Login or Register to Ask a Question and Join Our Community


UNIX for Dummies Questions & Answers

squid 3.1 block website notworking

 
Thread Tools Search this Thread
Top Forums UNIX for Dummies Questions & Answers squid 3.1 block website notworking
# 1  
Old 02-24-2012
squid 3.1 block website notworking
squid 3.1.8 on fedora14

Code:
http_port 3128 transparent no-connection-auth
icp_port 0
icp_query_timeout 0
mcast_icp_query_timeout 2000
dead_peer_timeout 10 seconds
log_fqdn off

cache_dir aufs /var/spool/squid 1024 16 256
cache_access_log  /var/log/squid/access.log
cache_access_log  /usr/local/bin/squid_log/access.log

max_filedescriptors 65536
cache_store_log none
logfile_rotate 90

ftp_user Squid@
ftp_list_width 32
ftp_passive on
ftp_sanitycheck on

quick_abort_min 0 KB
quick_abort_max 0 KB
quick_abort_pct 100
negative_ttl 2 minutes
positive_dns_ttl 60 seconds
negative_dns_ttl 30 seconds
forward_timeout 5 minutes
connect_timeout 5 minutes
peer_connect_timeout 1 minutes
pconn_timeout 120 seconds

read_timeout 15 minutes
request_timeout 5 minutes
persistent_request_timeout 2 minute
shutdown_lifetime 1 seconds
client_lifetime 1 day
half_closed_clients off
ie_refresh on
coredump_dir /var/spool/squid

acl manager proto cache_object
acl localhost src 127.0.0.0/8
follow_x_forwarded_for allow localhost


# ----- Acl Controls

acl SSL_ports port 443      # https
acl SSL_ports port 563      # snews
acl SSL_ports port 873      # rsync
acl Safe_ports port 80      # http
acl Safe_ports port 21      # ftp
acl Safe_ports port 443      # https
acl Safe_ports port 70      # gopher
acl Safe_ports port 210      # wais
acl Safe_ports port 1025-65535   # unregistered ports
acl Safe_ports port 280      # http-mgmt
acl Safe_ports port 488      # gss-http
acl Safe_ports port 591      # filemaker
acl Safe_ports port 777      # multiling http
acl Safe_ports port 631      # cups
acl Safe_ports port 873      # rsync
acl Safe_ports port 901      # SWAT
acl CONNECT method CONNECT
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow all
icp_access allow all

acl SSL method CONNECT
never_direct allow SSL

url_rewrite_children 20
acl youtube_query url_regex -i \.youtube\.com\/get_video
acl metacafe_query dstdomain v.mccont.com
acl dailymotion_query url_regex -i proxy\-[0-9][0-9]\.dailymotion\.com\/
acl google_query dstdomain vp.video.google.com
acl redtube_query dstdomain dl.redtube.com
acl xtube_query url_regex -i p[0-9a-z][0-9a-z]?[0-9a-z]?\.xtube\.com\/videos
acl vimeo_query url_regex bitcast\.vimeo\.com\/vimeo\/videos\/
acl wrzuta_query url_regex -i va\.wrzuta\.pl\/wa[0-9][0-9][0-9][0-9]?
url_rewrite_access allow youtube_query
url_rewrite_access allow metacafe_query
url_rewrite_access allow dailymotion_query
url_rewrite_access allow google_query
url_rewrite_access allow redtube_query
url_rewrite_access allow xtube_query
url_rewrite_access allow vimeo_query
url_rewrite_access allow wrzuta_query
redirector_bypass on

acl store_rewrite_list url_regex ^http://(.*?)/get_video\?
acl store_rewrite_list url_regex ^http://(.*?)/videodownload\?
acl store_rewrite_list url_regex ^http://i(.*?).photobucket.com/albums/(.*?)/(.*?)/(.*?)\?
acl store_rewrite_list url_regex ^http://vid(.*?).photobucket.com/albums/(.*?)/(.*?)\?

cache allow store_rewrite_list
cache allow all

# ----- No Cache -------

hierarchy_stoplist cgi-bin ? localhost  .asp .aspx .php .inf .dll .Xt .xtp .ini localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ patch_lv1
acl QUERY urlpath_regex cgi-bin \? localhost  .asp .aspx .php .inf .dll .Xt .xtp .ini .exe localhost php$ inf$ dll$ Xt$ xtp$ ini$ asp$ aspx$ updatelist$ patch_lv1
cache deny QUERY

# ----- refresh_pattern--------

refresh_pattern -i \.*$ 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload

refresh_pattern -i ^https://*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^https://*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^https://www.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^https://www.*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*-*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*-*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*-*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*-*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*-*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*-*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*-*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*-*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.gg.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.org 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.org 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.com 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.net 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.org 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.co.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.in.th 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://www.*.*.org 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*.*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*-* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.*.* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.*.* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.*.* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://*.* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i ^http://* 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload

refresh_pattern -i .(gif|tif|tiff|jpeg|xbm|png|wrl|ico|pnm|pbm|pgm|ppm|rgb|xpm|xwd|pic|pict|bmp|jpg|jpe)$ 0 25000% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(arj|sit|zip|rar|rgz|cfg|rtf|psf|hqx|exe|lzh|lha|cab|tar|tgz|gz|Z|wp|wp5|ps|prn|srf|pdf|tex|latax|txt|doc|ppt|gpf|upd|iso|jar|bz2|uue|gzip|ace|cab|kf|a[0-9][0-9]|r[0-9][0-9])$ 0 100% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(midi|wav|aif|aiff|au|ram|ra|snd|mid|mp2|mp3|mp4|mov|mpg|mpeg|mpe|avi|qt|qtm|viv)$ 0 120% 1440 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern -i .(swf)$ 525960 18000% 525960 override-lastmod override-expire reload-into-ims ignore-reload
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320 reload-into-ims

refresh_pattern -i \\.flv$ 10080 90% 999999 ignore-no-cache override-expire ignore-private

# ----- Administrative Parameters

cache_mgr Slackman
cache_effective_user squid
cache_effective_group squid
visible_hostname naxserver

memory_pools on
memory_pools_limit 50 MB
forwarded_for on
client_db on
netdb_low 9900
netdb_high 10000
pipeline_prefetch on
balance_on_multiple_ip on
reload_into_ims on
vary_ignore_expire on

cache_mem 64 MB
maximum_object_size 20 MB
maximum_object_size_in_memory 512 KB
cache_swap_low 80%
cache_swap_high 100%
ipcache_size 4096
ipcache_low 90
ipcache_high 98
fqdncache_size 4096
client_netmask 255.255.255.255
ftp_passive on
ftp_sanitycheck on
dns_nameservers 127.0.0.1

cache_replacement_policy heap LFUDA
memory_replacement_policy heap GDSF

#Block some client to access job web-site
acl special_client src 1.1.1.1
acl special_url url_regex -i "/etc/squid/web_reject"
http_access allow special_client special_url
http_access deny special_url

#squid default configuration part III 
acl ip_local1 src all
acl maxconn_user maxconn 4000 
icp_access allow all 
acl ip_local2 url_regex -i all
acl file_type url_regex -i ftp \.exe$ \.mp3$ \.mp4$ \.wav$ \.iso$ \.qc$ \.wmv$ \.mpeg$ \.mpg$ \.tar$ 
delay_pools 1 
delay_class 1 1 
delay_parameters 1 100000000/512000 
delay_access 1 allow file_type 
http_access deny ip_local1 maxconn_user file_type 
http_reply_access allow all

cannot block website in /etc/squid/web_reject


please suggestion!!
 
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. IP Networking

Using Squid in Windows XP Getting Error can't open website

I have installed Squid squid-2.7.STABLE8-bin in Windows XP in Vmware Workstation .. i have installed it in C Drive And followed the steps mentioned below now squid is running .. the changes i have made to my squid file is Step i followed My Squid.conf File Configuration is here... (0 Replies)
Discussion started by: babinlonston
0 Replies

2. Emergency UNIX and Linux Support

[solved] Block access to all sites except one using Squid

I need a Squid config that allows access to only one domain: .example.com Traffic should only be allowed through if coming from 10.100.0.0/24 and only port 80 (http) and port 443 (https) traffic should be allowed through, but again, only to this ONE domain. It Must be Squid (no iptables... (3 Replies)
Discussion started by: glev2005
3 Replies

3. IP Networking

Squid vs iptables = no Squid access.log?

Hello, I have a pretty useless satellite link at home (far from any civilization), so I wanted to set up caching in order to speed things up. My Squid 2.6 runs "3128 transparent" and is set up quite well on a separate machine. I also have my dd-wrt router to move all port 80 traffic through... (0 Replies)
Discussion started by: theWojtek
0 Replies

4. UNIX for Dummies Questions & Answers

Using squid to block downloads by size and file type

Can someone tell me how I can use squid to block downloads by certain file types and/or by download size. I want to block people from downloading files of certain type e.g .mp3 and also files of sizes above 30MB. (1 Reply)
Discussion started by: bryanmuts2000
1 Replies

5. Shell Programming and Scripting

Regular expression inside case statement notworking

I have the following script: For catching errors like: But the regular expression ERROR*memory inside case doesn't seem to be working. The output of bash -x scriptname is: Please help (5 Replies)
Discussion started by: proactiveaditya
5 Replies

6. IP Networking

Block sites images with Squid!?

Hi, How i can block images from a particular site with squid? for example i want images from www.yahoo.com not displayed but other site content displayed to user? and how can i authenticate squid users (for e.g webproxy) with windows server 2003 domain controller (Active Directory) ... (0 Replies)
Discussion started by: skynet_boy
0 Replies

7. Linux

Does any hunk knows how to block ultrasurf in squid proxy red hat version 4

Does any one knows how to block ultrasurf in squid proxy ?:) I have one shell script i.e blocking all ultrsurf version except ultrasurf 8.9 if any one knows pls share the documents with me. (1 Reply)
Discussion started by: vishwanathhcl
1 Replies

8. Cybersecurity

Does any hunk knows how to block ultrasurf in squid proxy red hat version 4

Does any one knows how to block ultrasurf in squid proxy ? I have one shell script i.e blocking all ultrsurf version except ultrasurf 8.9 i f any one knows pls share the documents with me. Please read the rules: No double posting! Thank you - site moderator (0 Replies)
Discussion started by: vishwanathhcl
0 Replies

9. Linux

Problem with SQUID

hi all... i installed Red Hat 9...but i can use a proxy server with service squid... in my job i have a direct internet connection in the linux, but i configurate squid.conf...ports...ip's.... but still not working...with the windows machines.... in the linux server if i put the 127.0.0.0 port... (1 Reply)
Discussion started by: chanfle
1 Replies

10. Shell Programming and Scripting

copy to tape notworking

I am copying a file to tape but it keeps failing, can any body help? I tried the tar,cp, mv commands and not seems to be working #!/bin/ksh # # Return Codes # 0 - success # 1 - failure # # # dat=`date +%y%m%d` cp /u07/work/theo_test.log /dev/rmt0/exp_dump.${dat}.$$ if (( ${?}... (1 Reply)
Discussion started by: ted
1 Replies
Login or Register to Ask a Question