02-24-2012
squid 3.1 block website notworking
squid 3.1.8 on fedora14
Code :
http_port 3128 transparent no-connection-auth
icp_port 0
icp_query_timeout 0
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
log_fqdn off
cache_dir aufs /var/spool/squid 1024 16 256
cache_access_log /var/log/squid/access.log
cache_access_log /usr/local/bin/squid_log/access.log
max_filedescriptors 65536
cache_store_log none
logfile_rotate 90
ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on
quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
negative_ttl 2 minutes
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
forward_timeout 5 minutes
connect_timeout 5 minutes
peer_connect_timeout 1 minutes
pconn_timeout 120 seconds
read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 2 minute
shutdown_lifetime 1 seconds
client_lifetime 1 day
half_closed_clients off
ie_refresh on
coredump_dir /var/spool/squid
acl manager proto cache_object
acl localhost src 127.0.0.0/8
follow_x_forwarded_for allow localhost
# ----- Acl Controls
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
icp_access allow all
acl SSL method CONNECT
never_direct allow SSL
url_rewrite_children 20
acl youtube_query url_regex -i \.youtube\.com\/get_video
acl metacafe_query dstdomain v.mccont.com
acl dailymotion_query url_regex -i proxy\-[0-9][0-9]\.dailymotion\.com\/
acl google_query dstdomain vp.video.google.com
acl redtube_query dstdomain dl.redtube.com
acl xtube_query url_regex -i p[0-9a-z][0-9a-z]?[0-9a-z]?\.xtube\.com\/videos
acl vimeo_query url_regex bitcast\.vimeo\.com\/vimeo\/videos\/
acl wrzuta_query url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
url_rewrite_access allow youtube_query
url_rewrite_access allow metacafe_query
url_rewrite_access allow dailymotion_query
url_rewrite_access allow google_query
url_rewrite_access allow redtube_query
url_rewrite_access allow xtube_query
url_rewrite_access allow vimeo_query
url_rewrite_access allow wrzuta_query
redirector_bypass on
acl store_rewrite_list url_regex ^http://(.*?)/get_video\?
acl store_rewrite_list url_regex ^http://(.*?)/videodownload\?
acl store_rewrite_list url_regex ^http://i(.*?).photobucket.com/albums/(.*?)/(.*?)/(.*?)\?
acl store_rewrite_list url_regex ^http://vid(.*?).photobucket.com/albums/(.*?)/(.*?)\?
cache allow store_rewrite_list
cache allow all
# ----- No Cache -------
hierarchy_stoplist cgi-bin ? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ patch_lv1
acl QUERY urlpath_regex cgi-bin \? localhost .asp .aspx .php .inf .dll .Xt .xtp .ini .exe localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ updatelist$ patch_lv1
cache deny QUERY
# ----- refresh_pattern--------
refresh_pattern -i \.*$ 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^https://*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^https://*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^https://www.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^https://www.*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*-*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*-*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*-*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*-*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*-*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*-*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*-*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*-*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.gg.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.org 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.org 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.org 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.org 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*.*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*.* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(gif|tif|tiff|jpeg|xbm|png|wrl|ico|pnm|pbm|pgm|ppm|rgb|xpm|xwd|pic|pict|bmp|jpg|jpe)$ 0 25000% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(arj|sit|zip|rar|rgz|cfg|rtf|psf|hqx|exe|lzh|lha|cab|tar|tgz|gz|Z|wp|wp5|ps|prn|srf|pdf|tex|latax|txt|doc|ppt|gpf|upd|iso|jar|bz2|uue|gzip|ace|cab|kf|a[0-9][0-9]|r[0-9][0-9])$ 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(midi|wav|aif|aiff|au|ram|ra|snd|mid|mp2|mp3|mp4|mov|mpg|mpeg|mpe|avi|qt|qtm|viv)$ 0 120% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(swf)$ 525960 18000% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 reload-into-ims
refresh_pattern -i \\.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private
# ----- Administrative Parameters
cache_mgr Slackman
cache_effective_user squid
cache_effective_group squid
visible_hostname naxserver
memory_pools on
memory_pools_limit 50 MB
forwarded_for on
client_db on
netdb_low 9900
netdb_high 10000
pipeline_prefetch on
balance_on_multiple_ip on
reload_into_ims on
vary_ignore_expire on
cache_mem 64 MB
maximum_object_size 20 MB
maximum_object_size_in_memory 512 KB
cache_swap_low 80%
cache_swap_high 100%
ipcache_size 4096
ipcache_low 90
ipcache_high 98
fqdncache_size 4096
client_netmask 255.255.255.255
ftp_passive on
ftp_sanitycheck on
dns_nameservers 127.0.0.1
cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF
#Block some client to access job web-site
acl special_client src 1.1.1.1
acl special_url url_regex -i "/etc/squid/web_reject"
http_access allow special_client special_url
http_access deny special_url
#squid default configuration part III
acl ip_local1 src all
acl maxconn_user maxconn 4000
icp_access allow all
acl ip_local2 url_regex -i all
acl file_type url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.wav$ \.iso$ \.qc$ \.wmv$ \.mpeg$ \.mpg$ \.tar$
delay_pools 1
delay_class 1 1
delay_parameters 1 100000000/512000
delay_access 1 allow file_type
http_access deny ip_local1 maxconn_user file_type
http_reply_access allow all
cannot block website in /etc/squid/web_reject
please suggestion!!
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I am copying a file to tape but it keeps failing, can any body help?
I tried the tar,cp, mv commands and not seems to be working
#!/bin/ksh
#
# Return Codes
# 0 - success
# 1 - failure
#
#
#
dat=`date +%y%m%d`
cp /u07/work/theo_test.log /dev/rmt0/exp_dump.${dat}.$$
if (( ${?}... (1 Reply)
Discussion started by: ted
1 Replies
2. Linux
hi all...
i installed Red Hat 9...but i can use a proxy server with service squid...
in my job i have a direct internet connection in the linux, but i configurate squid.conf...ports...ip's....
but still not working...with the windows machines....
in the linux server if i put the 127.0.0.0 port... (1 Reply)
Discussion started by: chanfle
1 Replies
3. Cybersecurity
Does any one knows how to block ultrasurf in squid proxy ?
I have one shell script i.e blocking all ultrsurf version except ultrasurf 8.9
i
f any one knows pls share the documents with me.
Please read the rules: No double posting! Thank you - site moderator (0 Replies)
Discussion started by: vishwanathhcl
0 Replies
4. Linux
Does any one knows how to block ultrasurf in squid proxy ?:)
I have one shell script i.e blocking all ultrsurf version except ultrasurf 8.9
if any one knows pls share the documents with me. (1 Reply)
Discussion started by: vishwanathhcl
1 Replies
5. IP Networking
Hi,
How i can block images from a particular site with squid?
for example i want images from www.yahoo.com not displayed but other site content displayed to user?
and
how can i authenticate squid users (for e.g webproxy) with windows server 2003 domain controller (Active Directory)
... (0 Replies)
Discussion started by: skynet_boy
0 Replies
6. Shell Programming and Scripting
I have the following script:
For catching errors like:
But the regular expression ERROR*memory inside case doesn't seem to be working.
The output of bash -x scriptname is:
Please help (5 Replies)
Discussion started by: proactiveaditya
5 Replies
7. UNIX for Dummies Questions & Answers
Can someone tell me how I can use squid to block downloads by certain file types and/or by download size.
I want to block people from downloading files of certain type e.g .mp3 and also files of sizes above 30MB. (1 Reply)
Discussion started by: bryanmuts2000
1 Replies
8. IP Networking
Hello,
I have a pretty useless satellite link at home (far from any civilization), so I wanted to set up caching in order to speed things up. My Squid 2.6 runs "3128 transparent" and is set up quite well on a separate machine.
I also have my dd-wrt router to move all port 80 traffic through... (0 Replies)
Discussion started by: theWojtek
0 Replies
9. Emergency UNIX and Linux Support
I need a Squid config that allows access to only one domain: .example.com
Traffic should only be allowed through if coming from 10.100.0.0/24
and only port 80 (http) and port 443 (https) traffic should be allowed through, but again, only to this ONE domain.
It Must be Squid (no iptables... (3 Replies)
Discussion started by: glev2005
3 Replies
10. IP Networking
I have installed Squid squid-2.7.STABLE8-bin in Windows XP in Vmware Workstation .. i have installed it in C Drive And followed the steps mentioned below now squid is running .. the changes i have made to my squid file is
Step i followed
My Squid.conf File Configuration is here... (0 Replies)
Discussion started by: babinlonston
0 Replies