General :: Internet Access Restrictions With Squid?
Dec 30, 2010
I am using internet web control through squid... All is working fine only some little bit issues.
(1) Sometime when i tried to open google.com or any site I got message (The requested URL could not be retrieved) Screen Shot Attached.) but again after sometimes same websites will open.
url
(2) I would like to block word 'sex'.. So I have edit squid.conf with the following acl
acl Blockword url_regex sex
http_access deny Blockword
but problem occur in some websites where 'sensex' word found in url. Then squid block 'sensex' url content website also..
View 2 Replies
ADVERTISEMENT
May 31, 2011
I have a work network of about 20 boxes most of which are running Windows 7 and one of them is a file server using linux and another is Windows server 2003. Now the local IP is distributed by the router, and no regulation of internet access is done by any of the servers.What I need to do is restrict internet access to select domains, which would probably need DHCP through linux(I think, not really sure), and I need something simple like a 'blabla.conf' file with the allowed websites that I can edit. need to know how to regulate IP addresses through the linux box (all details if possible, I never tried to do that before), and how to restrict internet access also through linux.
View 4 Replies
View Related
May 31, 2011
I am using Squid Server from last 5years. There is a site "http://www.firstflight.net", which was accessible before few days but now I am unable to access this site. If I use IE8 then getting below error:
"Internet Explorer cannot display the webpage"
Or using Google chrome getting error:
"This webpage is not available The webpage at http://www.firstflight.net/ might be temporarily down or it may have moved permanently to a new web address. Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error."
But other sites are working fine..
View 3 Replies
View Related
Jun 11, 2010
I have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
View 2 Replies
View Related
Dec 29, 2010
I am using squid to controlling access to the internet all is working fine expect one of the user who is using outside organization portal to connect internet. But whenever he tries to enter in the portal by typing (EXAMPLE)url. Permission denied error from squid occur.
How can i allow this portal in squid. So squid will allow this to access.
View 1 Replies
View Related
Apr 28, 2010
Centos 5.4 distro using on remote machine. I have remote site where internet access given via squid proxy. So when we enter in browser it start working internet fine. But on command line (bash shell prompt terminal) like wget, ping, nslookup, traceroute etc., these commands does not work.
View 6 Replies
View Related
Jul 24, 2010
I've a SQUID proxy server installed in SUSE 9.0 ES server. I've created cache dirs on seperate partitions for better caching. Its working fine. But since last 15-20 days, i've experienced very slow net access to clients. I've gone through the /var/log/messeges file, it generates a two line error messeges
client read request fd602 invalid request
parse http request: unsupported method;HET
This messege increases as the number of clients increates (for internet access). The apperance of error messege lowering down as soon as the number of clients reduces.
As the count of clients increases error messeges increases, internet access getting slower and slower.
View 1 Replies
View Related
Apr 4, 2010
Slow access to web site using squid and Internet explorer.I am trying to troubleshoot an issue I am stuck on. We have a website that is loading .htm documents extremely slow when using Internet Explorer 8 behind Squid. When we bypass the proxy and go directly out to the internet all is fast and pages load fine.But when the proxy is on documents will take sometimes up to 6 minutes to load.This issue is only apparent using Internet explorer 8.I do not see the issue when using firefox with Squid.I have tried to use the no_cache directive thinking it may have been the cache but that didn't work either.I am attaching our access.log, store.log and squid.conf.
View 2 Replies
View Related
Jun 16, 2009
I have installed debian to run Squid cache as a caching proxy.
Ive been bashing away now for 2 days and i have managed to install squid (i first tried manually, but that did not work so i used synaptic software packager to install it (from Administration menu)
That went well, thereafter i installed webamin to work with squid in a GUI
I have managed to start squid and added my range of IP addresses to the ACL list
I have added the proxy restriction too.
Now, i tried to test it.
I opened Iceweasel Web browser (on the same machine) and setit to use the Proxy server: localhost and port:3128
That works fine.
But when i try to change the proxy setting to my machines ip (where squid is installed) :
Proxy server: 10.0.0.35 and port:3128
That does not work.
Am i missing something, please help
I then tried to set another windows PC on the network to:
Proxy server: 10.0.0.35 and port:3128
That also does not work.
I also edited the conf file to http_access allow all, but i do not know if i have doen it correctly, but maybe there is another problem?
View 1 Replies
View Related
Aug 26, 2010
I have a linux box (fedora) with two ethernet cards eth1 and eth2. On eth1 I successfully configured a PPPOE internet connection. Such that from the server I can browse the internet. On eth2 I wired it to a wireless router essentially to provide the wireless cloud. On eth2 I also configured dhcp, such that the Linux box is both PPPOE and DHCP server.However my clients on the LAN cannot access the Internet.
On passing the routing command I get
Destination Gateway Iface
196.44.x.y 0.0.0.0 ppp0
192.168.1.0 0.0.0.0 eth2 (my subnet)
0.0.0.0 0.0.0.0 ppp0.
The router (functioning as a wireless access point mainly) has a fixed IP address of 192.168.1.2 and eth2 has IP address 192.168.1.1. The dhcp file running on Linux has been set with option router (Gateway) 192.168.1.1. I cannot figure out how to correctly set the routing table such that my clients on wireless can access the internet cloud. I googled and googled but no solid solution. Any suggestions?
View 3 Replies
View Related
May 3, 2011
How to create a user account on a Linux desktop machine with restrictions on connecting to the LAN, WAN, PCMCIA ports, Firewire, CDROM and generally any user controllable output options?
I have the task to set up a machine for users working with sensitive data that should not be leaving the machine where it is processed. This means disabling access to the ethernet device, lan, all other ports as mentioned earlier, and any other way of leaking the data.
In Mac OSX this was achieved using "Parental controls" from the System preferences; this even allows a selection of the applications that can be used. Under XP, Device Manager offers the option to click various devices and "Disable" them, which worked so far just fine. Some will point out that the latter mentioned OS may be easy to circumvent the security of in other ways, but that has been mitigated with other measures and it's not the point anyway. For the operator users in question, the aforementioned measure proved successful and worked.Using OSX and XP to do this was a 10-15 minutes job with testing included.
So far all guides and tutorials pointed to useradd, groups an facl, but in actual practical terms did not help at all, in fact most of the research did not render any practical results so far. I surely don't expect to point and click, and would gladly run a set of commands from CLI. If I had them. I would really would like to achieve the same restricted user account configuration in a concise, comprehensive and practical manner under Linux too. Preferably tested on humans before, and known to be workign, of course.
The machines that need to be set up are two laptops running Ubuntu. So how can this be accomplished in Linux?
View 6 Replies
View Related
May 28, 2010
I'm using squid for proxy server in FC6. I'm also using squidGuard for web-site access restriction. I want to do some exception now for website access. For example, squid user1 with ip 192.168.7.10/32 shoud not access facebook.com while all other squid users with ip 192.168.7.11/32, 192.168.7.9/32 and so on... can access facebook.com since facebook.com is not listed in squidGuard .db files
View 1 Replies
View Related
Aug 24, 2009
I have one Squid server which was configured to share internet on our networks192.168.20.0) PCs Serrver:192.168.20.25:8080It is working smoothly.Now my problem is that I has to configure one sub server that should allow internet to our 192.168.22.0 network with 3128 port. The sub server will get the connection from main server and it share the inter net to the internal network.
View 3 Replies
View Related
Jun 28, 2011
I am facing problem to access my network PC's and even ping. My network scenario is as follows. I am using squid 2.6 stable 21 on RHEL5. all other PC's on network (OS is Windows XP Professional SP2) are connected to internet through squid, authentication is ON on squid. All PC's on network (Win XP Systems)are assigned IP statically and Default Gateway is set which is Squid's IP. I want to access these PC's (Win XP Systems) mean share data between them. The problem is that i am unable to access and even ping these PC's.
View 2 Replies
View Related
Sep 23, 2010
I have configured my squid that have a limited access to websites but still some website were accessable vis https so I removed transparent from squid. Now what changes do I have to make in iptbles
View 1 Replies
View Related
Jun 20, 2010
I'm trying the tail -f 172.16.X.XX /var/log/squid/access.log to view the sites requested by the client ip 172.16.X.XX but the result is it still open all the ip's requesting for the internet access. is there any tail commands that can monitor only the specific IP address requesting for internet access.
View 2 Replies
View Related
Feb 15, 2010
How to give full access for the particular ipaddess in squid. and how to give particular website access to the particular ipaddress.
View 4 Replies
View Related
Jan 28, 2010
I'm fairly new to Linux and very new to Squid and am having authentication issues! I am using Oracle Enterprise Linux (which is basically Red Hat without the branding) and wanting to use Squid Proxy Server for web access with authentication to Active Directory. I've found a number of articles about this online and all of them say to use auth program squid_ldap_conf which should be in /usr/lib/squid/. I don't have a squid directory in /usr/lib for starters and my squid binaries are in /etc/squid but there is no squid_ldap_conf in there either. I have installed the latest version of Squid (3.0) to see if that helped but I still cannot find the authorisation program.
View 3 Replies
View Related
Feb 10, 2011
I've set up Ubuntu 9.04 (desktop) at home in a lab environment (workgroup rather than domain) and have configured Squid. Everything works fine but, when I took it to the next level and made the proxy transparent, my problems began. I can still access sites (having pointed the XP Pro client to the squid box as the DG) and the sites are logged in /var/log/squid/access.log but I am unable to use Outlook to access my SMTP and POP3. I guess that the setup is blocking ports 25 and 110 and I'll need to configure iptables to forward packets destined for these ports directly to the "real" DG, rather than the Squid box. Here's the set up:
A single NIC (eth0) on 172.19.0.250 / 16 (static) ADSL router ("real" DG) on 172.19.0.1 I executed iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 3128 My squid.conf:
Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
acl localnet src 172.16.0.0/12# RFC1918 possible internal network
acl mynet src 172.19.0.0/16
[Code]....
View 6 Replies
View Related
Dec 10, 2010
'm a bit familiar with Centos as I have set up few website on this environment but I have never actually installed, and especially, configure ftp server. Now I need to do this. Simply I need to be able to create an access account for a user and then restrict access to only one folder within the website (idea is to allow this user to upload images via ftp). I did google for ftp servers and read about vsftpd but I couldn't find any tutorial on how exactly make it work with folders and specific users.
View 3 Replies
View Related
Apr 21, 2010
I set some restrictions in /etc/pam.d/system-auth, but they don't seem to be affecting anything.
/etc/pam.d/passwd:
Code:
password required pam_cracklib.so retry=3 minlen=8
password required pam_unix.so md5 shadow use_authtok
/etc/pam.d/system-auth:
Code:
auth required pam_env.so
auth sufficient pam_unix.so likeauth nullok
auth required pam_deny.so
[code]....
View 3 Replies
View Related
Jan 14, 2010
I dont want to allow the user winny on saturday and sundays. I added the following line in the /etc/security/time.conf file.
login;*;winny;!SaSu0000-2400
Then i added the following line in the /etc/pam.d/login file.
account required pam_time.so
this is the first line of that login file. But if i tried to login with the username winny it allows me to get log in. Is anything has to be change?
View 14 Replies
View Related
Mar 25, 2011
i have jsut setup a kvm virtual machine on my server. to connect to the VM from outside of the network i use ssh tunneling. what i would liek to know is if there is any way to create a new user with jsut ssh access. i dont want people to be able to edit files in ~/ or such. jsut need the user to estabilish the connection to the server
View 1 Replies
View Related
Mar 25, 2011
Can I limit the system resources that a process can use on Linux? I want to configure the system to avoid that some specified processes use some system resources:
choose if a process is allowed to use network and Internet.
choose which files and folders that a process can read, write or execute.
choose if a process is allowed to use sound and graphics output, and printer.
choose the limit of memory that it can use.
View 2 Replies
View Related
Oct 23, 2010
I'm trying to change the restrictions to some normal text files and their result is not what is expected.
For example, when I put:
chmod 000 testfile.txt
on a file that is
-rwxrwxrwx,
it instead becomes
-r--r--r--.
It doesn't matter whether I do it with a root or the owner of the file, the result is the same.
Also, putting
chmod u-rwx testfile
results in the file becoming, again,
-r--r--r--.
Also, some doesn't have any effect, such as
chmod o-r testfile.
Even if I do this, the result is the same -rwxrwxrwx.
View 10 Replies
View Related
May 27, 2009
We have a sipmle office network set up that we also use use to connect to the internet, however of late the number of users has increased thus slowing internet access. Bandwidth upgrade is not an option thus i have to do bandwidth shaping on our linux router. The question is how do set the squid configs to allow certain IP's range a certain percentage bandwidtheg 60% and furthe divide the rest. Alternatively how can allow certain IPs to have higher bandwidth access.
View 1 Replies
View Related
Oct 24, 2010
I can not access internet with Linux. I enter password which I use for windows.
View 5 Replies
View Related
May 24, 2011
i m using squid for internet sharing, i am facing problem while accessing public ftp, therer is no problem in accessing local ftp, but if try to access public ftp like ftp://125.125.20.2 i am getting error
' An FTP authentication failure occurred while trying to retrieve the URL: ftp://125.125.20.3/
Squid sent the following FTP command:
PASS <yourpassword>and then received this reply User anonymous cannot log in.Your cache administrator is root.'
if i try to access local ftp ' ftp://10.185.200.12' getting no error
View 1 Replies
View Related
Aug 2, 2010
I want filter some sites on my network by squid .
My Distribution is suse server 11 squid 2.7
View 2 Replies
View Related
Jul 15, 2010
I changed my ISP recently, post which my LAN is not able to access the internet.I have 6 PCs in my LAN which run on Ubuntu 9.04 and 1 on Ubuntu 9.10 and one more on WindowsXP and these are connected to an Ubuntu 9.04 where the ISP pipe is terminated. The main PC is able to access internet and has IP of 192.168.1.xx series on eth1 on DHCP and eth0 is configured as 192.168.0.2
View 14 Replies
View Related