[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 412
  • Last Modified:

Blocking internet access to all sites except yahoo messenger

Hello EE.  On network with 10 pcs all windows.  A linux box is used for routing.  I have just setup squid and would like to find out how to restrict internet access for some users so that they can use yahoo messenger.
  • 2
  • 2
1 Solution
I would edit squid.conf:...

* Define an ACL for the users you want to restrict.  in the  squid.conf

See the Squid configuration manuals  for details.

In general, you do something like...

#define an acl for squid users not to restict...
acl unrestricted_hosts  src

acl yahoo   dstdomain   "/etc/yahoo_addresses"

acl all src
acl Safe_ports port 22 563 1025-65535

# Ports commonly used by Yahoo messenger... caveat:
#  in practice it may use other ports... Yahoo messenger may even connect to addresses
# other than well-known Yahoo addresses.

acl Yahoo_ports port  5000-5100

http_access allow CONNECT Yahoo_Ports
http_access allow unrestricted_hosts

http_access allow all yahoo
http_access deny all !Safe_ports

Where  /etc/yahoo_addresses  is a file that contains a list of the Yahoo addresses

Here is enother way shown by Redhat:

This article assumes Squid is running and users are connecting to the Internet through your Squid proxy server.

Open /etc/squid/squid.conf in your preferred text editor and search for "Access Controls". Scroll down to "INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS".

Suppose you want to deny access for anyone who browses to a URL with the word "foo" in it. The following lines define the ACL for the word "foo" and how to handle those requests.

acl companyNetwork src
acl badURL url_regex -i foo
http_access deny badURL
http_access allow companyNetwork
http_access deny all

This example sets up 2 access controls lists (ACLs) the first setting my network range and the second setting an acl for the word "foo".

The next lines beginning with "http_access" allow the "companyNetwork" to access the Internet, but denys all access to websites with the word "foo" in there URL. The last line, "http_access deny all" is a security measure to deny anyone outside of the network access to our Squid proxy server.

Note: Refer to http://squid-docs.sourceforge.net/latest/html/x1455.htm for further details on Access Control Lists.

Once you have your Access Controls setup restart the Squid server for the acl's to take effect.

# service squid restart
aduhwaleAuthor Commented:
Hi guys - thanks for the quick responses.  Looking at the two options looks like mysidia has an idea what I want to do.  So just to confirm - this will allow me to define a group of ips that I want to have access to only yahoo messenger and the yahoo webpage right?  So I assume I need to put www.yahoo.com and mail.yahoo.com in yahoo addresses file?  anything else I need to put in there?
Yes, that's the idea; you define an ACL parameter according to being in the group of ips, and then
use  the 'http_access'  directives to indicate whether to deny or allow access according to which ACL
parameters match the client

(and the first match found wins).

The file would be just a list of domain names you want to allow

An alternate definition for the Yahoo ACL is...

acl yahoo   dstdomain   .yahoo.com

Putting the domains in a separate file is useful if you have more than Yahoo you
want to allow

aduhwaleAuthor Commented:
Thanks!  I will set this up tonite.  If  I have any problems , I will be back screaming for help!  :-)

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now