I have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
Is there a way with the Firefox userContent.css to block social media widgets?I understand there is an Adblock Plus extension that can do that, but I don't use Adblock Plus.
I want to restrict some site (Social Networking) through my newly configured squid proxy. But It always allow those site How to block those site. My squid.conf file is configured as follow :-
#Recommended minimum configuration:
acl all src all acl manager proto cache_object acl localhost src 127.0.0.1/32 acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
I have an ubuntu 8.04 dedicated server running openssh which I am having problems with.
The server is based in England yet I am currently working from Thailand. Slow speeds and timeouts I am used to but it is now over 24hr since I have managed to SSH the server (from here).
I just tried remote desktop on my PC back in the UK and this connected straight away through both SSH and SCP.
Thinking that it may be the IP being blocked from my works network I switched off wifi on my phone and tried to connect over the data network a few times with no luck.
Another strange problem is that when we got the server it was locked into a chroot jail which SSH(22) always leads into. After accessing SSH on port 22 I have to run a break script to gain root access. The sshd_config file says that the server is listening on port 57 yet I have never been able to access this.
I'm working with computers that need to be public, so I'm trying to remove the social networking from 10.04.Unfortunately, this means that the "Indicator Applet" needs to go.The Indicator applet, holds the volume control.Is there anyway to add volume back to the panel after I remove the Indicator Applet?
I have UBUNTU server 10.04 LTS with 3 NIC "eth0" local and eth1,2 as internet connection and it acts as firewall, http proxy and samba file server ,I installed Zentyal panel manager for my server for easier management I did not configure any specific rule for my firewall but I have some problem with my clients who wants to connect to my server as gateway or as file server even my self experienced these problems too. these problems are as follow:
1. some time for a few minutes (maximum 10 minutes) my server block some of my clients to access it or internet but just for minutes but it is very annoying. 2. all of my clients those who login to an https servers or login to their mail or those who has some software like team viewer say that they are logging out from their session randomly I mean some of them logging out from their mail(yahoomail or googlemail ) or disconnecting from teamviewer connection or as I saw team viewer disconnecting for a few seconds and then comes back again. but I did not set any thing in my firewall or other services. this is my complete iptable rules:
As I am Carrying out a project to Design Social Networking Databases, I need 5 tables for designing it.My frontend being php and backend being Mysql.I need to know what are the 5 tables I can have and how to implement them.
I'm a full-time developer in my day-job, I get paid real money for it and everything! Nowadays I generally write web-based business apps using VB.net and ASPX.net, but I'v recently been asked to come up with a social networking type site (something in-between Facebook and twitter) that will initially be used for training purposes... don't ask or I'll have to send the men in the dodgie overcoats round
Problem is, it is to be written like real social-networking site, I've no idea what I'm going to make it look like and was, more fundamentally, wondering what to write it in?I've written commercial systems using Perl, PHP, ASP and the .net (VB and C) stuff.
I recently "saw the light" and realized that ubuntu was becoming a buggy overly-social joke of a distro, and i found that fedora seemed to fix most of my issues with making my laptop run well.Samba was not one of them.Anyway, I installed samba, check. (I also installed the graphical utility). I checked off samba and the client in the firewall. check. I used the utility (system-config-samba?) to switch the workgroup over. check.it did not want to access my fileserver at first; it saw it but as soon as i tried to mount and open it, it timedout and gave me the "unable to mount location" "Failed to retrieve share list from server" error. the next day it worked perfectly. now it is back to not working. it also is not working on my main rig (but it has a faulty hard disk so it will be out for a while).
I am currently working on a volunteer project to build a socializing community site for several affiliated religious communities. All the basic things like, a shared calendar, blogging, email, any suggestions?
I have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
I've a CentOS Box with no control panel.. I used to manage it via SSH. Any way, I've installed CSF/LFD on it.. and it seemed to be working just fine. The only problem I've encountered is that when I start and enable CSF, messages and emails keeps stocked in the mail queue.. I've double checked and made sure needed ports are opined.. But, I still have the problem.
Ok so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts. Now obviously these are people that are scanning him and trying to brute force him. So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
I configured squid in oracle enterprise linux 5.I want to block skype access.i configured the following to block skype.but it is not blocking.acl skype_blocking urlpath_regex [0-9]+.[0-9]+.[0-9]+.[0-9]+ http_access deny skype_blocking
How to block an ip address from mikrotik so that when a fake user use this ip he doesn't get internet but in the mean time real user gets internet. Real user will not harm if fake user trying to access.
My Pastebin for .HTACCESSIf you can offer any tips on improvements..but the main reason: I cannot get the bots to stop showing up.Esp the first one in the list.I need to block these two specifically
Code: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 &
I need to block mac address in my network then i foolowed as below acl's but am getting output as follows I tried as in /etc/squid/squid.conf acl block arp aa:aa:yy:yy:xx:xx http_access deny block but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx squid Cache (Version 2.5.STABLE6): Terminated abnormally.
My MailScanner running on CentOs is blocking docx files, saying "The original e-mail attachment "****.docx" is on the list of unacceptable attachments for this site and has been replaced by this warning message.
I've tried adding it the list of allowed files:
/etc/MailScanner/filename.rules.conf:
allow .docx$ - -
but it still blocks them.
I've also tried manually coping the message file from the /var/spool/MailScanner quarantine/ directory into /var/spool/postfix/incoming
but this did not result in the mail being delivered.
I desperately need these mails released, and docx files to be allowed unconditionally. Anyone know why the above isn't working? Failing that, can all file blocking be turned off? I'd rather have virus relayed than legitimate mails blocked.
I have these ACLS for video streaming like ..... & onilne tv channles. But they are also blocking downloading exe,rar,and other software connectivity like TeamViewer. What acl are bsically blocking my downloading of exes and rar files and teamviewr connectivity .
i am using squid proxy server to block some websites in my organization.now i was doing one testing that is, when i blocked Google. gmail automatically gets block.is there any method by which i could block google but gmail access is
My Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal [URL].. is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY OTHER PROGRAMS.
Running Red Hat (not sure of the build atm) and I need to be able to put all of the IP blocking in a separate file. It will eventually be uploaded to a large number of hosting accounts, and modified from time to time...so it isn't feasible to modify that many httpd.conf files each time we need to add an IP to be blocked. In httpd.conf I can add the "Deny from" line to the following directive and blocks it just fine:
Code:
<Directory "/var/www/html"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
[code]....
There is an include to pick up all *conf files in ../conf.d, and everything else in there is working just fine. I created a file called robots.conf; it currently has a set of mod_rewrite rules which work. So I added this to that file:
Code:
<Directory "/var/www/html"> Order allow,deny Allow from all Deny from 123.456.789.098 </Directory>
It is not blocking access from the IP with it in there.I've done all of the usual things; restarted Apache, cleared browser cache etc. I can also block it using that same directive in a local .htaccess.
I have a problem with sendmail. I am using the zen.spamhaus.org dnsbl, and it is doing a wonderful job of blocking incoming spam from open relays. But it is blocking my users who are on a dynamic ip range from any isp remotely. They should be able to authenticate and send messages no matter where they are as long as they authenticate right? I just want to use the blacklist to block incoming mail to my server that is being distributed to our email addresses.
I want to block people that are hosting mail servers and sending mail to my domain from isp sub-nets. But I don't want to block my users that are sitting on isp subnets using their mail client to authenticate over smtp and send an email from my mail servers.
I have a lifttime premium account at Megaupload.com. Recently I found that megaupload has blocked all IPs in my area. I have sent emails to their tech but nothing has returned!!I have tried to use proxies to download stuff from megaupload, however, none of them works for suspected bandwidth reason, not to mention that it might be slow too.
So, let's say there was a website www.qwerty.com, which is completely appropriate if not necessary except for the asdfg subfolder (www.qwerty.com/asdfg), which contains,say, pornographic material I want blocked. Is there any way to block "asdfg" without blocking the entire domain (www.qwerty.com)? I already tried editing my hosts file, but apparently that only works for whole domains.Also, while we're at it, can the hosts file be used to actually block IP addresses, or just domain names (so if I wanted qwerty.com with IP of 128.127.126.125 to be completely blocked, but know my family or employees are little smarter than that, I could add the line "0.0.0.0 128.127.126.125" to prevent all access to that website)?
