I configured squid in oracle enterprise linux 5.I want to block skype access.i configured the following to block skype.but it is not blocking.acl skype_blocking urlpath_regex [0-9]+.[0-9]+.[0-9]+.[0-9]+ http_access deny skype_blocking
View 3 RepliesI need to block mac address in my network then i foolowed as below acl's but am getting output as follows I tried as in /etc/squid/squid.conf acl block arp aa:aa:yy:yy:xx:xx http_access deny block but it give me error as like: - (This is the output of # squid -k parse) aclParseAclLine: Invalid ACL type 'arp' FATAL: Bungled squid.conf line 1234: acl block arp aa:aa:yy:yy:xx:xx squid Cache (Version 2.5.STABLE6): Terminated abnormally.
View 7 Replies View Relatedi am using squid proxy server to block some websites in my organization.now i was doing one testing that is, when i blocked Google. gmail automatically gets block.is there any method by which i could block google but gmail access is
View 1 Replies View RelatedMy Problem is: I want to stop gmail access without blocking https. Yes in my squid proxy normal [URL].. is not accessible. But gmail recently started https service by which user can still get access to gmail. I DONT WANT TO STOP https CAUSE ITS BEING USING BY OTHER PROGRAMS.
View 1 Replies View RelatedI need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?
acl blocksites url_regex yahoo http_access deny blocksites
I have also tried saving some url & filter content in a file and edited configuration as follows,
acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites
The squid-block.acl file contents are, .cricinfo.com mp3
Im trying to block iPod browsers or any similar mobile phones to access the internet.. I got this useragent.log entries"Mozilla/5.0 (iPod; U; CPU iPhone OS 3_1_2 like Mac OS X; en-us)AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7D11 Safari/528.16"I created an acl like acl mobile browser -i iPod to block all versions of iPod and deny it via http_access, but didn't block
View 1 Replies View RelatedMy squid version is 2.6.STABLE21 installed via yum on CentOS release 5.4 (Final) 2.6.18-164.el5 x86_64. My configuration is as follows (truncated)
acl hrusers proxy_auth -i "/etc/squid/access/hr.dept"
acl hrsites url_regex -i "/etc/squid/access/hrsites"
acl r-sites url_regex -i "/etc/squid/access/restricted-sites"
acl stream req_mime_type -i "/etc/squid/access/stream"
[Code]...
But even then streaming is not getting blocked.
I need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?acl blocksites url_regex yahoohttp_access deny blocksitesI have also tried saving some url & filter content in a file and edited configuration as follows,acl blocksites url_regex "/etc/squid/squid-block.acl"http_access deny blocksitesThe squid-block.acl file contents are.cricinfo.commp3
View 2 Replies View Relatedi am experimenting with my squid config . but i dont know how to make this confg to work.I wanted to Block the websites on term of the "words''like if any one is accessing to Porn site then the words that come out of porn is blocked. [ mostly used examples]note:i can blocked single site at a time.second if there is user 10.10.10.21 is downloading MP3,AVi,mpg how can i not allowed him to download that both ways via right clicking download and direct download.
View 1 Replies View RelatedI want to block yahoo mail chat in dansguardian. I had google few thing I come to know that I need to do this. Locking DNS lookups to webcs.msg.yahoo and httpcs.msg.yahoo by returning 127.0.0.1. I haven't have dns configured. So what I need to do solve this problem. I had tried by making an entry in etc hosts file. but it didn't worked.
View 3 Replies View RelatedI blocked facebook and ..... but if any one change the http with https its open with him how can i mange https like http.
View 9 Replies View RelatedI've set up a transparrent squid box with two nics. Eth1 = Internet eth0= LAN +Dchp my question is, can I log the data usage of a skype call. My proxy server already records all http an https requests but doesn't record some programs like skype. I know that it is not http traffic, but can I tell my system to record data use by an ip address over a nic with the help of iptables for example?
View 1 Replies View RelatedMy squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedI would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies View RelatedFor system calls, is blocking or non-blocking default in C? Simple question, just am not seeing the answer super quickly.
View 4 Replies View RelatedI have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:
#define DEBUG
#include <fcntl.h>
#include <string.h>
[code]...
I've a CentOS Box with no control panel.. I used to manage it via SSH. Any way, I've installed CSF/LFD on it.. and it seemed to be working just fine. The only problem I've encountered is that when I start and enable CSF, messages and emails keeps stocked in the mail queue.. I've double checked and made sure needed ports are opined.. But, I still have the problem.
View 2 Replies View RelatedI have a Debian server running at the gateway level on a LAN. This runs squid for creating block lists of websites - for eg. blocking social networking on the LAN. Also uses iptables.
I am able to do a lot of things with squid & iptables, but a few things seem difficult to achieve.
1) If I block http://www.facebook.com, people can still access https://www.facebook.com because squid doesn't go through https traffic by default. However, if the users set the gateway IP address as proxy on their web browser, then https is also blocked. So I can do one thing - using iptables drop all outgoing 443 traffic, so that people are forced to set proxy on their browser in order to browse any HTTPS traffic. However, is there a better solution for this.
2) As the number of blocked urls increase in squid, I am planning to integrate squidguard. However, the good squidguard lists are not free for commercial use. Anyone knows of a good squidguard list which is free.
3) Block yahoo messenger, gtalk etc. There are so many ports on which these Instant Messenger softwares work. You need to drop lots of outgoing ports in iptables. However, new ports get added, so you have to keep adding them. And even if your list of ports is current, people can still use the web version of gtalk etc.
4) Blocking P2P. Haven't been able to figure out how to do this till now.
Ok so, buddy of mine has his ssh server setup and upon checking his logs he sees a ton of failed attempts. Now obviously these are people that are scanning him and trying to brute force him. So is there a way to block them? We know you can block each IP but is there a way to block ALL connections except for certain ones, such as his and mine? Maybe a couple others.
View 6 Replies View RelatedHow can I block certain countries from accessing my server in any capacity? Is this possible? What do I need to add to my /etc/hosts.deny for this?
View 4 Replies View RelatedI would like to COMPLETELY block a specific IP address using iptables. I found this one:
Code:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
Will this work? How do I undo the changes later?
How to block an ip address from mikrotik so that when a fake user use this ip he doesn't get internet but in the mean time real user gets internet. Real user will not harm if fake user trying to access.
View 3 Replies View RelatedMy Pastebin for .HTACCESSIf you can offer any tips on improvements..but the main reason: I cannot get the bots to stop showing up.Esp the first one in the list.I need to block these two specifically
Code:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
&
[code]....
My MailScanner running on CentOs is blocking docx files, saying "The original e-mail attachment "****.docx" is on the list of unacceptable attachments for this site and has been replaced by this warning message.
I've tried adding it the list of allowed files:
/etc/MailScanner/filename.rules.conf:
allow .docx$ - -
but it still blocks them.
I've also tried manually coping the message file from the /var/spool/MailScanner quarantine/ directory into /var/spool/postfix/incoming
but this did not result in the mail being delivered.
I desperately need these mails released, and docx files to be allowed unconditionally. Anyone know why the above isn't working? Failing that, can all file blocking be turned off? I'd rather have virus relayed than legitimate mails blocked.
I have these ACLS for video streaming like ..... & onilne tv channles. But they are also blocking downloading exe,rar,and other software connectivity like TeamViewer. What acl are bsically blocking my downloading of exes and rar files and teamviewr connectivity .
acl WMP browser Windows-Media-Player/*
I have an ubuntu 8.04 dedicated server running openssh which I am having problems with.
The server is based in England yet I am currently working from Thailand. Slow speeds and timeouts I am used to but it is now over 24hr since I have managed to SSH the server (from here).
I just tried remote desktop on my PC back in the UK and this connected straight away through both SSH and SCP.
Thinking that it may be the IP being blocked from my works network I switched off wifi on my phone and tried to connect over the data network a few times with no luck.
Another strange problem is that when we got the server it was locked into a chroot jail which SSH(22) always leads into. After accessing SSH on port 22 I have to run a break script to gain root access. The sshd_config file says that the server is listening on port 57 yet I have never been able to access this.
Code:
> netstat -a | grep ssh
tcp6 0 0 [::]:ssh [::]:* LISTEN
> iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
[Code].....
Running Red Hat (not sure of the build atm) and I need to be able to put all of the IP blocking in a separate file. It will eventually be uploaded to a large number of hosting accounts, and modified from time to time...so it isn't feasible to modify that many httpd.conf files each time we need to add an IP to be blocked. In httpd.conf I can add the "Deny from" line to the following directive and blocks it just fine:
Code:
<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
[code]....
There is an include to pick up all *conf files in ../conf.d, and everything else in there is working just fine. I created a file called robots.conf; it currently has a set of mod_rewrite rules which work. So I added this to that file:
Code:
<Directory "/var/www/html">
Order allow,deny
Allow from all
Deny from 123.456.789.098
</Directory>
It is not blocking access from the IP with it in there.I've done all of the usual things; restarted Apache, cleared browser cache etc. I can also block it using that same directive in a local .htaccess.
I have a problem with sendmail. I am using the zen.spamhaus.org dnsbl, and it is doing a wonderful job of blocking incoming spam from open relays. But it is blocking my users who are on a dynamic ip range from any isp remotely. They should be able to authenticate and send messages no matter where they are as long as they authenticate right? I just want to use the blacklist to block incoming mail to my server that is being distributed to our email addresses.
I want to block people that are hosting mail servers and sending mail to my domain from isp sub-nets. But I don't want to block my users that are sitting on isp subnets using their mail client to authenticate over smtp and send an email from my mail servers.
I have UBUNTU server 10.04 LTS with 3 NIC "eth0" local and eth1,2 as internet connection and it acts as firewall, http proxy and samba file server ,I installed Zentyal panel manager for my server for easier management I did not configure any specific rule for my firewall but I have some problem with my clients who wants to connect to my server as gateway or as file server even my self experienced these problems too. these problems are as follow:
1. some time for a few minutes (maximum 10 minutes) my server block some of my clients to access it or internet but just for minutes but it is very annoying.
2. all of my clients those who login to an https servers or login to their mail or those who has some software like team viewer say that they are logging out from their session randomly I mean some of them logging out from their mail(yahoomail or googlemail ) or disconnecting from teamviewer connection or as I saw team viewer disconnecting for a few seconds and then comes back again. but I did not set any thing in my firewall or other services. this is my complete iptable rules:
Here is my query:
Squid document says that Squid accepts only HTTP requests but speaks FTP on the server side when FTP object are requested.
We call Squid HTTP and FTP caching proxy server. Does it also caches FTP contents? Is it possible to configure FTP clients to use Squid cache? When we make an FTP request to an FTP site via Squid will it be bypassed?