?
Solved

Selectively unrestrict and restict web access based on IP address in SquidNT config

Posted on 2008-10-09
12
Medium Priority
?
830 Views
Last Modified: 2013-12-16
Background:  here's my network subnets:
#unrestricted; but need to restricts porn, weapons, etc:
192.168.5.10  -  192.168.5.191  
192.168.10.10  -  192.168.10. 100
192.168.70.10  -  192.168.70. 191
#within the above subnets need to set up the following are administrators (completely unrestricted):
192.168.5.14,  192.168.5.192,  192.168.5.128,  192.168.5.19
192.168.10.223,  192, 168.10.124,   192.168.10.
192.168.70.92,  192.168.70.111
#the following should be restricted to the whitelist only and blocklist only:
192.168.5.192 - 192.168.5.254
192.168.10.101 - 192. 168. 10. 254
192.168.70.192  -  192.168.70.254

Access to the internet is based on IP addresses only (no user, no group authentications).
How do I define the ACLs and http_access based on the above scenario?
Please help!
0
Comment
Question by:grazal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
12 Comments
 
LVL 79

Expert Comment

by:arnold
ID: 22695085
To achieve a content based restriction, you would likely need to find a Commercial product such as http://www.securecomputing.com/ which I believe can be tied into squid.

The whitelist, blocklist I am uncertain of, but the following might be a reference:
http://www.screaming-penguin.com/node/3871
0
 
LVL 79

Expert Comment

by:arnold
ID: 22695188
Another option you might explore is using a GPO to enable/disable content filtering in IE using content adviser though the restriction might not be as fine grained to only limit a specific.
Squid can be configured to behave differently based on the user's group membership.  
0
 

Author Comment

by:grazal
ID: 22700108
So Squid can't do what I'm trying to do?  cuz this is all I need Squid to do for us.  We don't use active directory and GPO policies; stickly access to the web is by IP addresses only.

0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 79

Accepted Solution

by:
arnold earned 1500 total points
ID: 22702792
0
 

Author Comment

by:grazal
ID: 22742494
It looks like content filtering sofware (e.g. Dans Guardian and Squid Guards) are only available in Unix OS.  I only have the SquidNT running in Windows 2000.   We have Unix OS in our network, but I don't know my way around Linux yet (I'm a Windows person).  I know how to navigate around Windows but not in Linux/Unix, that's why I opted for SquidNT instead.

I would like to use Squid in Linux, but I don't know my way around Linux.  
0
 

Author Comment

by:grazal
ID: 22744161
What about Untangle's web/content filtering?  Does it filter based on IP address and not by user/group policies?     Will it solve my original problem?   Please help!!!
0
 
LVL 79

Expert Comment

by:arnold
ID: 22744331
You can get knoppix, ubuntu, or centos live CDs.
www.knoppix.com
www.ubuntu.net
www.centos.org

Burn the CD, boot a system with the liveCD and check it out.  They will load in graphical mode.

If you have an older unused system lying around, you can setup one of the above. The configuration of squid file is the same.  In graphical mode, you can similarly navigate with the file manager tool to the location of the configuration files.
There are several resources on the net as well as here that will guide you through the setup you want.

Unfortunately, for content filtering options in squid, you may have little choice but to try your hand in setting up squid on linux.

I think you'll do fine.
0
 
LVL 79

Expert Comment

by:arnold
ID: 22744380
I am not familiar enough with untangle.  
0
 

Author Comment

by:grazal
ID: 22744486
Does enyone else out there familiar with Untangle?  If I donwload it in Windows 2000 server.  Will it work?
0
 

Author Comment

by:grazal
ID: 22744527
And if Untangle can work in a Win 2000 server.  Can Untangle become a Web proxy server?  I want to continue using our existing CISCO PIX firewall.  I just want to redirect my web filtering to Untangle and make it a proxy server.  Is that possible?
0
 
LVL 79

Expert Comment

by:arnold
ID: 22745618
Untangle does not support wccp according to another EE question (http://www.experts-exchange.com/Networking/Network_Management/Network_Design_and_Methodology/Q_23748436.html?sfQueryTermInfo=1+untangl) which might be what you are planning to do.  I.e. configure the pix to route web traffic through the squid process via wccp+gre.
Untangle has two options. one is what you've described.  The other is to install untangle onto a system creating a security appliance that will "transparently" filter web content.

You can through DNS advertise proxy setting that will be read in if auto-discovery of proxy settings is set in the browser.
http://nscsysop.hypermart.net/setproxy.html

0
 

Author Closing Comment

by:grazal
ID: 31504726
Thanks for your help.  I'll just use Squid for URL web filtering for now; and if I will take a different step if I want to pursue the content filtering later on.  For now, I'll just concentrate on the whitelist/blacklist only.
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
You deserve ‘straight talk’ from your cloud provider about your risk, your costs, security, uptime and the processes that are in place to protect your mission-critical applications.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month10 days, 21 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question