How to deny download some file types on squid ?
I tried below in my squid.conf
acl blockfiles urlpath_regex -i "/etc/squid/src/blockfiles"
http_access allow localnet freesites !blockfiles
and in my /etc/squid/src/blockfiles
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
.[Rr][Aa][Rr]$
I still able to download
I have a server running both apache2 (default port) and squid (3128 port) I set an squid ACL so my LAN 192.168.1.0 gets filtered. ok all works fine except for external web petitions. When i try to access my web server from the outside, using my public ip, i get a SQUID DENIED. i guess that is because in squid ACL's there is something like: http_access all deny at the end of the file. How can i allow external petitions to my web?
View 4 Replies View RelatedI tried to force download of certain file types - pdf,doc,jpg - instead of opening them in applications. I used AddType application/octet-stream .pdf and AddType application/force-download .pdf but it doesnt works. Has anybody an idea how to solve this problem?
View 1 Replies View RelatedI would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
View 6 Replies View RelatedI'm using Grsync and I want to be able to plug in any drive into my laptop and run rsync on it to back up all the user documents on there to another external hdd and to exclude everything else. Working on the principle that user documents don't always appear where we'd expect I want rsync to look through the whole drive and filter what it backs up by file type. I am only having partial success, however.
I am using the 'filter' option in the 'additional options' box. I am using the command
Code:
filter='merge /home/tim/Desktop/filter'
and I am attaching the filter file I have written. (I have added the .txt extention to upload it).
I have tested this script on my home folder and here's what's going wrong. Rsync will copy the entire directory structure regardless of whether there are any files to be copied over in those directories. I am also getting only some file types getting included and not others. .odt and .ods files are copied, for instance, but not .doc or .rtf.
I have encountered a problem using squid, I am currently configuring my squid to deny all http and https except 1 external dst ip address which I will use to connect trough RDP, how can I configure my squid with what I want to accomplish?
View 1 Replies View RelatedI'm trying to use Squid to restrict web access on the computers of my LAN. All of the computers are using static IP address and we use our firewall to deny all HTTP access except for the proxy machine so everyone needs to go through the proxy to access the web.
Most of of the computers have access to websites that are listed on a white list that I called "goodsites". I have a range of IP address that I listed in a file called "super_users". These IP adresses are able to access everything except sites that I have put in a black list called "badsites".
I would like to restrict the use of audio/video streaming for all the IP adresses including the super_users. So far I have been able to effectively block streaming for all the IP addresses except the super_users that are able to bypass this restriction.
Here is the transcript of my squid.conf file:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
[Code]....
i am using squid proxy server in my office but i cant download torrent file from client usnig bittorrent. bitorrent may use port 6881 to 6889. but i dont know how and where to put this port numbers in squid to download torrent files.
View 1 Replies View RelatedI have just installed Squid proxy. i also use WPAD to deploy policies for all client. Both works well together. Now i want to configure firewall Juniper SSG140 will be deny all request from client to access internet and redirect to Squid. I mean deny HTTP & HTTPS except Squid (port 3128), even i want to all access to internet have to through Squid proxy. I don't expert about the firewall Juniper. May i know step by step configure it.
[URL]
I want to configure squid delay pool for the following scenario:
Internet Connection Speed: 7Mbps
3 Types of clients
Type 1: unlimited access to bandwidth
Type 2: 1.5 Mbps
Type 3: 512 Kbps
Unlimited access ip address 192.168.4.1,2,5,10
1.5 mbps ip addresses 192.168.4.3,4,6-9,11
512 mbps ip addresses 192.168.4.12-14
How to create acl for these ip's and delay pools for above speed.
i was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...
#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
[code]....
I just downloaded the DenyHosts2.6python2.5.rpm for deny.hosts from sourceforge and would like to set it up. I normally use fish://, smb:// and ftp:// on the boxes on my lan. I already have files called hosts.allow and hosts.deny in the /etc folder. Will the rpm configure hosts.deny when first run?
View 1 Replies View RelatedI have an Asterisk on an externally hosted vServer with Lenny. In order to further protect the SSH access I intended to change the Port number 22 to something like 55555. For this I changed the /etc/ssh/sshd_config file and restarted ssh. This caused unfortunately the following problems:
(1) The first login works but DenyHost writes now the IP in its list so that the second login with the same IP is blocked.
(2) With RESET_ON_SUCCESS = yes several logins were possible with the same IP, but later it also was blocked for some still unknown reasons.
(3) Files can be uploaded for being edited, but they can't always be saved. When they can't be saved the next login with this IP is blocked. It thus looks like the blocking can occur while being connected. When the files can't be saved it is however still possible to copy files from the computer to the vServer.
I add below the entries in the auth.log from a logout and a login. It shows further how suddenly the attempts to save files were blocked. After this session the IP used for it was blocked. I don't know where the message "Unable to open env file: /etc/default/locale" comes from. If I remember right I had these messages already before. I don't know how much that is really important.
[Code]....
I'm having troubles trying to understand this problem:my homeserver until yesterday had a public IP, staying on network, with sshd running and all was fine;this evening I changed the IP, giving it a local lan address, and what happened if I tried to connect to it by ssh?I got an error about "Connection closed by remote host". Google helped me finding that was regarded to hosts.deny file, that was actually containing a lineALL:ALLthat I commented, and all was fine.My question is: why the hosts.deny (that has never changed) was observed only with the local IP?I tried to switch back to the public IP and leaving ALL:ALL, and it did connect without any problem
View 1 Replies View RelatedIf I allow, my server's IP is:
11.11.11.11
If I allow 11.11.11.11, and block 22.22.22.22
22.22.22.22 can't access the server
But if I allow 11.11.11.0/24, and block 22.22.22.22
22.22.22.22 can still access the server!!
Does anyone know why that is?
I could not find any where the documentation the only best which I got was [URL]
My question is the following blog says to remove an IP from /etc/hosts.deny which denyhost has blocked
[URL] you need to have a directory /usr/share/denyhosts/data I do not find any such directory
Also when I tried to check tcp wrapper configuration as given here
[URL]
tcpdchk -v Cannot find your inetd.conf or tlid.conf file. Please specify its location.
what does the above output mean? How do I make sure denyhosts is doing its job?
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies View RelatedI just set up denyhosts and it worked properly the first time adding lots of ips to the hosts.deny.I then set it to run every 12 hours noon and midnight.I wanted to see if ran properly and I got all this.Does it look like its working?
Code:
May 15 12:00:01 hyrule CRON[14286]: (root) CMD (python /usr/share/denyhosts/denyhosts_ctl.py -c /usr/share/denyhosts/denyhosts.cfg )
[code]...
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies View RelatedI am using denyhosts on a server so in a config file/etc/denyhosts.confthe following value is setQuote:DENY_THRESHOLD_INVALID = 3which as per their configuration file saysQuote:
DENY_THRESHOLD_INVALID: block each host after the number of failed login
# attempts has exceeded this value. This value applies to invalid
# user login attempts (eg. non-existent user accounts)
[code]...
I would like port 80 to have a small daemon running on it that detects HTTP traffic and sends a small redirect response, and any other traffic begins streaming data from my VPN daemon. I was wondering if this has already been made, or any kind of technology for detecting types of traffic and allowing you to run multiple types of servers on the same port.
View 4 Replies View RelatedI'm trying to use "netlink" to get ip address of a Linux box. But the linux/types.h included from "linux/rtnetlink.h" introduced many conflicting type declarations with "sys/types.h".
#include <rtnetlink.h>
#include <sys/types.h>
#include <sys/socket.h>
int main (int argc, char *argv[])
{
return 0;
}
The program will demonstrate such type conflicts.
I have totally exhausted my search to find IPBlock. I use it on my other Ubuntu machines but for some strange reason I cannot find it anywhere for my Ubuntu 10.10 Maverick. I know where the iplist is but not the actual file IPBlock download
View 2 Replies View RelatedI have just been bothered by a fairly small issue for some time now. I am trying to search (using find -name) for some .jpg files recursively. This is a Redhat environment with bash.
I get this job done though I need to copy ALL of them and put them in a separate folder BUT I also need to keep the order intact after copying.
For e.g - If I get a JPG file under /home/usr/new/1/ then the destination also needs to be /test/old/new/1/.
At the moment, I am simply putting all files under /test/old/ and I can't somehow get the later /new/1/ folder path created under /test/old/
I understand this could well be done using while OR if else loop, though if someone can just guide me with a hint, I would be really grateful.
I will complete the rest of the steps and was asking here since I am still not comfortable with the shell/bash scripts yet and planning to be really good at it over the next couple of months.
I am getting a warning from /etc/hosts.deny
Code:
ALL: 192.168.1.3
ALL: 172.68.11.204
[code]...
I'm not completely new to fedora, but I'm still getting used toWhat programs do I search in the add/remove software. For opening rar file types?
View 10 Replies View RelatedI hope this is in the right spot. I need some help editing my .vimrc file. I want to edit it so that if I create a .cpp file, it will turn on cindent, and if I create a .asm file, it will turn on regular autoindent and set ft=nasm so Vim uses NASM syntax highlighting. How do I go about doing this?
View 2 Replies View Relatedhow would i go about taring multiple file types, such as *.doc *.pdf *.txt
i know that i can use the command Code: tar -zcvf filename.tar.gz /location/of/backup *.doc , but how do i include multiple wild cards?
I'm trying to use this guide:
http://ubuntuforums.org/showpost.php?p=3276774
but i can't seem to find or to download AssoGiate so i need something eles to create mime.
I want to make vlc the default application for opening avi files.
I tried 'open with a different application', selected vlc and checked the box 'Remember this application for "AVI video" files' (see attached), but the next time I double-click on an avi file it loads in Movie Player.
I've searched the Ubuntu documentation for "file associations" and "default programs" with no success. I'm probably using the wrong search terms, but somewhere, in all the configuration files and tables, there must be a way to assign a particular program to a given file-type.
(If you're wondering why I want to use vlc, it's because, after hours of research and tinkering, I finally got it to respond to my mceusb remote via lirc.)