My Squid is working. But I do not know how to unblock a proxy for two users on my network. My configuration
Code:
acl work src 192.168.16.0/24
acl sites dstdomain "/etc/squid/sites.acl"
acl files urlpath_regex "/etc/squid/files.acl"
acl boss src 192.168.16.12
[Code]....
How to enable blocked sites and files for boss and it_user?
Example I have 3 user list and 3 file with block site names
acl group1 src 192.168.0.2 192.168.0.3 192.168.0.4/24
acl group2 src 192.168.0.5 192.168.0.6 192.168.0.7/24
acl group3 src 192.168.0.8 192.168.0.9 192.168.0.10/24
[Code]...
I've moved your post here to its own thread. Please don't resurrect dead threads. --win32sux
In the past week or so I've noticed some weird network behaviour. I find accessing some sites such as Amazon, Paypal, and Bigstockphoto really slow. Sometimes the page will not load at all. Other sites are fine. The problem sites are not a problem for others on my LAN at home. When I try to open the problem sites, I can see in Firestarter blocked connections coming from 2.1(8/9).xxx.xxx on various ports such as 36007. This only happens for the problem sites. I attached a typical output from firestarter.
This happens with Firfeox or Chrome. Using Ubuntu 10.10
I am in China, where some web sites(....., facebook, etc) are blocked. So I have to access these blocked site by VPN. But how can I access blocked sites by VPN and unblocked sites by my direct ADSL?
View 2 Replies View RelatedMy squid server works fine in fedora 11 system . Is there any web like interface for admins to create,change,modify users of squid and to view their logs.
View 1 Replies View RelatedI connect to the internet at work through an authenticating proxy, and to avoid having to enter the proxy info into every app I use (e.g. firefox, wget, kde, etc) I have set up squid as a local transparent proxy which authenticates and routes all traffic to the work proxy. It has been working fine, but lately I haven't been able to connect to any https sites. I don't think I have changed the configuration, so perhaps it is the result of an upgrade, or something badly configured on my system from the start. I have tried connecting to https sites without squid and iptables and it works fine. My system is Arch linux, and my squid.conf file is: Code:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl Safe_ports port 80# http
acl Safe_ports port 21# ftp
acl Safe_ports port 443# https
[Code]....
I am working in a office where only one internet connection available. I have configured 5 other client machines to use internet through squid proxy server. Now I want to restrict the total data usage/transfer (upload+download) to say 1 GB during a calender month. How can I achieve this setting.
View 1 Replies View RelatedUsing 10.4, got the webmin installed and squid. Got my access control list setup.Within the acccess control list setup, I can not go to sites likemethodistmd.org or mollimd.org for whatever reason. But I can go to votekirkland as well as google. Why would webmin and/or squid only work with certain sites within the the defined access control list?
View 9 Replies View RelatedI just setup a linux machine that act as a gateway along with squid running in transparent mode. Now I have one asterisk server which is behind that gateway I mean on my local subnet which pass through my linux gateway. Voip server having 4mb up n 4 mb down limit. Clients having 512kbps and upload 2mb.
Linux gateway : controlling band width of each clients
Squid acl forNAT issue with voip sites
Now my question is regarding skype calling. Since skype uses port 80, does it mean that it passes its request via proxy or direct and for safe side I've changed skype incoming port to 443 which squid does not see it. How much and width does skype use for calling in that case. Some one told me that it using squid to pass its request which I don't agree.
I need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?acl blocksites url_regex yahoohttp_access deny blocksitesI have also tried saving some url & filter content in a file and edited configuration as follows,acl blocksites url_regex "/etc/squid/squid-block.acl"http_access deny blocksitesThe squid-block.acl file contents are.cricinfo.commp3
View 2 Replies View RelatedI need to block some of my sites with SQUID Proxy. I added following lines to my SQUID configuration file but still the site remains unblocked.How to block it?
acl blocksites url_regex yahoo http_access deny blocksites
I have also tried saving some url & filter content in a file and edited configuration as follows,
acl blocksites url_regex "/etc/squid/squid-block.acl" http_access deny blocksites
The squid-block.acl file contents are, .cricinfo.com mp3
i just implemented ur instruction n got success but i have one problem that i want to provide only two or three web sites access to groups in squid.
View 1 Replies View RelatedI have a problem with sites or domain blocking by squid proxy server in rehl 5. I have trying lots of time but i'm not succed.pls help me how to block sites or domain in rhel 5.
View 3 Replies View Relatedi have seven department in my office. i want to restricte web sites for all the departments but not same web sites for all the departments i.e. different sites for different departments.i have no idea about this issue.
View 1 Replies View RelatedI'm having some issues settings up a transparent proxy server, which should allow only regular web browsing (port 80), any other port (including HTTPS (443)) has to be blocked, as well as any other port. Right now, I'm using Debian 6 and Squid3. The server only has one NIC. The topology is like this:
Clients <-> Proxy Server + DHCP Server <-> Internet
With this setup, the network does have internet access and the websites I whitelisted are the only ones accesible via browser, however port block is not working, every port is open, hence why trying to access blacklisted websites through HTTPS is possible. Seems to me Squid3 is doing it's job fine, however IPTABLES for some reason seems to be redirecting all the trafic to port 3128 (Squid3 port). I could be wrong, but I've been unable to do anything related to ports with squid3 (either whitelisting or blacklisting).
For Iptables I used:
Code:
iptables -A PREROUTING -t nat -i eth0 -p tcp -j REDIRECT --dport 80 --to-port 3128
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 3128 -j ACCEPT
iptables -A INPUT -i eth0 -m tcp -p tcp --dport 443 -j DROP
Squid3 config:
Code:
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1
acl Safe_ports port 80 # http
acl whitelist dstdomain "/etc/squid3/whitelist"
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny !whitelist
http_access allow localhost
http_access allow all
http_port 3128 intercept
hierarchy_stoplist cgi-bin
I would like to ask some help and tutorial for setting up and how to configure squid proxy server in my (Home PC Server). I am a newbie in Linux Centos. I already installed in my system the CentOS 5.5 . Now, I want to configure it as my internet server, all of my 4 system running in Windows including the laptop I want to connect through my CentOS pc with username authentication. I assign all IP address by static. see tthe attachement in my set up. [url] I just want to know what I need to change and add in my squid config file. And how can I configure properly my CentOS with 2 LAN card as internet server.
View 1 Replies View RelatedI have setup a squid server on Rhel5.4. I would like to know how I can configure my squid server to block anon proxy sites.
View 3 Replies View RelatedI have an old FC2 box running Squid version 2.5. It has been running since 2003 so I am in the process of replacing it. I have a new machine with FC11, iptables, and Squid 3.0 installed.
On the old machine I use iptables to intercept Port 80 traffic and send it to Squid. By default I block all internet access and allow only sites that are in an Allowed_Sites.txt file. Within Squid I also have statements to allow certain users to bypass Squid based on their IP address.
I have set up the same thing on the new box. I have iptables intercepting the Port 80 traffic and sending it to Squid. That is working because if I remove the redirect statement from iptables all internet access is blocked.
The problem I am having is that Squid is not blocking any websites. It acts like the ACL is set to http_access allow all. I have worked on this for several hours and am stumped.
These are my Squid rules:
acl allowed_sites url_regex "/etc/squid/Allowed_Sites.txt"
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
acl SSL_ports port 443
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access allow Bypass_Users
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
acl our_networks src 192.168.1.0/24
http_access allow allowed_sites
http_access allow our_networks
http_access deny all
icp_access deny all
htcp_access deny all
http_port 192.168.1.254:3128 transparent
hierarchy_stoplist cgi-bin ?
access_log /var/log/squid/access.log squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname FC11.proxybox
icp_port 3130
coredump_dir /var/spool/squid
I have FC-4 with Squid and Dansguardian. Internet Users in my organisation are configured to use proxy with 8080 in browser IE. There's no issue with Users as DG working perfect for them. We have Business Development Team, as they need to do most of the research over internet, their IP's are included into "Exception IP List" in Dansguardian. Obviously these people will be excepted from all banned sites, BD Team able to do chat, play games and do social networking and other stuff over the net, which results in more bandwidth consumption and breaking office policies.
I have tried to implement SQUID ACL's to block few sites like " meebo.com, orkut.com,facebook.com etc" but SQUID acl's not coming into picture. any one who successfully blocked chat, banned sites and social networking in DG with my case.
we are getting Out of memory issue in web server log & kern.log at same time cpu load is comming very high....
top - 13:37:10 up 221 days, 12:43, 0 users, load average: 90.56, 61.63, 31.44
Tasks: 229 total, 64 running, 165 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.6%us, 0.3%sy, 0.0%ni, 97.2%id, 0.8%wa, 0.0%hi, 0.1%si, 0.0%st
[code]....
I am having some troubles with my networking. I have a fresh install of Debian 4.0.4-1. My problem is: I boot up and everything is great.
Code: Select all~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1e:68:46:4b:ae
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
[Code] ...
I try to switch the hardware switch on and off with no avail. The only way to fix it is to reboot. But then when I ifconfig down and up I'm stuck in airplane mode again.
i immigrate to Debian Squeeze. So, for each time i want to start debian i have a kernel panic and ( mouse + keyboard blocked ), I can't use anything.Here is my kern.log pastebin
View 6 Replies View RelatedI have a fresh installation of CentOS 5 I'm using for a server, and I'm having issues with port configuration. I have iptables running, and it started with no /etc/sysconfig/iptables file. I added a few basic rules (port 53, port 10000 for webmin), saved the file, and restarted the service. I tried connecting to webmin, scanned ports, and traffic was blocked. I set iptables to allow all traffic and restarted the service, and it still showed basically every port as being blocked. It seems port 80 and port 22 work for some reason, even when I tell iptables to block all ports.
I'm not sure what's going on here. Iptables is reading the /etc/sysconfig/iptables file, and if I use lynx localhost:someport it responds as it should according to the file. However, if I try connecting by IP, it's like there's some other firewall or something running that does whatever it's configured to do.....
I'm using Fedora 10 as a proxy server using squid, but I recently noticed that some users use the IPS's Dns to bypass the proxy and surf the web freely. So my question is, is this a problem with Squid or perhaps I can solve the problem whit IPTables.
View 6 Replies View RelatedMy IP has been blocked by Composite Blocking List for " IP Address 207 is listed in the CBL. It appears to be infected with a spam sending trojan or proxy. It was last detected at 2011-01-02 11:00 GMT (+/- 30 minutes), approximately 1 days, 3 hours, 29 minutes ago. It has been relisted following a previous removal at 2010-12-30 17:15 GMT (3 days, 21 hours, 2 minutes ago)"
How do I find this "trojan" and remove it???? I have a network of 6 computers right now, 5 are running Ubuntu (3 server and 2 Desktop versions) and one windows computer. I have run a virus scan in the windows computer and found nothing. How can I scan a linux computer for a virus?
I have Redhat enterprise linux 4 and it is used for squid. This machine is behind the Cisco PIX Firewall and it is handled by our network administrator. few days ago, my boss ordered me to allow Mail (Yahoo, Hotmail, G-Mail) only to some users and block every things for them. Here also, some other users (not above) have allowed downloading, movies etc and some users have not. I did it in squid as follow for users who required mail access only:-
[Code]....
If I want to add Windows & Mac users as Samba users, must I first add them all as Ubuntu users? If so, since none of the other users will actually be working on the Ubuntu Server, how do I disable the other non-admin users on the Ubuntu Server login screen. I am using Webmin to administer some server settings, and command line for others.
View 3 Replies View RelatedI have squid server running FC7. i have created a ncsa authentication for windows user to use internet through squid proxy.
My problem is that the each created user should be able to change their password.
- Is there a way, using NCSA authentication, to allow users to change their passwords?
- Is there a way to use windows AD password for squid authentication. if so how?
I am not sure whether it's possible or not. We running squid proxy server for our office. We restrict users using ACL to access the internet. There is some who do the followings:
1. Create a own proxy in there box who has the internet access.
2. Other users use those box as proxy and access to the internet.
i have squid 2.6 server running on rhel5. by default teamviewer access is deny. i want to allow access of teamviewer but not getting.
View 4 Replies View Related