I'm using squid for proxy server in FC6. I'm also using squidGuard for web-site access restriction. I want to do some exception now for website access. For example, squid user1 with ip 192.168.7.10/32 shoud not access facebook.com while all other squid users with ip 192.168.7.11/32, 192.168.7.9/32 and so on... can access facebook.com since facebook.com is not listed in squidGuard .db files
View 1 RepliesI have configured squid proxy on centos 5.5 and some of my squid.conf file has following lines
Code:
http_access allow ncsa_users office
There are 3 users called "user034, user035 and user050" in the /etc/squid/squid_passwd file need to restricted access to internet except sites www.abc.com form anywhere in the lan. Once they logged in any ip, rule should apply.(that means no ip related acl, only user name related) How can I configure this in squid.
We have a sipmle office network set up that we also use use to connect to the internet, however of late the number of users has increased thus slowing internet access. Bandwidth upgrade is not an option thus i have to do bandwidth shaping on our linux router. The question is how do set the squid configs to allow certain IP's range a certain percentage bandwidtheg 60% and furthe divide the rest. Alternatively how can allow certain IPs to have higher bandwidth access.
View 1 Replies View RelatedI am using squid to controlling access to the internet all is working fine expect one of the user who is using outside organization portal to connect internet. But whenever he tries to enter in the portal by typing (EXAMPLE)url. Permission denied error from squid occur.
How can i allow this portal in squid. So squid will allow this to access.
I am facing problem to access my network PC's and even ping. My network scenario is as follows. I am using squid 2.6 stable 21 on RHEL5. all other PC's on network (OS is Windows XP Professional SP2) are connected to internet through squid, authentication is ON on squid. All PC's on network (Win XP Systems)are assigned IP statically and Default Gateway is set which is Squid's IP. I want to access these PC's (Win XP Systems) mean share data between them. The problem is that i am unable to access and even ping these PC's.
View 2 Replies View RelatedI am using internet web control through squid... All is working fine only some little bit issues.
(1) Sometime when i tried to open google.com or any site I got message (The requested URL could not be retrieved) Screen Shot Attached.) but again after sometimes same websites will open.
url
(2) I would like to block word 'sex'.. So I have edit squid.conf with the following acl
acl Blockword url_regex sex
http_access deny Blockword
but problem occur in some websites where 'sensex' word found in url. Then squid block 'sensex' url content website also..
I have configured my squid that have a limited access to websites but still some website were accessable vis https so I removed transparent from squid. Now what changes do I have to make in iptbles
View 1 Replies View RelatedI'm trying the tail -f 172.16.X.XX /var/log/squid/access.log to view the sites requested by the client ip 172.16.X.XX but the result is it still open all the ip's requesting for the internet access. is there any tail commands that can monitor only the specific IP address requesting for internet access.
View 2 Replies View RelatedHow to give full access for the particular ipaddess in squid. and how to give particular website access to the particular ipaddress.
View 4 Replies View RelatedI'm using Sun One LDAP server, (Soon to be moving to openldap). I have one Master server, no slaves, about 60 user accounts.
I'd like to add an attribute to each of the users DN's to restrict there ability to login to specific hostnames. I.e. I have hosts A, B and C. Dev staff can access A and B, but not C, and support staff need to access all of them.
I found a link at [url] which talked about using 'hostsallowedlogin' and 'hostsdeniedlogin' attributes but I'm presuming these are bespoke. If they are, how do you configure the ldap.conf to take note of these attributes when authorizing access?
We have a system with 1 GB memory. Out of this, i would like to restrict only 512MB for linux and would like to access the rest 512MB directly from an application that runs on linux.
What is the suggested means to achieve this on 2.6.x?
I'm fairly new to Linux and very new to Squid and am having authentication issues! I am using Oracle Enterprise Linux (which is basically Red Hat without the branding) and wanting to use Squid Proxy Server for web access with authentication to Active Directory. I've found a number of articles about this online and all of them say to use auth program squid_ldap_conf which should be in /usr/lib/squid/. I don't have a squid directory in /usr/lib for starters and my squid binaries are in /etc/squid but there is no squid_ldap_conf in there either. I have installed the latest version of Squid (3.0) to see if that helped but I still cannot find the authorisation program.
View 3 Replies View RelatedThe network in my company use Squid Proxy serveto browse internet.Browser is IE or Firefox, and OS is Windows XP.The company need to use a new software for work, but the software don't have function that can configure Proxy server to connect to Server outside.I don't want to NAT port on router because I cannot control the traffic.Is there any software same as Proxy Client ... installed on Windows XP?My idea is that the software same as ISA server - ISA client
View 1 Replies View RelatedI am using Squid Server from last 5years. There is a site "http://www.firstflight.net", which was accessible before few days but now I am unable to access this site. If I use IE8 then getting below error:
"Internet Explorer cannot display the webpage"
Or using Google chrome getting error:
"This webpage is not available The webpage at http://www.firstflight.net/ might be temporarily down or it may have moved permanently to a new web address. Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error."
But other sites are working fine..
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
due to low disk space there arose a problem. Now I re-installed Debian along with winXP as dual boot. XP works as it was before. but i can't open Linux. When i select Debian on boot-select page, Debian starts but stuck at a point as shown below:
check root= boot arg cat/proc/cmd line
or missing modules,devices:cat/proc/modules ls/dev
ALERT!/dev/sda3/doesnot exist. Dropping to shell;
Busy Box v1.1.3(Debian 1:1.1.3-4) built-in shell(ash)
Enter 'Help' for a list of built-in commands.
/bin/sh: Can�t access tty; job control turned off.
(intramfs)
i hv searched a lot but couldn't come up with a correct solution.i tried editing the grub by pressing 'e' when grub is displayed and added the line acpi=off irqpoll and then start booting. but the result was same.
i have a xeon machine with ubuntu os machine specification is 3gb RAM 3 scsi hard drives each 73gb it have two ethernet cards one ethernet card is connected with adsl modem and the second is connected with LAN. now what is mikrotik doing for me is control access to bind mac adress with ip adress and control the band width for induvisual conection.
View 2 Replies View RelatedI've set up Ubuntu 9.04 (desktop) at home in a lab environment (workgroup rather than domain) and have configured Squid. Everything works fine but, when I took it to the next level and made the proxy transparent, my problems began. I can still access sites (having pointed the XP Pro client to the squid box as the DG) and the sites are logged in /var/log/squid/access.log but I am unable to use Outlook to access my SMTP and POP3. I guess that the setup is blocking ports 25 and 110 and I'll need to configure iptables to forward packets destined for these ports directly to the "real" DG, rather than the Squid box. Here's the set up:
A single NIC (eth0) on 172.19.0.250 / 16 (static) ADSL router ("real" DG) on 172.19.0.1 I executed iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 My squid.conf:
Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
acl localnet src 172.16.0.0/12# RFC1918 possible internal network
acl mynet src 172.19.0.0/16
[Code]....
i m using squid for internet sharing, i am facing problem while accessing public ftp, therer is no problem in accessing local ftp, but if try to access public ftp like ftp://125.125.20.2 i am getting error
' An FTP authentication failure occurred while trying to retrieve the URL: ftp://125.125.20.3/
Squid sent the following FTP command:
PASS <yourpassword>and then received this reply User anonymous cannot log in.Your cache administrator is root.'
if i try to access local ftp ' ftp://10.185.200.12' getting no error
I have installed the squid server on my centos system. I want to access the squid on GUI mode.
View 3 Replies View Relatedi am monitoring access log messages in squid proxy server,can it possible to get date,time,day in access logs is it possible
View 2 Replies View Relatedi just implemented ur instruction n got success but i have one problem that i want to provide only two or three web sites access to groups in squid.
View 1 Replies View RelatedIs there any way to delete squid proxy access logs. e how can the access logs be deleted
View 6 Replies View Relatedi have been studying linux for 3 month ,so i have solved some problems related with server part.The problem i have is the squid access.Can I allow some IP's to download files on squid.I mean i already give access to download by reply_body tag,andwant to give permission only one specific IP for unlimit access to download.Is there any solution
View 3 Replies View RelatedCentos 5.4 distro using on remote machine. I have remote site where internet access given via squid proxy. So when we enter in browser it start working internet fine. But on command line (bash shell prompt terminal) like wget, ping, nslookup, traceroute etc., these commands does not work.
View 6 Replies View RelatedI've a SQUID proxy server installed in SUSE 9.0 ES server. I've created cache dirs on seperate partitions for better caching. Its working fine. But since last 15-20 days, i've experienced very slow net access to clients. I've gone through the /var/log/messeges file, it generates a two line error messeges
client read request fd602 invalid request
parse http request: unsupported method;HET
This messege increases as the number of clients increates (for internet access). The apperance of error messege lowering down as soon as the number of clients reduces.
As the count of clients increases error messeges increases, internet access getting slower and slower.
My company is using Squid Proxy 2.6 for internet connection. Recently we implement a Webmail system. This is the link [URL] can access it using computer directly connect to internet but those using Squid Proxy are unable to Login although the login screen appear. Is this cause by the squid.conf setting or something else?
View 1 Replies View RelatedI need to analyze the squid access log file for the purpose of my research.For that I need to obtain some correlation among time and the web site visited, machine ip and the web site name etc.It's better if I can draw a graph by analyzing the log file . I found some log analyzers but it didnt provide this.I need to obtain some cor-relation from this log file .
View 1 Replies View RelatedI'm trying to recreate a simple script I wrote to parse out the access.log to get a rough idea of websites that users are going to on our corp network. The issue I'm having is I want to pull out any line from access.log that ends in .com/ .org/ .net/ or whatever to only see what the user entered into the address bar and drop pictures, js's and everything else and log only this. so what I do is :awk '{print $8} | grep -e '[cong]|[ore]|[mgtv][/]'$ and nothing happens.I know there is an easier way to do this with awk alone,
View 8 Replies View RelatedI'm running a squid proxy in my ubuntu server, and I must have mess it up with the squid configuration. Users, cannot, access https pages. Can you tell me what to change in my squid.conf, so, to fix this?
Here is my squid.conf (witch is a friends conf, that i have change for my needs...)
Code:
http_port 8888
#http_port 3128
icp_port 3130
acl QUERY urlpath_regex cgi-bin ?
code....