Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Selectively unrestrict and restict web access based on IP address in SquidNT config

Posted on 2008-10-09
12
Medium Priority
?
840 Views
Last Modified: 2013-12-16
Background:  here's my network subnets:
#unrestricted; but need to restricts porn, weapons, etc:
192.168.5.10  -  192.168.5.191  
192.168.10.10  -  192.168.10. 100
192.168.70.10  -  192.168.70. 191
#within the above subnets need to set up the following are administrators (completely unrestricted):
192.168.5.14,  192.168.5.192,  192.168.5.128,  192.168.5.19
192.168.10.223,  192, 168.10.124,   192.168.10.
192.168.70.92,  192.168.70.111
#the following should be restricted to the whitelist only and blocklist only:
192.168.5.192 - 192.168.5.254
192.168.10.101 - 192. 168. 10. 254
192.168.70.192  -  192.168.70.254

Access to the internet is based on IP addresses only (no user, no group authentications).
How do I define the ACLs and http_access based on the above scenario?
Please help!
0
Comment
Question by:grazal
  • 6
  • 6
12 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 22695085
To achieve a content based restriction, you would likely need to find a Commercial product such as http://www.securecomputing.com/ which I believe can be tied into squid.

The whitelist, blocklist I am uncertain of, but the following might be a reference:
http://www.screaming-penguin.com/node/3871
0
 
LVL 81

Expert Comment

by:arnold
ID: 22695188
Another option you might explore is using a GPO to enable/disable content filtering in IE using content adviser though the restriction might not be as fine grained to only limit a specific.
Squid can be configured to behave differently based on the user's group membership.  
0
 

Author Comment

by:grazal
ID: 22700108
So Squid can't do what I'm trying to do?  cuz this is all I need Squid to do for us.  We don't use active directory and GPO policies; stickly access to the web is by IP addresses only.

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 81

Accepted Solution

by:
arnold earned 1500 total points
ID: 22702792
0
 

Author Comment

by:grazal
ID: 22742494
It looks like content filtering sofware (e.g. Dans Guardian and Squid Guards) are only available in Unix OS.  I only have the SquidNT running in Windows 2000.   We have Unix OS in our network, but I don't know my way around Linux yet (I'm a Windows person).  I know how to navigate around Windows but not in Linux/Unix, that's why I opted for SquidNT instead.

I would like to use Squid in Linux, but I don't know my way around Linux.  
0
 

Author Comment

by:grazal
ID: 22744161
What about Untangle's web/content filtering?  Does it filter based on IP address and not by user/group policies?     Will it solve my original problem?   Please help!!!
0
 
LVL 81

Expert Comment

by:arnold
ID: 22744331
You can get knoppix, ubuntu, or centos live CDs.
www.knoppix.com
www.ubuntu.net
www.centos.org

Burn the CD, boot a system with the liveCD and check it out.  They will load in graphical mode.

If you have an older unused system lying around, you can setup one of the above. The configuration of squid file is the same.  In graphical mode, you can similarly navigate with the file manager tool to the location of the configuration files.
There are several resources on the net as well as here that will guide you through the setup you want.

Unfortunately, for content filtering options in squid, you may have little choice but to try your hand in setting up squid on linux.

I think you'll do fine.
0
 
LVL 81

Expert Comment

by:arnold
ID: 22744380
I am not familiar enough with untangle.  
0
 

Author Comment

by:grazal
ID: 22744486
Does enyone else out there familiar with Untangle?  If I donwload it in Windows 2000 server.  Will it work?
0
 

Author Comment

by:grazal
ID: 22744527
And if Untangle can work in a Win 2000 server.  Can Untangle become a Web proxy server?  I want to continue using our existing CISCO PIX firewall.  I just want to redirect my web filtering to Untangle and make it a proxy server.  Is that possible?
0
 
LVL 81

Expert Comment

by:arnold
ID: 22745618
Untangle does not support wccp according to another EE question (http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_23748436.html?sfQueryTermInfo=1+untangl) which might be what you are planning to do.  I.e. configure the pix to route web traffic through the squid process via wccp+gre.
Untangle has two options. one is what you've described.  The other is to install untangle onto a system creating a security appliance that will "transparently" filter web content.

You can through DNS advertise proxy setting that will be read in if auto-discovery of proxy settings is set in the browser.
http://nscsysop.hypermart.net/setproxy.html

0
 

Author Closing Comment

by:grazal
ID: 31504726
Thanks for your help.  I'll just use Squid for URL web filtering for now; and if I will take a different step if I want to pursue the content filtering later on.  For now, I'll just concentrate on the whitelist/blacklist only.
0

Featured Post

Big Data Means Big Business

In data-dependent industries like IT, finance, and healthcare, there’s a growing demand for qualified analysts to fill leadership roles. WGU’s MS in Data Analytics has IT certifications from Oracle and SAS built into its curriculum at a flat fee that could save you money.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month13 days, 7 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question