Solved

configure squid so that it only gives access to 2 domains

Posted on 2002-07-18
15
225 Views
Last Modified: 2013-12-15
hi!
im running suse linux 8.0. i want that everybody in my network has access via http and https to only 2 domains. access to all other sites must be denied. what must i do ?
0
Comment
Question by:ItsMe
15 Comments
 
LVL 15

Accepted Solution

by:
samri earned 50 total points
ID: 7167707
ItsMe,

You need to define an ACL for the respective 2 domain that you want to allow.

For example if you want your users (from 192.168.0.0/24 network) to access only to domain1.com, and domain2.com, then the following ACL should work.

acl localnet 192.168.0.0/255.255.255.0
acl good-domain dstdomain domain1.com domain2.com
http_access allow localnet good_domain
http_access deny all


More detail usage of ACL could be found here;
http://squid-docs.sourceforge.net/latest/html/x1560.htm

The Configuration guide;
http://squid-docs.sourceforge.net/latest/html/book1.htm


Hope the information is helpful to you.

cheers.
0
 
LVL 15

Expert Comment

by:samri
ID: 7167713
Itsme,

Some mistake (notice the src in the first line).  Apologies.

acl localnet src 192.168.0.0/255.255.255.0
acl good-domain dstdomain domain1.com domain2.com
http_access allow localnet good_domain
http_access deny all
0
 

Author Comment

by:ItsMe
ID: 7167714
hi samri!
i thought of something like that. unfortunately i can't test it right now because the squid process is ended when i try to open a website with a client. perhaps i could mail you my config file ? my adress is philip@invend.de

many thanks
ItsMe
0
 

Author Comment

by:ItsMe
ID: 7167725
i've replaced the whole file with your config. my squid still crashes. i assume this has something to do with the cache. i always get the message that i need to initialize it. ok, heres my squid.cfg. now:

acl localnet src 192.168.0.0/255.255.255.0
acl all src 0.0.0.0/0.0.0.0
acl good_domain dstdomain invend.de
http_access allow localnet good_domain
http_access deny all

ps_ my network ip's are like this 192.168.123.0-100 / SM 255.255.255.0

best regards
ItsMe
0
 
LVL 15

Expert Comment

by:samri
ID: 7167917
Philip,

Did you run "squid -z" the first time.  And make sure that dir is writeable by the squid process (the uid squid is running - I would presume the user is squid).

Try starting squid from console, and see if there is any error message pops up.  Anything in the cache.log.  try deleting the file, and restart squid.

cheers.

just sent you a note from my yahoo.
0
 
LVL 15

Expert Comment

by:samri
ID: 7168535
Philip,

Before squid could do any caching, it has to initilialized it's cache directory hierarachy.

Watch for this line.  This is the default.  This would tells squid to create 16 level 1 dirs, and 256 level 2 dirs (total of 256*16=4096 directories) total size of cache would be 100MB.

#cache_dir ufs c:/squid/cache 100 16 256

Depending on your machine speed, and HD speed, create 4096 directories may take a while (personal experience is about 5 minutes -- old machine).  Once the cache dirs is create, you will get the prompt back.

Once it is done, running just go to bin directory, and run squid, it should fork itself to backgroud (will run in daemon mode).

cheers.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:ItsMe
ID: 7168792
hi samri! i want to switch the cache off. how to do this ?
0
 
LVL 15

Expert Comment

by:samri
ID: 7168820
Philip,

Great question! It got me confused the first time.

Take a look at this discussion;
http://sonja.fon.bg.ac.yu/mirror/squid/mail-archive/squid-users/199909/0120.html

The article recommend to look at no_cache option in squid.conf.  I belive you could try the following;

acl NOCACHE urlpath_regex *
no_cache deny NOCACHE


and use a small cache_dir for internal objects.

cache_dir 2 ufs /cache 16 256


TO be honest, I never thought of this before :)  Worth trying though.

cheers.

0
 
LVL 15

Expert Comment

by:samri
ID: 7168894
Philip,

A much better page (I think).

http://www.squid-cache.org/Doc/FAQ/FAQ-7.html
0
 

Expert Comment

by:CleanupPing
ID: 9076977
ItsMe:
This old question needs to be finalized -- accept an answer, split points, or get a refund.  For information on your options, please click here-> http:/help/closing.jsp#1
EXPERTS:
Post your closing recommendations!  No comment means you don't care.
0
 
LVL 15

Expert Comment

by:samri
ID: 9080023
looking at the Q, I would say the initial comment should do the job.

cheers:)
0
 
LVL 1

Expert Comment

by:drewber
ID: 9220358
This question has been classified abandoned. I will make a recommendation to the moderators on its resolution in a week or two. I appreciate any comments that would help me to make a recommendation.
 

Unless it is clear to me that the question has been answered I will recommend delete. It is possible that a Grade less than A will be given if no expert makes a case for an A grade. It is assumed that any participant not responding to this request is no longer interested in its final disposition.

 
If the user does not know how to close the question, the options are here:
http://www.experts-exchange.com/help/closing.jsp
 
drewber
0
 
LVL 15

Expert Comment

by:samri
ID: 10119030
Reason for deletion ?

I thought that my first two comments should have done the job.

cheers.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now