Solved

Selectively unrestrict and restict web access based on IP address in SquidNT config

Posted on 2008-10-09
12
809 Views
Last Modified: 2013-12-16
Background:  here's my network subnets:
#unrestricted; but need to restricts porn, weapons, etc:
192.168.5.10  -  192.168.5.191  
192.168.10.10  -  192.168.10. 100
192.168.70.10  -  192.168.70. 191
#within the above subnets need to set up the following are administrators (completely unrestricted):
192.168.5.14,  192.168.5.192,  192.168.5.128,  192.168.5.19
192.168.10.223,  192, 168.10.124,   192.168.10.
192.168.70.92,  192.168.70.111
#the following should be restricted to the whitelist only and blocklist only:
192.168.5.192 - 192.168.5.254
192.168.10.101 - 192. 168. 10. 254
192.168.70.192  -  192.168.70.254

Access to the internet is based on IP addresses only (no user, no group authentications).
How do I define the ACLs and http_access based on the above scenario?
Please help!
0
Comment
Question by:grazal
  • 6
  • 6
12 Comments
 
LVL 76

Expert Comment

by:arnold
Comment Utility
To achieve a content based restriction, you would likely need to find a Commercial product such as http://www.securecomputing.com/ which I believe can be tied into squid.

The whitelist, blocklist I am uncertain of, but the following might be a reference:
http://www.screaming-penguin.com/node/3871
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Another option you might explore is using a GPO to enable/disable content filtering in IE using content adviser though the restriction might not be as fine grained to only limit a specific.
Squid can be configured to behave differently based on the user's group membership.  
0
 

Author Comment

by:grazal
Comment Utility
So Squid can't do what I'm trying to do?  cuz this is all I need Squid to do for us.  We don't use active directory and GPO policies; stickly access to the web is by IP addresses only.

0
 
LVL 76

Accepted Solution

by:
arnold earned 500 total points
Comment Utility
0
 

Author Comment

by:grazal
Comment Utility
It looks like content filtering sofware (e.g. Dans Guardian and Squid Guards) are only available in Unix OS.  I only have the SquidNT running in Windows 2000.   We have Unix OS in our network, but I don't know my way around Linux yet (I'm a Windows person).  I know how to navigate around Windows but not in Linux/Unix, that's why I opted for SquidNT instead.

I would like to use Squid in Linux, but I don't know my way around Linux.  
0
 

Author Comment

by:grazal
Comment Utility
What about Untangle's web/content filtering?  Does it filter based on IP address and not by user/group policies?     Will it solve my original problem?   Please help!!!
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 76

Expert Comment

by:arnold
Comment Utility
You can get knoppix, ubuntu, or centos live CDs.
www.knoppix.com
www.ubuntu.net
www.centos.org

Burn the CD, boot a system with the liveCD and check it out.  They will load in graphical mode.

If you have an older unused system lying around, you can setup one of the above. The configuration of squid file is the same.  In graphical mode, you can similarly navigate with the file manager tool to the location of the configuration files.
There are several resources on the net as well as here that will guide you through the setup you want.

Unfortunately, for content filtering options in squid, you may have little choice but to try your hand in setting up squid on linux.

I think you'll do fine.
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
I am not familiar enough with untangle.  
0
 

Author Comment

by:grazal
Comment Utility
Does enyone else out there familiar with Untangle?  If I donwload it in Windows 2000 server.  Will it work?
0
 

Author Comment

by:grazal
Comment Utility
And if Untangle can work in a Win 2000 server.  Can Untangle become a Web proxy server?  I want to continue using our existing CISCO PIX firewall.  I just want to redirect my web filtering to Untangle and make it a proxy server.  Is that possible?
0
 
LVL 76

Expert Comment

by:arnold
Comment Utility
Untangle does not support wccp according to another EE question (http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_23748436.html?sfQueryTermInfo=1+untangl) which might be what you are planning to do.  I.e. configure the pix to route web traffic through the squid process via wccp+gre.
Untangle has two options. one is what you've described.  The other is to install untangle onto a system creating a security appliance that will "transparently" filter web content.

You can through DNS advertise proxy setting that will be read in if auto-discovery of proxy settings is set in the browser.
http://nscsysop.hypermart.net/setproxy.html

0
 

Author Closing Comment

by:grazal
Comment Utility
Thanks for your help.  I'll just use Squid for URL web filtering for now; and if I will take a different step if I want to pursue the content filtering later on.  For now, I'll just concentrate on the whitelist/blacklist only.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now