Solved

configure squid so that it only gives access to 2 domains

Posted on 2002-07-18
15
226 Views
Last Modified: 2013-12-15
hi!
im running suse linux 8.0. i want that everybody in my network has access via http and https to only 2 domains. access to all other sites must be denied. what must i do ?
0
Comment
Question by:ItsMe
15 Comments
 
LVL 15

Accepted Solution

by:
samri earned 50 total points
ID: 7167707
ItsMe,

You need to define an ACL for the respective 2 domain that you want to allow.

For example if you want your users (from 192.168.0.0/24 network) to access only to domain1.com, and domain2.com, then the following ACL should work.

acl localnet 192.168.0.0/255.255.255.0
acl good-domain dstdomain domain1.com domain2.com
http_access allow localnet good_domain
http_access deny all


More detail usage of ACL could be found here;
http://squid-docs.sourceforge.net/latest/html/x1560.htm

The Configuration guide;
http://squid-docs.sourceforge.net/latest/html/book1.htm


Hope the information is helpful to you.

cheers.
0
 
LVL 15

Expert Comment

by:samri
ID: 7167713
Itsme,

Some mistake (notice the src in the first line).  Apologies.

acl localnet src 192.168.0.0/255.255.255.0
acl good-domain dstdomain domain1.com domain2.com
http_access allow localnet good_domain
http_access deny all
0
 

Author Comment

by:ItsMe
ID: 7167714
hi samri!
i thought of something like that. unfortunately i can't test it right now because the squid process is ended when i try to open a website with a client. perhaps i could mail you my config file ? my adress is philip@invend.de

many thanks
ItsMe
0
 

Author Comment

by:ItsMe
ID: 7167725
i've replaced the whole file with your config. my squid still crashes. i assume this has something to do with the cache. i always get the message that i need to initialize it. ok, heres my squid.cfg. now:

acl localnet src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl good_domain dstdomain invend.de
http_access allow localnet good_domain
http_access deny all

ps_ my network ip's are like this 192.168.123.0-100 / SM 255.255.255.0

best regards
ItsMe
0
 
LVL 15

Expert Comment

by:samri
ID: 7167917
Philip,

Did you run "squid -z" the first time.  And make sure that dir is writeable by the squid process (the uid squid is running - I would presume the user is squid).

Try starting squid from console, and see if there is any error message pops up.  Anything in the cache.log.  try deleting the file, and restart squid.

cheers.

just sent you a note from my yahoo.
0
 
LVL 15

Expert Comment

by:samri
ID: 7168535
Philip,

Before squid could do any caching, it has to initilialized it's cache directory hierarachy.

Watch for this line.  This is the default.  This would tells squid to create 16 level 1 dirs, and 256 level 2 dirs (total of 256*16=4096 directories) total size of cache would be 100MB.

#cache_dir ufs c:/squid/cache 100 16 256

Depending on your machine speed, and HD speed, create 4096 directories may take a while (personal experience is about 5 minutes -- old machine).  Once the cache dirs is create, you will get the prompt back.

Once it is done, running just go to bin directory, and run squid, it should fork itself to backgroud (will run in daemon mode).

cheers.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 

Author Comment

by:ItsMe
ID: 7168792
hi samri! i want to switch the cache off. how to do this ?
0
 
LVL 15

Expert Comment

by:samri
ID: 7168820
Philip,

Great question! It got me confused the first time.

Take a look at this discussion;
http://sonja.fon.bg.ac.yu/mirror/squid/mail-archive/squid-users/199909/0120.html

The article recommend to look at no_cache option in squid.conf.  I belive you could try the following;

acl NOCACHE urlpath_regex *
no_cache deny NOCACHE


and use a small cache_dir for internal objects.

cache_dir 2 ufs /cache 16 256


TO be honest, I never thought of this before :)  Worth trying though.

cheers.

0
 
LVL 15

Expert Comment

by:samri
ID: 7168894
Philip,

A much better page (I think).

http://www.squid-cache.org/Doc/FAQ/FAQ-7.html
0
 

Expert Comment

by:CleanupPing
ID: 9076977
ItsMe:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 15

Expert Comment

by:samri
ID: 9080023
looking at the Q, I would say the initial comment should do the job.

cheers:)
0
 
LVL 1

Expert Comment

by:drewber
ID: 9220358
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0
 
LVL 15

Expert Comment

by:samri
ID: 10119030
Reason for deletion ?

I thought that my first two comments should have done the job.

cheers.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now