Solved

squid

Posted on 2011-03-08
10
763 Views
Last Modified: 2012-05-11
i have squid running on a fedora box. i want to make an entry in the squid.conf to allow everything and then have a block list - so kind of the opposite of what i currently have - for example one of my entries looks like this.

# walkup kiosk
acl blockedsites src 172.16.26.100
acl oksites dstdomain "/etc/squid/allowedsites.acl"
http_access allow blockedsites oksites

I'm just not sure what the syntax would be. any ideas?
0
Comment
Question by:JeffBeall
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 21

Expert Comment

by:robocat
ID: 35071833

http_access deny blockedsites
http_access allow all

(the order of these is important, first block specific things, then allow the rest)

0
 
LVL 76

Accepted Solution

by:
arnold earned 167 total points
ID: 35071881
Could you clarify what you are doing?
Is this a reverse proxy configuration?
I.e. you have the squid proxy listening on port 80 as though it is a web server and then passes the requests to the real web server? And what you want to do is control based on the source of the request what sites they can and can not access?

If you allow first, the deny is never seen/checked within squid.
The rule flow is top down,
check match (allow/deny) fallthrough if no match, enforce the action
check match (allow/deny) fallthrough
acl oksites url_regex -i "/etc/squid/allowedsites" #where the allowedsites are a domain per line
allowdomain1.com
allowdomain2.com


the format of the rule would be
http_access allow oksites source_of_request
http_access deny oksites
0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35072937
this sounds like what i want, but in the following

http_access deny blockedsites
http_access allow all

after deny - would i have to tell squid where blockedsites is? I mean isn't blockedsites a list? do i need to begin these line with acl?
also, how could i use the above command on a block of ip's?
0
 
LVL 76

Expert Comment

by:arnold
ID: 35073063
The problem is that you have defined blockedsites as a network IP.
acl blockedsites src 172.116.26.100
you can deny it access while allowing all else
http_access deny blockedsites
http_access allow  all


Double check what it is you want to block and to where.

0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35073270
" The problem is that you have defined blockedsites as a network IP."

i am new to squid - and the vast majority of my entries in squid.conf is the result of google. so if that entry isn't correct i have no problem removing it.
mostly i want to allow access to everything but a list of blocked sites - i would like a list so that as needed i could just add to the list and restart the squid service.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 21

Expert Comment

by:robocat
ID: 35073471

Suppose you want to block access to facebook and youtube:

acl blockedsites dstdomain .facebook.com .youtube.com

or

acl blockedsites dstdomain "/etc/squid/blockedsites.txt"

and put the forbidden sites in that text file.

0
 
LVL 1

Author Comment

by:JeffBeall
ID: 35073645
so it would be

acl blockedsites dstdomain "/etc/squid/blockedsites.txt"
http_access allow all

?
0
 
LVL 21

Assisted Solution

by:robocat
robocat earned 167 total points
ID: 35074359

acl blockedsites dstdomain "/etc/squid/blockedsites.txt"
http_access deny blockedsites
http_access allow all
0
 
LVL 12

Assisted Solution

by:mccracky
mccracky earned 166 total points
ID: 35084117
Just remember that you would need to have squid reread the configuration if you wanted to add sites to the "/etc/squid/blockedsites.txt" file (squid -k reconfigure).  It wouldn't be automatically reread.  
0
 
LVL 1

Author Closing Comment

by:JeffBeall
ID: 35084482
thank you! this worked perfectly.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
SSL RA VPN 7 78
Error viewing ASP page 12 98
linux boot fsck problem 3 44
IT Contract Fee 17 81
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now