|
Hi, Don’t know if what I want to do is even possible but here is the situation. I have Squid set up on my QNAP NAS. It is running fine. I am using it with the blacklist and sites get blocked as they should. However there a number of sites that
I do not want blacklisted so I thought I’d set up a whitelist for them. What I did was to add an include statement to the squid.conf file. The included file has the directives for the whitelist. Here are my config files. Squid.conf # The user name and group name Squid will operate as cache_effective_user httpdusr #cache_effective_group everyone # # Recommended minimum configuration: # # Auth Method # #auth_param basic program /usr/local/squid/libexec/basic_ncsa_auth /usr/local/squid/etc/ac
#auth_param basic program /usr/local/squid/libexec/basic_pam_auth #auth_param basic program /usr/local/squid/libexec/basic_getpwnam_auth auth_param basic program /usr/local/squid/etc/auth.py auth_param basic children 5 auth_param basic realm QNAP Proxy Server auth_param basic credentialsttl 2 hours # Example rule allowing access from your local networks. # Adapt to list your (internal) IP networks from where browsing # should be allowed acl localnet src 10.0.0.0/8 # RFC1918 possible internal network acl localnet src 172.16.0.0/12 # RFC1918 possible internal network acl localnet src 192.168.0.0/16 # RFC1918 possible internal network acl localnet src fc00::/7 # RFC 4193 local private network range acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines acl allnet src all # All Net acl SSL_ports port 443 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl CONNECT method CONNECT include /usr/local/squid/etc/acl.conf include /share/CACHEDEV1_DATA/UserData/Configs/Proxy/whitelist.conf
ß-------- I added this line acl snmppublic snmp_community public snmp_port 3401 snmp_access allow snmppublic all acl ncsa_users proxy_auth REQUIRED external_acl_type unix_group %LOGIN /usr/local/squid/libexec/ext_unix_group_acl -p acl group_administrators external unix_group administrators acl nas_user proxy_auth admin # # Recommended minimum Access Permission configuration: # # Only allow cachemgr access from localhost http_access allow manager localhost http_access deny manager #Set the acl http_access using acl.conf #DO NOT MODIFY THIS PART # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on "localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # include /usr/local/squid/etc/acl_http.conf #http_access allow allnet ncsa_users #http_access allow allnet group_administrators #http_access allow allnet nas_user http_access allow allnet #http_access deny allnet # And finally deny all other access to this proxy http_access deny all # Squid normally listens to port 3128 http_port 3128 #Forward #http_port 3129 intercept #Transparent # We recommend you to use at least the following line. # Uncomment and adjust the following to add a disk cache directory. cache_dir ufs /share/CACHEDEV1_DATA/.qpkg/ProxyServer/opt/var/cache 10240 16 256 cache_mem 64 MB maximum_object_size_in_memory 16 KB minimum_object_size 0 KB maximum_object_size 2097152 KB cache_swap_low 90 cache_swap_high 95 # Leave coredumps in the first cache dir coredump_dir /share/CACHEDEV1_DATA/.qpkg/ProxyServer/opt/var/cache #access_log /share/CACHEDEV1_DATA/.qpkg/ProxyServer/opt/var/logs/access.log #####access_log udp://127.0.0.1:514 access_log none #cache_log /usr/local/squid/var/logs/cache.log #cache_store_log /usr/local/squid/var/squid/logs/store.log # mime_table /usr/local/squid/etc/mime.conf pid_filename /usr/local/squid/var/run/squid.pid diskd_program /usr/local/squid/libexec/diskd unlinkd_program /usr/local/squid/libexec/unlinkd icon_directory /usr/local/squid/share/icons err_page_stylesheet /usr/local/squid/etc/errorpage.css error_default_language en-us error_directory /usr/local/squid/share/errors/en-us icap_enable off icap_send_client_ip on icap_send_client_username on icap_client_username_header X-Authenticated-User icap_service service_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_req allow all icap_service service_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav adaptation_access service_resp allow all url_rewrite_children 50 url_rewrite_program /usr/local/squid/squidGuard/bin/squidGuard -c /usr/local/squid/squidGuard/conf/squidGuard.conf # Add any of your own refresh_pattern entries above these. refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 whitelist.conf acl whitelist dstdomain "/share/CACHEDEV1_DATA/UserData/Configs/Proxy/whitelist.txt" http_access allow whitelist whitelist.txt .mohegansun.com Thanks Don |
_______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
