Blocking internet access to all sites except yahoo messenger

Posted on 2006-04-12
Last Modified: 2008-01-16
Hello EE.  On network with 10 pcs all windows.  A linux box is used for routing.  I have just setup squid and would like to find out how to restrict internet access for some users so that they can use yahoo messenger.
Question by:aduhwale
    LVL 23

    Accepted Solution

    I would edit squid.conf:...

    * Define an ACL for the users you want to restrict.  in the  squid.conf

    See the Squid configuration manuals  for details.

    In general, you do something like...

    #define an acl for squid users not to restict...
    acl unrestricted_hosts  src

    acl yahoo   dstdomain   "/etc/yahoo_addresses"

    acl all src
    acl CONNECT method CONNECT
    acl Safe_ports port 22 563 1025-65535

    # Ports commonly used by Yahoo messenger... caveat:
    #  in practice it may use other ports... Yahoo messenger may even connect to addresses
    # other than well-known Yahoo addresses.

    acl Yahoo_ports port  5000-5100

    http_access allow CONNECT Yahoo_Ports
    http_access allow unrestricted_hosts

    http_access allow all yahoo
    http_access deny all !Safe_ports

    Where  /etc/yahoo_addresses  is a file that contains a list of the Yahoo addresses
    LVL 16

    Expert Comment


    Here is enother way shown by Redhat:

    This article assumes Squid is running and users are connecting to the Internet through your Squid proxy server.

    Open /etc/squid/squid.conf in your preferred text editor and search for "Access Controls". Scroll down to "INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS".

    Suppose you want to deny access for anyone who browses to a URL with the word "foo" in it. The following lines define the ACL for the word "foo" and how to handle those requests.

    acl companyNetwork src
    acl badURL url_regex -i foo
    http_access deny badURL
    http_access allow companyNetwork
    http_access deny all

    This example sets up 2 access controls lists (ACLs) the first setting my network range and the second setting an acl for the word "foo".

    The next lines beginning with "http_access" allow the "companyNetwork" to access the Internet, but denys all access to websites with the word "foo" in there URL. The last line, "http_access deny all" is a security measure to deny anyone outside of the network access to our Squid proxy server.

    Note: Refer to for further details on Access Control Lists.

    Once you have your Access Controls setup restart the Squid server for the acl's to take effect.

    # service squid restart
    LVL 2

    Author Comment

    Hi guys - thanks for the quick responses.  Looking at the two options looks like mysidia has an idea what I want to do.  So just to confirm - this will allow me to define a group of ips that I want to have access to only yahoo messenger and the yahoo webpage right?  So I assume I need to put and in yahoo addresses file?  anything else I need to put in there?
    LVL 23

    Expert Comment

    Yes, that's the idea; you define an ACL parameter according to being in the group of ips, and then
    use  the 'http_access'  directives to indicate whether to deny or allow access according to which ACL
    parameters match the client

    (and the first match found wins).

    The file would be just a list of domain names you want to allow

    An alternate definition for the Yahoo ACL is...

    acl yahoo   dstdomain

    Putting the domains in a separate file is useful if you have more than Yahoo you
    want to allow

    LVL 2

    Author Comment

    Thanks!  I will set this up tonite.  If  I have any problems , I will be back screaming for help!  :-)

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    This document is written for Red Hat Enterprise Linux AS release 4 and ORACLE 10g.  Earlier releases can be installed using this document as well however there are some additional steps for packages to be installed see Metalink. Disclaimer: I hav…
    SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now