Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 239
  • Last Modified:

configure squid so that it only gives access to 2 domains

hi!
im running suse linux 8.0. i want that everybody in my network has access via http and https to only 2 domains. access to all other sites must be denied. what must i do ?
0
ItsMe
Asked:
ItsMe
1 Solution
 
samriCommented:
ItsMe,

You need to define an ACL for the respective 2 domain that you want to allow.

For example if you want your users (from 192.168.0.0/24 network) to access only to domain1.com, and domain2.com, then the following ACL should work.

acl localnet 192.168.0.0/255.255.255.0
acl good-domain dstdomain domain1.com domain2.com
http_access allow localnet good_domain
http_access deny all


More detail usage of ACL could be found here;
http://squid-docs.sourceforge.net/latest/html/x1560.htm

The Configuration guide;
http://squid-docs.sourceforge.net/latest/html/book1.htm


Hope the information is helpful to you.

cheers.
0
 
samriCommented:
Itsme,

Some mistake (notice the src in the first line).  Apologies.

acl localnet src 192.168.0.0/255.255.255.0
acl good-domain dstdomain domain1.com domain2.com
http_access allow localnet good_domain
http_access deny all
0
 
ItsMeAuthor Commented:
hi samri!
i thought of something like that. unfortunately i can't test it right now because the squid process is ended when i try to open a website with a client. perhaps i could mail you my config file ? my adress is philip@invend.de

many thanks
ItsMe
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
ItsMeAuthor Commented:
i've replaced the whole file with your config. my squid still crashes. i assume this has something to do with the cache. i always get the message that i need to initialize it. ok, heres my squid.cfg. now:

acl localnet src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl good_domain dstdomain invend.de
http_access allow localnet good_domain
http_access deny all

ps_ my network ip's are like this 192.168.123.0-100 / SM 255.255.255.0

best regards
ItsMe
0
 
samriCommented:
Philip,

Did you run "squid -z" the first time.  And make sure that dir is writeable by the squid process (the uid squid is running - I would presume the user is squid).

Try starting squid from console, and see if there is any error message pops up.  Anything in the cache.log.  try deleting the file, and restart squid.

cheers.

just sent you a note from my yahoo.
0
 
samriCommented:
Philip,

Before squid could do any caching, it has to initilialized it's cache directory hierarachy.

Watch for this line.  This is the default.  This would tells squid to create 16 level 1 dirs, and 256 level 2 dirs (total of 256*16=4096 directories) total size of cache would be 100MB.

#cache_dir ufs c:/squid/cache 100 16 256

Depending on your machine speed, and HD speed, create 4096 directories may take a while (personal experience is about 5 minutes -- old machine).  Once the cache dirs is create, you will get the prompt back.

Once it is done, running just go to bin directory, and run squid, it should fork itself to backgroud (will run in daemon mode).

cheers.
0
 
ItsMeAuthor Commented:
hi samri! i want to switch the cache off. how to do this ?
0
 
samriCommented:
Philip,

Great question! It got me confused the first time.

Take a look at this discussion;
http://sonja.fon.bg.ac.yu/mirror/squid/mail-archive/squid-users/199909/0120.html

The article recommend to look at no_cache option in squid.conf.  I belive you could try the following;

acl NOCACHE urlpath_regex *
no_cache deny NOCACHE


and use a small cache_dir for internal objects.

cache_dir 2 ufs /cache 16 256


TO be honest, I never thought of this before :)  Worth trying though.

cheers.

0
 
samriCommented:
Philip,

A much better page (I think).

http://www.squid-cache.org/Doc/FAQ/FAQ-7.html
0
 
CleanupPingCommented:
ItsMe:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1 
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
samriCommented:
looking at the Q, I would say the initial comment should do the job.

cheers:)
0
 
drewberCommented:
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0
 
samriCommented:
Reason for deletion ?

I thought that my first two comments should have done the job.

cheers.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now