Solved

Selectively unrestrict and restict web access based on IP address in SquidNT config

Posted on 2008-10-09
12
813 Views
Last Modified: 2013-12-16
Background:  here's my network subnets:
#unrestricted; but need to restricts porn, weapons, etc:
192.168.5.10  -  192.168.5.191  
192.168.10.10  -  192.168.10. 100
192.168.70.10  -  192.168.70. 191
#within the above subnets need to set up the following are administrators (completely unrestricted):
192.168.5.14,  192.168.5.192,  192.168.5.128,  192.168.5.19
192.168.10.223,  192, 168.10.124,   192.168.10.
192.168.70.92,  192.168.70.111
#the following should be restricted to the whitelist only and blocklist only:
192.168.5.192 - 192.168.5.254
192.168.10.101 - 192. 168. 10. 254
192.168.70.192  -  192.168.70.254

Access to the internet is based on IP addresses only (no user, no group authentications).
How do I define the ACLs and http_access based on the above scenario?
Please help!
0
Comment
Question by:grazal
  • 6
  • 6
12 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 22695085
To achieve a content based restriction, you would likely need to find a Commercial product such as http://www.securecomputing.com/ which I believe can be tied into squid.

The whitelist, blocklist I am uncertain of, but the following might be a reference:
http://www.screaming-penguin.com/node/3871
0
 
LVL 77

Expert Comment

by:arnold
ID: 22695188
Another option you might explore is using a GPO to enable/disable content filtering in IE using content adviser though the restriction might not be as fine grained to only limit a specific.
Squid can be configured to behave differently based on the user's group membership.  
0
 

Author Comment

by:grazal
ID: 22700108
So Squid can't do what I'm trying to do?  cuz this is all I need Squid to do for us.  We don't use active directory and GPO policies; stickly access to the web is by IP addresses only.

0
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 22702792
0
 

Author Comment

by:grazal
ID: 22742494
It looks like content filtering sofware (e.g. Dans Guardian and Squid Guards) are only available in Unix OS.  I only have the SquidNT running in Windows 2000.   We have Unix OS in our network, but I don't know my way around Linux yet (I'm a Windows person).  I know how to navigate around Windows but not in Linux/Unix, that's why I opted for SquidNT instead.

I would like to use Squid in Linux, but I don't know my way around Linux.  
0
 

Author Comment

by:grazal
ID: 22744161
What about Untangle's web/content filtering?  Does it filter based on IP address and not by user/group policies?     Will it solve my original problem?   Please help!!!
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 77

Expert Comment

by:arnold
ID: 22744331
You can get knoppix, ubuntu, or centos live CDs.
www.knoppix.com
www.ubuntu.net
www.centos.org

Burn the CD, boot a system with the liveCD and check it out.  They will load in graphical mode.

If you have an older unused system lying around, you can setup one of the above. The configuration of squid file is the same.  In graphical mode, you can similarly navigate with the file manager tool to the location of the configuration files.
There are several resources on the net as well as here that will guide you through the setup you want.

Unfortunately, for content filtering options in squid, you may have little choice but to try your hand in setting up squid on linux.

I think you'll do fine.
0
 
LVL 77

Expert Comment

by:arnold
ID: 22744380
I am not familiar enough with untangle.  
0
 

Author Comment

by:grazal
ID: 22744486
Does enyone else out there familiar with Untangle?  If I donwload it in Windows 2000 server.  Will it work?
0
 

Author Comment

by:grazal
ID: 22744527
And if Untangle can work in a Win 2000 server.  Can Untangle become a Web proxy server?  I want to continue using our existing CISCO PIX firewall.  I just want to redirect my web filtering to Untangle and make it a proxy server.  Is that possible?
0
 
LVL 77

Expert Comment

by:arnold
ID: 22745618
Untangle does not support wccp according to another EE question (http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_23748436.html?sfQueryTermInfo=1+untangl) which might be what you are planning to do.  I.e. configure the pix to route web traffic through the squid process via wccp+gre.
Untangle has two options. one is what you've described.  The other is to install untangle onto a system creating a security appliance that will "transparently" filter web content.

You can through DNS advertise proxy setting that will be read in if auto-discovery of proxy settings is set in the browser.
http://nscsysop.hypermart.net/setproxy.html

0
 

Author Closing Comment

by:grazal
ID: 31504726
Thanks for your help.  I'll just use Squid for URL web filtering for now; and if I will take a different step if I want to pursue the content filtering later on.  For now, I'll just concentrate on the whitelist/blacklist only.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now