I have encountered a problem using squid, I am currently configuring my squid to deny all http and https except 1 external dst ip address which I will use to connect trough RDP, how can I configure my squid with what I want to accomplish?
View 1 RepliesI have a server running both apache2 (default port) and squid (3128 port) I set an squid ACL so my LAN 192.168.1.0 gets filtered. ok all works fine except for external web petitions. When i try to access my web server from the outside, using my public ip, i get a SQUID DENIED. i guess that is because in squid ACL's there is something like: http_access all deny at the end of the file. How can i allow external petitions to my web?
View 4 Replies View RelatedI am going to configure squid in my linux box.I have different kinds of ranges in my office.The default is as under
Code:
acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks
can I add my own ranges as
Code:
acl our_networks src 10.1.60.0/24 10.1.70.0/24 10.0.80.0/24 10.1.90.0/24 10.1.100.0./24
http_access allow our_networks we have divided according to floors ,like 1st floor ip range is 10.1.60.0 2nd floor 10.1.70.0 ,third 10.1.80.0 and so on. All IP ping each others successfully.
I'm trying to use Squid to restrict web access on the computers of my LAN. All of the computers are using static IP address and we use our firewall to deny all HTTP access except for the proxy machine so everyone needs to go through the proxy to access the web.
Most of of the computers have access to websites that are listed on a white list that I called "goodsites". I have a range of IP address that I listed in a file called "super_users". These IP adresses are able to access everything except sites that I have put in a black list called "badsites".
I would like to restrict the use of audio/video streaming for all the IP adresses including the super_users. So far I have been able to effectively block streaming for all the IP addresses except the super_users that are able to bypass this restriction.
Here is the transcript of my squid.conf file:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
[Code]....
I am using Squid server on my Red Hat Linux machine.Squid is functional and clients are access through proxy.I want to ask that if I want to open my squid.conf file for any changes should i first stop squid and then do the changes .
View 3 Replies View RelatedHow to deny download some file types on squid ?
I tried below in my squid.conf
acl blockfiles urlpath_regex -i "/etc/squid/src/blockfiles"
http_access allow localnet freesites !blockfiles
and in my /etc/squid/src/blockfiles
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
.[Rr][Aa][Rr]$
I still able to download
I have Squid Version 3.0 PRE5 installed on debian etch.Howto exclude some URL from the proxy caching at squid.conf ?
View 5 Replies View RelatedI have just installed Squid proxy. i also use WPAD to deploy policies for all client. Both works well together. Now i want to configure firewall Juniper SSG140 will be deny all request from client to access internet and redirect to Squid. I mean deny HTTP & HTTPS except Squid (port 3128), even i want to all access to internet have to through Squid proxy. I don't expert about the firewall Juniper. May i know step by step configure it.
[URL]
I am using denyhosts on a server so in a config file/etc/denyhosts.confthe following value is setQuote:DENY_THRESHOLD_INVALID = 3which as per their configuration file saysQuote:
DENY_THRESHOLD_INVALID: block each host after the number of failed login
# attempts has exceeded this value. This value applies to invalid
# user login attempts (eg. non-existent user accounts)
[code]...
i have just install Sarg-2.2.3.1.tar.gz but When finished compiled i cannot see sarg.conf (in directory /etc/.. or /etc/httpd/conf.d). May i know where is it.?? I'm not sure compiler which it's work good or not good. Some logs show in here:
Quote:
[root@proxy sarg-2.2.3.1]# make install
cp sarg /usr/bin/sarg
chmod 755 /usr/bin/sarg
cp sarg.1 /usr/local/man/man1/sarg.1
chmod 755 /usr/local/man/man1/sarg.1
[Code]...
I just want to allow only some udp ports and deny all tcp access as my script below:
Code:
# Generated by iptables-save v1.3.5 on Sun May 8 17:33:16 2011
*filter
[code]....
I have read the man files on hosts (deny/allow) and think I understand how they are supposed to work but reality has proven me wrong.
My simple test case was to add "ALL: ALL " to the end of hosts.deny which I though should make the Internet not work. I can still look up hosts fine so apparently I don't understand these files or Ubuntu is ignoring them.
This is my hosts.deny file
Code:
Code:
and hosts
Code:
hosts.deny is the only file I have edited (so far)
Here's the issue: from time to time I have to take away my son's access to the internet, so I exclude his laptop from my wireless Linksys router. Works like a charm, or it did until he discovered that my neighbor also has a wireless router, and hasn't secured it.
So my son sits in the corner of the house closest to my neighbor and uses their internet.
Is there any way I can tell his laptop to NOT access a particular router? Or even better, to only access my router?
I am a newbie in Linux. I have Fedora 13 OS 32 bits. I am working with PowerDNs and Poweradmin. How can I configure this with PowerDNS?
1. Allow localhost recursion but deny recursion to external clients. Is there a tutorial for that?
2. Set up cache nameserver for localhost (like caching-nameserver in Bind).
Is there a tutorial for that?
3. My Master Server with PowerDNS is working well from localhost but external clients cannot access it.
I have iptables with these rules:
[Code]....
I have a Samba share that contains a symbolic link and when I try accessing it from the WinXP machine it denies permission. If I access it from the Linux account, it goes in with no problems. Is there a certain setting that needs to be set or enabled or is this just one of those things with Samba?
View 5 Replies View RelatedI'm setting up Ubuntu Karmic on my sister's old computer for my nephew, he's quite young so my sister asked to install some content filtering. I'll first setup an OpenDNS account and I've installed and managed to get dansguardian and squid working on a virtual machine to try it out. so far it's working pretty well, but I need to secure it form the inside out.
I was thinking of blocking specific outbound ports so he could not bypass the proxy. because by default the firefox configuration can be easily changed. so I have a couple of questions.
1. is it possible to block outgoing ports on Ubuntu?
2. is that the best method?
3. is there anything else I should be aware of to prevent subversion?
lastly, this question is probably unrelated to this board but I've set up a cron job to update a dynamic ip with OpenDNS, the problem is that the password is in clear text in the user's crontab, can I play with permissions? is it possible to run the job under a root account and deny read/write access to a normal user?
I have Ubuntu (running Jolicloud) on my HP dv2000 laptop, connected to my Sony AV Receiver through HDMI to use the TV as an external monitor. However, the resolution seems to be slightly off as the outer edges of the screen are cut off. Is there a way to fix this by editing the xorg.conf file? My current setup is below. I tried adding the line "Virtual 1244 700" to the subsection "display", but when I restarted it threw me into low graphics mode. Is there anything else I can try?
I also tried setting up the resolution at 1920x1080 on the TV and kept the default resolution on the monitor as 1280x800, and as you would expect displays the entire desktop in a smaller version on part of the tv. However, the desktop is still offset, leaving the top and left margins cut off. So, perhaps I need a way to offset the screen? Is this possible in xorg.conf?
I am using squid to controlling access to the internet all is working fine expect one of the user who is using outside organization portal to connect internet. But whenever he tries to enter in the portal by typing (EXAMPLE)url. Permission denied error from squid occur.
How can i allow this portal in squid. So squid will allow this to access.
I can connect to the internet and browse. I'm wired and using DHCP on a Windows network. Updating Ubuntu or downloading programs takes hours for 52MB of updates. Why? I read some articles that mention Network Manager needs to be enabled at the .conf file. Can I edit this using GUI or command line only?
View 9 Replies View RelatedMy squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedI would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies View RelatedI've been scanning the apache2 docs for the past few days and have not come up with an answer my following issue:
In my httpd.conf file, at the very end, I have the line
Include conf/vhosts/vhost_*.conf
However, when I run apache checkconfig or try to start apache, it gives me the error:
httpd: Syntax error on line 993 of /etc/httpd/conf/httpd.conf: Could not open configuration file /etc/httpd/conf/vhosts/vhost_1.conf: Permission denied
It appears as if the Include line is correct - in terms of it grabbing the first virtual host conf file. However, I'm confused on the permissions. the /etc/httpd folder is owned by root:root, as are the subfolders. As a test, I chown'd the conf/vhost folder combination and all the vhost files to apache:apache to see if that made a difference, and it appeared to make no difference at all. The log files don't contain anything (assumed because apache isn't starting). If I place the contents of the vhosts in a singular vhosts.conf it works - with the permissions set to root:root. I'd like to avoid having to use one vhosts conf for the configuration I'm trying to achieve - as it would make my life a lot easier.
phpmyadmin files are in usr/share/phpmyadmin but i cant find anything in my apache2.conf or httpd.conf files that point to that directory.How do I find the route taken from the Server root "ServerRoot "/etc/apache2"" to the phpmy admin files.
View 5 Replies View RelatedI have used nVidia my entire linux life (about 5 years clean and sober from M$). Recently, I have switched over to an ATI Radeon HD 5550 card. After many trial and error setups, I finally got the resolutions and screens set properly with a xrandr command, which I have now added to a shell script in ~/.kde4/Autostart. It has worked for me for a while now, but I really would like to get it set in the xorg.conf.d files so that I don't have to wait that extra few seconds after login for the screens to fix themselves.
Is there an easy way to take what xrandr does and export it to the xorg.conf.d files? If my video card recognizes my default monitor as DFP2 and the tv that I only sometimes use with this computer as DFP1, how can I ensure that the login screen for openSUSE/KDE4 appears on my default screen (an issue that drove me nuts a few months ago when I tried Ubuntu to see what all the fuss was about)?
My xrandr command that I use to fix it all is:
xrandr --output DFP2 --auto --pos 0x0 --primary --output DFP1 --auto --right-of
I am using the proprietary Radeon driver from the ioda repository. DFP2 is a monitor which has a optimum resolution of 1920x1200, and DFP1 is an 1080p HDTV. I can not reverse the output plugs for the screens even though my monitor is an HDMI monitor because I use the actual HDMI port on the video card to output audio to the television and the other plug is a DVI that I convert to HDMI for the monitor.
I'm trying to set up samba. I am editing the smb.conf.master file, and then using the testparm -s "smb.conf.master > smb.conf" command to make the smb.conf file. I am running this command as root. However, the smb.conf is not updating with the changes I am making. Does anyone know why? It just stays the same no matter what I change. The only way to change it is to edit the smb.conf file itself.
View 1 Replies View RelatedHow can I configure proFTPd to deny all unless:User is part of group: ftpguysClient IP matches either: 1.1.1.1 or 2.2.2.2 or 3.3.3.3I already have the config file (proftpd.conf) setup to only allow users who are part of the group ftpguys. To do that I use this:
Code:
<Limit LOGIN>
AllowGroup ftpguys
[code]...
I have a VPS. I intend to use it as a squid server. I need to know how to configure Squid so it works as a simple proxy server. Don't need authenication etc.
View 1 Replies View RelatedI've setup Squid - DHCP - Transparent Proxy with the following
eth0 = connected to internet
eth1 = connected to lan. (192.168.1.1)
[code]....
in my office i have to block all messenger like yahoo messenger, windows live messenger, i have to block websites like www.yahoo.com, some more web sites. i need guidance through which i can accomplish this task through ip tables or through squid server. i can use squid but i had heard that squid blocks pop and smtp also. squid creates some problem in receiving and sending email. i am using red hat linux 4 box and installed squid having two ethernet card 1 is connected to adsl line and 2 is connected to switch. all clients will have proxy address of this linux box. guys need ur help ASAP.
View 2 Replies View RelatedI am using Squid as a proxy server red hat Linux.I want to block some specific web sites like facebook,..... under squid .Please guide me that how can i do it and under which header should i write the script ?
View 14 Replies View Related