I am not sure whether it's possible or not. We running squid proxy server for our office. We restrict users using ACL to access the internet. There is some who do the followings:
1. Create a own proxy in there box who has the internet access.
2. Other users use those box as proxy and access to the internet.
I want to restrict some site (Social Networking) through my newly configured squid proxy. But It always allow those site How to block those site. My squid.conf file is configured as follow :-
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
[coder].....
i have squid 2.6 server running on rhel5. by default teamviewer access is deny. i want to allow access of teamviewer but not getting.
View 4 Replies View RelatedI can bypass our firewall in IE. They use wildcards, like 10*. I've tried 10.100.0/16, but am still getting to our firewall. How can I specify the correct settings for Firefox?
View 4 Replies View RelatedI know this isn't directly related to Ubuntu (even if the rest of my network is pure Ubuntu!), but I haven't had any luck uncovering this info through the usual channels. Does anyone know which port Android 2.2 on a VIA wm8650 uses to access the Internet? My Wifi is routed through a Linux firewall (Ipcop) which forces normal outbound Internet traffic via normal ports (80, 8080 etc) through the ipcop proxy, but the wm8650 somehow bypasses the proxy. I don't know whether I'm just missing the port the tablet is actually using.
View 1 Replies View RelatedIs it possible in Linux to restrict POP3 or IMAP for particular users.I need a confirmation on this, that it is possible or not in Linux.
View 3 Replies View RelatedI would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies View RelatedCurrently my DHCP Server is working now what i want to have is auto detection of squid proxy in any browser but I still got an error in my dhcp server when I restart it.
My Config:
# DHCP configuration generated by Firestarter
ddns-update-style interim;
ignore client-updates;
[code]....
I am trying to configure squid with Fedora 10 to use it as a transparent proxy webcache.Is there any good tutorial you would recommend to a novice?
View 1 Replies View RelatedI have 4 servers running squid/3.1.1 proxy server. Since the latest version I can no longer FTP. I have posted this problem in multiple places but have received almost no response. I've found several other post to this problem throughout the Internet which have also gone unanswered. So, once again, I thought I'd give it a try. As I said "I have 4 servers running the newest version of Squid". When I try to access an ftp, any ftp, I receive an error (check attached image). This was never a problem until just recently. Squid should work perfectly find with ftp, it is not a strictly http proxy.
I turned my firewall off just to make sure, still had the same issue. If I jump directly on the server itself with no proxy settings set in the browser it will work fine. As soon as I set the browser setting to access the Squid software I get the same error. I've included my squid config (which is unchanged from the default settings), maybe somebody better versed than myself can point out an obvious flaw. Everything else seem to work just fine, it's only FTP that's a problem.
I have a reverse proxy set up with squid. I'm going to try and explain what it's doing and I apologize for it being confusing, I'll do the best I can to describe my problem. First, it's for our phone system. We run a ShoreTel Voip system. The owner has decided he wants me to setup MCM (Mobile Call Manager), which from what I can see is an under developed, and almost impossible to get help with Shoretel software. But he's convinced he needs it for his Iphone. It's supposed to, in a nutshell, turn his Iphone into his work phone with all the advantages and doodads that come with it. Apparently, "they have an app for that". On the server side, I need to setup a reverse proxy back into the network on our phone server. Simple enough, I did this with squid. I used the following lines:
Code:
http_port 80 accel defaultsite=172.17.137.7
cache_peer http://172.17.137.7 parent 80 0 no-query originserver name=myAccel
acl our_sites dstdomain http://172.17.137.7
[code]....
Code:
always_direct allow all It most definitely is allowing traffic back to the phone server, the problem is, it hands out my internal server address to the outside client. So for instance, if I connect to the outside routable address with my phone, it will immediately change the url to http://172.17.137.7 which is the inside nat address of my phone server. Which of course doesn't work, since I couldn't browse to that address from the outside. It does however work from the inside of the network, obviously because 172.17.137.7 is accessible from the inside.
I've problem with configuring transparent proxy on Fedora v13 was checking with several examples, last one from here on router (cisco 1812) everything seems ok, think there is a problem with Linux
Squid machine and router 'see each other'
Code:
While try to open web page, on GRE there is:
Code:
But when want to see what hapenning in tunnel between router and squid - there nothing...squid configuration is ok - was checking before try to make it transparent.
My skill in fedora linux is all acquired by reading online and trial and error. I manage to set up my squid 3.0 proxy server in fedora 11. It is working smoothly as I wanted it to be. I have one client who is running bittorrent that drags all the bandwidth of our network.The problem is I cant make my server work tranparently. I want to make transparent proxy so that it can support my wireless router and I want to control the bandwidth to a fair level for everyone without them knowing.
Please somebody help me configure iptables in step by step, specifically in fedora 11. And all other necessary configuration needed to run my transparent squid 3.0 proxy in fedora 11.I know there's a lot of Linux Genius here that can help. Please help me I needed it badly.
My squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedI am using Fedora Core 9.0 and Squid Cache: Version 3.0.STABLE2 .
Now i am trying to use the squid as a proxy server but its not working its giving error like this ...
While trying to retrieve the URL: /
The following error was encountered:
Invalid URL Some aspect of the requested URL is incorrect.
Possible problems:
Here is my squid.conf
While trying to retrieve the URL: /
I have also try to forward the traffic coming on 3128 to 80 but its not working:
I am configuring a proxy server in my desktop, which in turn passthough a proxy ( parent proxy ). I have added following line for this
cache_peer proxy.tcs.com parent 8080 0 proxy-only default
But for parent proxy, we have to specify username and password in this line, I am confused here.
login=userassword | PASS | *assword
Here where I have to enter username and password ?
I have configured router(192.168.1.2) to serve only one machine with IP - '192.168.1.6' and set up SQUID proxy on '192.168.1.6'. I have defined some rules(ACL) regarding connections to internet on SQUID proxy.
I changed the Gateway of rest of machine (192.168.1.60 - 192.168.1.69) from '192.168.1.2' to '192.168.1.6'.
The policies which I defined in SQUID is working properly but 'Linux Evolution mail' client is not fetching mails.
Is I have to do any other settings on 'Linux System' or 'Evolution mail client'.
I have squid server running FC7. i have created a ncsa authentication for windows user to use internet through squid proxy.
My problem is that the each created user should be able to change their password.
- Is there a way, using NCSA authentication, to allow users to change their passwords?
- Is there a way to use windows AD password for squid authentication. if so how?
I have been trying to get Squid to work so that I can restrict access to a particular web site during certain hours every night. I can't seem to get it working, however. I am still able to access the site. The following are the relevant lines from my squid.conf file:
acl restricted-domain dstdomain "/etc/squid/denied_domains.acl"
acl test time 19:00-20:00
acl bedtime time 22:00-23:59
[code]...
i have seven department in my office. i want to restricte web sites for all the departments but not same web sites for all the departments i.e. different sites for different departments.i have no idea about this issue.
View 1 Replies View Relatedi have configured the squid for my lan. My lan has three redhat 5.3 web servers. Now by using proxy server, i wish to give access to external clients for my web server and restrict to local client, accessing wan through port 80
View 2 Replies View RelatedI've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies View RelatedI was just wondering how do i restrict someone from entering other files. Like other peoples files & the system files. My users are in /home/. I am running ubuntu 10.10.So how do i restrict access to other folders. Because i dont want other people looking inside others files or messing up my linux files.
View 3 Replies View RelatedHow would i go about restricting users to there home dir in sftp and in ssh so that they can not go poking about other dir and files thats above there home dir ?Operating systemCentOS Linux 5.4 Kernel and CPULinux 2.6.18-194.8.1.el5.028stab070.5PAE on i686
Also it will have to be a low resource usage as i dont have much memory on it
I want restrict telnet session to users.
That means the client login one user at a time. not multiple login.
For example:
I want restrict this. How to restrict one user to use multiple login.
I'd like to restricting my ftp users to access 1 particular folder.
we have a root folder called /home everyone has aces to that so they can operate.
but then there is /home/config how can i restrict certain users from access /config folder, since this is containing sensitive files I would like for no one else but my self to be able to access it.
How to prevent a user sending a mail to a particular user in an intranet mail server?I tried with /etc/mail/access file but could not.
View 4 Replies View RelatedI have a debian-based ftp server running that I have created a few user accounts on. I will have clients uploading files to the server via ftp soon, and I need a way to restrict their access to only their home folders. I am not familiar with chroot, but from what I read, it can be used to restrict a user to their home folder, and that sounds perfect. How can I do this?
View 4 Replies View RelatedIs it possible to restrict users with 'sudo' from accessing certain directories? Rather than just exclude cd and ls from the sudo privileges, that is.
View 5 Replies View RelatedI have an Ubuntu 11.04 instance running on Amazon EC2. I am currently using it as an SSH tunnel/SOCKS proxy. Most of my Net activity is on a Windows 7 machine running PuTTY. This setup is working very well. So well that a few of my friends have expressed interest in accessing it. Question is, how do I share this proxy, without giving away my private key and root access? I would like to limit users to only being able to set up an SSH tunnel/SOCKS proxy, with no shell access. What other security measures would you recommend for such a setup? I googled a bit and saw references to rbash and chroot. I have already changed the SSH port, and set the EC2 firewall to allow inbound SSH only from my ISP's address range. My friends use the same ISP. They would probably be running Windows 7/Vista, and PuTTY too.
View 4 Replies View Related