Search squid archive

Re: allow certian user ips to access only 2 domains and disallow everything

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hey Simon,

 

I have seen these websites and it seems that some content which is used in them is from CDNs or other domains.

It’s very important to include specific domains like in the url:

https://code.jquery.com/jquery-3.3.1.min.js

 

For these sites to work properly.

 

You can try to run a more complex config which can or might take into account the Referrer header in the Request

It will probably only work if SSL bump is configured in your setup and it’s not the most secure way to allow sites.

I am only offering this as a it can be limited to specific domains such as cdns or specific hosted services.

 

All The Bests,

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd@xxxxxxxxx

 

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of simon ben
Sent: Friday, October 16, 2020 12:21 PM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: allow certian user ips to access only 2 domains and disallow everything

 

I have squid running perfectly fine on centos 7 64 bit with no issues

I want to allow certain user ips to access a few sites and block everything else so below is the config

the sites are 

1) paloaltonetworks.com

2) redcloak.secureworks.com

 

in squid.conf

-------------------

acl userlist src "/etc/squid/userlist"

acl sitelist dstdomain "/etc/squid/sitelist"

http_access allow userlist sitelist

 

-------------------

 

user list file has the ips

-----------

192.168.62.128

192.168.62.1

192.168.62.129

192.168.61.1

192.168.62.130

192.168.62.3

192.168.61.128

172.16.120.160

------------------------------

 

site list file has the sites

----------------------------------------

.paloaltonetworks.com

.secureworks.com

baladia.xdr.eu.paloaltonetworks.com

identity.paloaltonetworks.com

login.paloaltonetworks.com

assets.adobedtm.com

redcloak.secureworks.com

 

------------------------------------------------

 

I see that the first page and some links are working but some do not . also there is a huge deny logs in squid access logs

appreciate if you can advise me on how i can have the above access list so as to have minimum denies when being accessed from the above ips

 

 

Thanks and Regards

 

 

simon  

 

 

 

_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux