Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: controlling web access with squid's acl

controlling web access with squid's acl 10 years 3 months ago #16639

  • monsky
  • monsky's Avatar
  • Offline
  • Distinguished Member
  • Posts: 177
  • Karma: 0
hi to all,

aside from default configuration in squid.conf. i inserted this lines to control web access. i have the "iplist" file, list of ip's to be exluded. "blockyahoo" file, list of yahoo domains to be block at certain time.
acl our_networks src 192.168.0.0/24
acl exceptionip src "etc/squid/iplist"
acl break_time time M T W H F A 12:00-13:00
acl blockyahoo srcdomain "/etc/squid/blockyahoo"
http_access allow our_networks break_time
http_access allow blockyahoo break_time
http_access allow exceptionip
http_access allow localhost
http_access deny all

here is the problem, there are ip's that is being blocked and there are ip's that are seems not affected by the acl. The ip's are obtained from dhcpd server in FC4.

any idea what do you think i missed?

tnx again
The administrator has disabled public write access.

Re: controlling web access with squid's acl 10 years 3 months ago #16648

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
I can spot an error in the blockyahoo acl. You used "srcdomain" instead of "dstdomain". I assume you want to block access to yahoo domains rather than from them.
I assume you also know that Squid exits the access list when a match is made. That means that any IPs in the "exceptionip" acl which are also in the "our_networks" acl will still only be able to gain access during "break_time".
Hope this helps.
The administrator has disabled public write access.

Re: controlling web access with squid's acl 10 years 3 months ago #16680

  • monsky
  • monsky's Avatar
  • Offline
  • Distinguished Member
  • Posts: 177
  • Karma: 0
tnx dalight,

ill checkthe blockyaho acl. yes, my objective is to give access only at breaktime.

but there are IPs that could still browse even it is not included on the iplist exemption file.
The administrator has disabled public write access.

Re: controlling web access with squid's acl 10 years 3 months ago #16688

  • DaLight
  • DaLight's Avatar
  • Offline
  • Honored Member
  • Posts: 1302
  • Karma: 1
tnx dalight,
but there are IPs that could still browse even it is not included on the iplist exemption file.
If you have not locked down all access to the internet at the IP level using some sort of egress filtering scheme/firewall (e.g. iptables), then PCs will always be able to bypass your Squid proxy. You need to ensure that all clients have to go through the Squid proxy in order to access the internet. Provide some more details about your network if you need more help.
The administrator has disabled public write access.

Re: controlling web access with squid's acl 10 years 3 months ago #16716

  • monsky
  • monsky's Avatar
  • Offline
  • Distinguished Member
  • Posts: 177
  • Karma: 0
i have dansguardian installed and transparent proxied. all works well, just want to add time-web-access control. if you can give me other method aside from squid, im going to try it. i just want to have a control over the the time-usage
The administrator has disabled public write access.

Re: controlling web access with squid's acl 10 years 2 months ago #16816

  • Elohim
  • Elohim's Avatar
  • Offline
  • Senior Member
  • Posts: 220
  • Karma: 0
What rule did you insert in IPtables?
The administrator has disabled public write access.
Time to create page: 0.084 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup