to determine what the client on
>>> the
>>> other side of DG is.
>>>
>>>    follow_x_forwarded_for allow localhost
>>>    follow_x_forwarded_for deny all
>>>
>>>
>>> Amos
>
>




[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux