Server :: Squid - Deny Streaming To All IP Addresses Of A LAN
Aug 23, 2010
I'm trying to use Squid to restrict web access on the computers of my LAN. All of the computers are using static IP address and we use our firewall to deny all HTTP access except for the proxy machine so everyone needs to go through the proxy to access the web.
Most of of the computers have access to websites that are listed on a white list that I called "goodsites". I have a range of IP address that I listed in a file called "super_users". These IP adresses are able to access everything except sites that I have put in a black list called "badsites".
I would like to restrict the use of audio/video streaming for all the IP adresses including the super_users. So far I have been able to effectively block streaming for all the IP addresses except the super_users that are able to bypass this restriction.
Here is the transcript of my squid.conf file:
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl localnet src 10.0.0.0/8# RFC1918 possible internal network
[Code]....
View 11 Replies
ADVERTISEMENT
Nov 11, 2010
I have a server running both apache2 (default port) and squid (3128 port) I set an squid ACL so my LAN 192.168.1.0 gets filtered. ok all works fine except for external web petitions. When i try to access my web server from the outside, using my public ip, i get a SQUID DENIED. i guess that is because in squid ACL's there is something like: http_access all deny at the end of the file. How can i allow external petitions to my web?
View 4 Replies
View Related
May 19, 2010
How can I configure proFTPd to deny all unless:User is part of group: ftpguysClient IP matches either: 1.1.1.1 or 2.2.2.2 or 3.3.3.3I already have the config file (proftpd.conf) setup to only allow users who are part of the group ftpguys. To do that I use this:
Code:
<Limit LOGIN>
AllowGroup ftpguys
[code]...
View 7 Replies
View Related
Jul 3, 2010
I have encountered a problem using squid, I am currently configuring my squid to deny all http and https except 1 external dst ip address which I will use to connect trough RDP, how can I configure my squid with what I want to accomplish?
View 1 Replies
View Related
Nov 15, 2010
How to deny download some file types on squid ?
I tried below in my squid.conf
acl blockfiles urlpath_regex -i "/etc/squid/src/blockfiles"
http_access allow localnet freesites !blockfiles
and in my /etc/squid/src/blockfiles
.[Ee][Xx][Ee]$
.[Aa][Vv][Ii]$
.[Mm][Pp][Gg]$
.[Mm][Pp][Ee][Gg]$
.[Mm][Pp]3$
.[Rr][Aa][Rr]$
I still able to download
View 2 Replies
View Related
Dec 22, 2010
I have just installed Squid proxy. i also use WPAD to deploy policies for all client. Both works well together. Now i want to configure firewall Juniper SSG140 will be deny all request from client to access internet and redirect to Squid. I mean deny HTTP & HTTPS except Squid (port 3128), even i want to all access to internet have to through Squid proxy. I don't expert about the firewall Juniper. May i know step by step configure it.
[URL]
View 6 Replies
View Related
Dec 30, 2010
I have squid running on my home gateway, but when I try to listen to streaming radio, it doesn't work.
Using mplayer with a proxy shows this:
Code:
/home/fukawi2 $ mplayer http://media.on.net/radio/143.m3u
MPlayer SVN-r32492-4.5.1 (C) 2000-2010 MPlayer Team
159 audio & 349 video codecs
mplayer: could not connect to socket
[Code]....
View 5 Replies
View Related
Aug 16, 2010
Howto exclude IP address from caching in /etc/squid/squid.conf of squid 2?
For a domain, I can use:
Code:
acl excl dstdomain domain.net
always_direct allow excl
no_cache deny excl
but howto exclude IP addresses instaed of domain names?
View 2 Replies
View Related
May 26, 2009
I successfully installed darwin streaming server .. I stream Audio through internet well but videos I can stream locally in my network only .. when I am connected to internet outside my network .. it doesn't stream I think their must be ports opened for that .. or any 1 have any ideas .. the audio is streamed on port 8000 .. video is streamed on port 7070 but locally only .. I opened those 2 ports in my router only the audio is working .. also I opened ports 554,7170 disabled the firewall of the router .. is it a problem of ports or something else .
View 2 Replies
View Related
May 23, 2010
My squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies
View Related
Jan 17, 2011
I would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies
View Related
Apr 6, 2010
I want to deny access to my server by PC's from other sub LAN on my company, so I will add the lines ALL: xxx.xx.xx. to hosts.allow and ALL: ALL to hosts.deny?
VampirD
Microsoft Windows is like air conditioning
Stops working when you open a window.
-----BEGIN PGP SIGNATURE-----
[Code].....
View 3 Replies
View Related
Mar 11, 2010
I can't seem to set this older server right to deny outside access while I build a website on it. What I am trying to accomplish is deny anyone outside of my network access to the website, but replace the 403 error with a temp page letting them know it is coming soon. I have googled for hours and everything I have tried just denies me as well. Seems to be all or nothing.
My last attempt was:
Code:
<VirtualHost *:80>
ServerName www.mydomain.com
ServerAlias mydomain.com
ServerAdmin me@mydomain.com
DocumentRoot /home/me/www/site
ErrorDocument 403 /temp.htm
<Directory />
Options FollowSymLinks -Indexes Multiviews
AllowOverride None
Order Deny,Allow
Allow from 192.168.0.*
Deny from all
</Directory>
</VirtualHost>
View 11 Replies
View Related
Jun 30, 2010
I have create distro groups in zimbra and have add member sin there. when i connect an account on mapi etc. [URL] i have create a persona in order client to send from [URL] rather than [URL] How can i restrict inside postfix to relay using [URL]?
View 1 Replies
View Related
Feb 18, 2010
I have a squid3 on a debian lenny box but cannot get access to any site.
If i remove the http_access deny all works, but i just want those ip to get access to squid
My squid.conf
Code:
intranet:/etc/squid3# cat squid.conf
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
#acl all src 0.0.0.0/0
[Code].....
View 3 Replies
View Related
Apr 11, 2011
I have dhcp3-server (isc-dhcp-server) installed on my Debian and now I got a question about how it's giving the IP addresses to new devices.
For example: I connected my laptop and dhcp server gave me 192.168.1.5 address. Will it always give me the same ip address when I connect my laptop or it will eventually change after some time (week-month)? If it's not changing it, then I am wrong about this.
BUT...If I am somehow correct and if it will change in a week and give me another random (like 192.168.1.8) IP even I won't change my laptop network adapter, is it possible to configure dhcp server to always give same IP address depending on what MAC it is?
To make it clear, I want that when I connect new device (new laptop/pc) dhcp server would give it random IP but same time it would note the MAC address and never change the IP on that MAC.
I know about MAC filters, but setting filters is when you know MAC address since beginning and want to assign IP for it, but in my situation I don't know the MAC address.
View 4 Replies
View Related
Apr 28, 2010
I am looking for a code for setting virtual alias for all domains and addresses. The scenario is that when I send an email from anywhere to my server, it will send to only one address but not send to the orginal recipient.
This is my code: I think the problem may be from the regular expression (.*) for any domains/email addresses
/etc/postfix/main.cf:
virtual_alias_domains = (.*) <-----
virtual_alias_maps = hash:/etc/postfix/virtual
/etc/postfix/virtual
(.*) admin@myserver.com <----
View 2 Replies
View Related
Feb 16, 2011
now I have managed my rsyslogd to log the firewall into a separate file I would like to use a script which looks into this file for intruders which for example try to ping, telnet, ssh, rdp etc into my dsl connection.And then use a kind of app or firewall on my ubuntu server to block them.Yes my firewall logs them but does not block them if the policy is enabled, so they have access on through the firewall and the connect to my server but I only want some known IP addresses have access through it and this I cannot program in the firewall so I have to use some extras.Or am I thinking way to far and is there a better solution with IPtables or app?Is it possible to watch tcp connections between the firewall from outside IP addresses and the ubuntu server?
View 7 Replies
View Related
Mar 16, 2010
I'd like to add further IP addresses for my server but I don't get it. My steps :
[Code]....
View 19 Replies
View Related
Dec 27, 2010
please I need a Linux or Windows broadcast software to broadcast live audio / video streams to Darwin streaming server.
View 2 Replies
View Related
Jul 23, 2011
I want to set multiple IP addresses onto my server and I can then put under an alias.
But is it possible to somehow create a script in perl example that can do this for or is it only possible manually?
View 1 Replies
View Related
Aug 26, 2010
Is there somewhere in WHM where I can allow and disallow various ip addresses to login using PuTTY for SSH.OpenSSH Server, is not running (for security reasons).If OpenSSH is not running, is there a way to allow certain ip addresses only to use ssh.
View 9 Replies
View Related
Nov 28, 2010
I have the following in my httpd.conf file
Code:
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive. Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#Listen 12.34.56.78:80 Listen 80
And when I try to start the server, I get the following
Code:
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80. I did have an Apache web server up and running about 6 or 7 years ago - but seem to have lost everything
View 4 Replies
View Related
Nov 1, 2010
Im working with virtuals machines to configure Sendmail on Linux.
I work with two domains (ar and org), the configuration is similar in both, so i will write just one.
In orgs mail server:
The emails stopped coming and the server adds to the e-mail addresses the MX record. For example, if i send an email to u1@org in log appears u1@org.mail.org.
View 14 Replies
View Related
Apr 17, 2011
I set-up his mail server for him with Postfix but what he wants I have no idea how to do.
Essentially he wants it so that the mail gateway IP corresponds with the dedicated IP of the domain and I have no idea how to accomplish this.
I found some documentation on the web saying that the fix for this was to run multiple instances of Postfix which I tried doing but each time I try to start the second instance I get the error that postfix is already running.
There has to be an elegant way to make this happen, I really hate to tell a client something can't be done even though the concept is a bit pointless, IMHO. I am hoping I can get some feedback here on if this can be done and if it can the easiest way for me to accomplish doing it.
Here is some of the config files (example.com has been put in place of the actual domain names and the ip of 5.5.5.5 is in place of the actual IPs
Code:
[root@youronlinehosting ~]# cat /etc/postfix/transport
example.com smtp:5.5.5.5
example.com smtp:5.5.5.6
example.com smtp:5.5.5.7
[Code].....
View 1 Replies
View Related
Feb 20, 2010
I have configured squid server and it is working fine. I want that only specific ip addresses in my LAN should be able to access internet and for that I have given these entries in access control lists in squid.conf file:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80
acl Safe_ports port 21
acl Safe_ports port 443
acl Safe_ports port 70
acl Safe_ports port 210
acl Safe_ports port 1025-65535
acl Safe_ports port 280
acl Safe_ports port 488
acl Safe_ports port 591
acl Safe_ports port 777
acl CONNECT method CONNECT
acl QUERY urlpath_regex cgi-bin ?
acl apache rep_header Server ^Apache
acl our_networks src 192.168.0.181/255.255.255.0 192.168.0.182/255.255.255.0
And in http access I have given this:
http_access allow our_networks
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost
http_access deny all
In this I want that only 192.168.0.181 and .182 should be able to access internet but Now the problem is that all the IPs in the LAN like 192.168.0.20 are also able to access internet. What changes I need to do to allow access to specific IP addresses. I am not using any firewall or iptables entries and i am manually changing in the firefox at client side to access internet.
View 3 Replies
View Related
Oct 20, 2010
I have a MacBook Pro running VirtualBox with Ubuntu 10.10 as a guest. I am trying to run a DHCP server from within the Ubuntu VM. I need to do this in order to run a multicast utility. On a stand alone machine running Fedcora I have this working without fail but within the Ubuntu VM I am having troubles. The DHCP server is starting okay, but when I use a cross over cable connected to a device the device does not ever get an address.I have eth1 bound to my ethernet jack where I am trying to source the addresses, and eth2 bound to my airport which is disabled unless I need internet access.Here is my DHCP.conf file
Code:
###############################################################################
# Amino Communications Sample dhcpd.conf file #
[code]....
View 3 Replies
View Related
Mar 7, 2011
I'm writing because my ubuntu server has started with troubles .
It's running Linux 2.6.32-29-generic-pae kernel for ubuntu server 10.04 and after the last update it stopped from giving addresses on clients connected.
Dhcp3 server it's running and the conf files are fine, but i can only use static addresses assignation now...
Also MYSQL has stopped working (installed for Bacula purpose) but now the dhcp problem is the biggest issue. I work in an office where dhcp is fundamental, too much clients (about 15) that are personal laptops also (so static assignation for clients is not a good choose).
Please any one could help me? It's two days I'm trying to figure it out without success.
also tried removing and reinstalling dhcp3-serer...no way.
Here are my conf files code...
View 1 Replies
View Related
Aug 5, 2009
I have two nagging problems on one network which I do not have on another elsewhere, both using uptodate Debian servers. The server is on the private subnet behind a router/adsl modem. The symptoms of the one which does not work
1) Users cannot access their web site from lan. If they try, they get to the router web interface, same as if they entered http:10.0.0.138 which is the router's lan address.
2) Users cannot access smtp or pop3 service using the domain name, they can access it only using the servers LAN address.
I fear that I might have not set up the router properly because appart from that the two servers are almost identical but I do not know where I might have made an error.
View 14 Replies
View Related
Mar 22, 2011
From my main Postfix SMTP heads, I am sending just a couple select emails (primarily support emails) off to a server that receives them and pipes them into the support software. So far this totally works perfectly and I am pretty happy with the configuration. However, in order for sendmail on the support server to receive those emails I have to place them in the virtusertable of course, but I also have to activate their domain in the local-host-names file. That then causes sendmail to consider itself as the destination server for that whole domain.Is there a way to make sendmail receive email for select addresses without making it think it's the server for the whole domain? This server is only receiving email from two specific smtp servers, so I wonder if I could just permit relaying? Wonder if that would just cause a giant loop though.
View 1 Replies
View Related
