Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: [solved] Block access to all sites except one using Squid
Homework and Emergencies Emergency UNIX and Linux Support [solved] Block access to all sites except one using Squid Post 302691451 by jim mcnamara on Friday 24th of August 2012 02:39:38 PM
Old 08-24-2012
I am not sure about ports - but this will block evrything except <blah>
I put # for comments You also need to add localhost so some things don't break.
Code:
acl deny_net src xxx.xxx.0.1- xxx.xxx.0.254    # you get to fiddle with these two lines add more lines as needed
acl deny_net src 10.10.0.1-10.10.0.24           # this is ipv4
acl all src 0.0.0.0/0.0.0.0                             # leave this one alone

acl whitelist dstdomain .example.com
http_access deny deny_net
http_access allow whitelist allow_net
http_access deny all

If you use "acl deny all" it undoes everything above it. The chances of your breaking something are good doing something like the above.

We usually just use a router for this, and allow one subnet through.
Last edited by jim mcnamara; 08-24-2012 at 03:55 PM..
 

9 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

How to redirect to squid login web page when internet access

Hi , I am new user. As you know when acl is defined in /etc/squid/squid.conf file according to its http_access users are able to access internet. Before that .htaccess asks them to access internet. It is fine. I saw in some customised linux servers in place of .htaccess login ,html web page... (1 Reply)
Discussion started by: sandeepvson
1 Replies

2. UNIX for Advanced & Expert Users

Squid cannot load https sites

Hi guys On FC9 we are running squid-3.0.STABLE2-2.fc9.i386 HTTP traffic works fine, no problems there. When I try to access a secure site, IE, Chrome and Firefox says the page cannot be loaded. I do not see any log entries in the squid access log or the servers messages file. ... (3 Replies)
Discussion started by: wbdevilliers
3 Replies

3. IP Networking

Block sites images with Squid!?

Hi, How i can block images from a particular site with squid? for example i want images from www.yahoo.com not displayed but other site content displayed to user? and how can i authenticate squid users (for e.g webproxy) with windows server 2003 domain controller (Active Directory) ... (0 Replies)
Discussion started by: skynet_boy
0 Replies

4. Emergency UNIX and Linux Support

Configure Squid to use LDAP group auth to deny internet access

Hi all We have squid-2.5.STABLE11-3.FC4 running in our environment. LDAP authentication works fine. Active Directory 2003 Users are prompted to enter credentials every time they access the net. The system works perfectly, but I need to configure Squid to block users in a specific AD group.... (1 Reply)
Discussion started by: wbdevilliers
1 Replies

5. IP Networking

Blocking sites with squid

Hi i have created a proxy with squid and i need to block all domains of yahoo let's say . i have to configure squid.conf but idk how.. (1 Reply)
Discussion started by: g0dlik3
1 Replies

6. UNIX for Dummies Questions & Answers

squid 3.1 block website notworking

squid 3.1.8 on fedora14 http_port 3128 transparent no-connection-auth icp_port 0 icp_query_timeout 0 mcast_icp_query_timeout 2000 dead_peer_timeout 10 seconds log_fqdn off cache_dir aufs /var/spool/squid 1024 16 256 cache_access_log /var/log/squid/access.log cache_access_log ... (0 Replies)
Discussion started by: slackman
0 Replies

7. IP Networking

Squid vs iptables = no Squid access.log?

Hello, I have a pretty useless satellite link at home (far from any civilization), so I wanted to set up caching in order to speed things up. My Squid 2.6 runs "3128 transparent" and is set up quite well on a separate machine. I also have my dd-wrt router to move all port 80 traffic through... (0 Replies)
Discussion started by: theWojtek
0 Replies

8. UNIX for Advanced & Expert Users

squid: Allow access to only one site and only via 80 or 443

Can someone please give me the conf file line to allow access to myexample.com and only that site, and only through http and https? So far I have only that site accessible via http, but all https sites are opened. Squid 3.1 on Cent 6 ---------- Post updated at 12:06 PM ---------- Previous... (0 Replies)
Discussion started by: glev2005
0 Replies

9. Proxy Server

How to use Squid on Linux to control certain IP to access Web Server and certain IP cannot access?

Dear all experts here, :) I would like to install a proxy server on Linux server to perform solely to control the access of Web server. In this case, some of my vendor asked me to try Squid and I have installed it onto my Linux server. I would like know how can I set the configuration to... (1 Reply)
Discussion started by: kwliew999
1 Replies

LEARN ABOUT OSX

ypserv.acl

YPSERV.ACL(5)						      BSD File Formats Manual						     YPSERV.ACL(5)

NAME

     ypserv.acl -- ypserv(8) configuration file

DESCRIPTION

     The ypserv.acl file controls which hosts can connect to the YP server.

     The format is more complex than the format for securenet(5).  The first two verbs on each line controls if the line will allow or deny access
     for a host, network (net) or all hosts.

     The YP server reads the configuration file and build a list in memory. This list is processed from the beginning for every incomming request.
     As soon a match is found in the list the search terminates and it returns success or failure depending on allow or deny.  If no match was
     found in the list success is returned.

     If access is denied every call will cause a no such domain error for the caller.

     Don't forget to allow localhost access if you want the machine running ypserv access it too.

     There is no default name for this file. Start ypserv with a -a filename to read a file with this format.

     The following different syntax can be used:

     < allow|deny > host < hostname|ip-address >

     If hostname has more than one ip address then all will be added to the list.

     < allow|deny > net < netname|netnumber > [netmask <netname|netnumber>]

     If netmask part of the command isn't given then the netmask will be assumed to be a class A, B or C net depending on the net number.

     < allow|deny > all

     A line containing one of these commands will always match any host.

EXAMPLES

     A configuration file might appear as follows:

     # This is an example of an access control file to be used by ypserv.
     #
     # This file is parsed line by line. First match will terminate the check
     # of the caller.
     #

     ###########################################################################
     # This is the commands that will match a single host
     #
     #	     allow host <hostname|ip-address>
     #	     deny host <hostname|ip-address>
     #
     # To process hostname gethostbyname is called. If the hostname has
     # multiple ip-addresses all will be added (I hope). ip-address
     # processed by inet_aton.
     allow host localhost
     deny host jodie

     ###########################################################################
     # This is the commands that will match a network
     #
     #	     allow net <netname|netnumber> [netmask <netname|netnumber>]
     #	     deny net <netname|netnumber> [netmask <netname|netnumber>]
     #
     # To process netname getnetbyname is called, and inet_aton is used for
     # netnumber. inet_aton both access numbers as 255.255.255.0 and 0xffffff00.
     #
     # If netmask isn't given the parser will assume netmask from the first bits
     # of the network number. So if the network is subneted the you have to add
     # the netmask. In my case I've got the network 139.58.253.0 at home so too
     # allow any of my computers to talk with the server I need the following
     # line
     #
     allow net mojathome netmask 255.255.255.0

     ###########################################################################
     # At last we have a command that will match any caller:
     #
     #	     allow all
     #	     deny all
     #

     # reject all connections
     deny all

FILES

     /var/yp/ypserv.acl  A ypserv(8) configuration file.

SEE ALSO

     yp(8), ypserv(8), securenet(5)

AUTHOR

     Mats O Jansson <moj@stacken.kth.se>

BSD
								   July 2, 1994 							       BSD
All times are GMT -4. The time now is 07:35 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy