[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: IPCHAINS Implementation
Thanks for writing back. I have got the concept very clear now and for
others here are some clear cut examples that I had come across in
acl blockedsites url_regex "/etc/squid/block.txt"
acl unblockedsites url_regex "/etc/squid/unblock.txt"
http_access deny blockedsites
http_access allow unblockedsites all
in /etc/squid/block.txt give one site per line and same as in the
acl workinghours time M-F 8:00-18:00
# defining the working hours
acl sexsitez url_regex //[^/]*sex
# any url which has "sex" in the host part
acl eviluser user abcde
# block employee who is always surfing instead of work...
# don't forget to set ident_lookup on earlier in the config file
acl blockedsitez src 126.96.36.199/255.255.0.0
acl myfriend src 188.8.131.52/255.255.255.255
# there is a range of sites which is blocked from the cache,
# but in this range we have a friend, who is not
To build up the rules.
http_access deny sexsitez workinghours
#sex sites in working hours
http_access deny blockedsitez !myfriend
#the blocked range of sites. Only exception is our friend
This should make things more clear. Rest do R&D yourself.
George Joseph T
On Mon, 22 Jan 2001, Ambar Roy wrote:
> Hi George,
> Basically you setup one acl for every site/destination set that you
> might like to block, then you have to block each of those acls in seperate
> http_deny lines (If i remember correctly). Right now i don't use squid over
> here, and i deleted the old conf files, but basically it was something like
> acl <acl name and definationm here>
> http_deny <aclname>
> I used this mainly to block ad servers, and it was quite effective.
> for the syntax of the acl statement, see the squid.conf file for samples..
> /\ |\/| |3 /\ r
> > One more query. In squid.conf file which parameter is used to block
> > unwanted sites. Do we need to create seperate ACL's (Access Control List)
> > for each site ?? Please put some light on this and if possible give some
> > examples too.
> > > also note that in case you just wan't to block web access, then it is
> > > to set up transparent proxying with squid, and then letting squid do the
> > > filtering. With squid you can set up simple rules for access blocking,
> > > ipchains, it is really difficult to block anything effectively. ipchains
> > > better suited for protecting your internal network, and disallowing
> > > to ppl from the internal network. Lets say you wan't to block all yahoo
> > > sites. With squid, you just set up a rule for destination domain
> > > and then block it. with ipchains, you will surely go mad (yahoo seems to
> > > have hundreds of ip addresses!!!!) My experience has been real good with
> > > squid. (especially for things like banner ads, which choke up my net
> > > connections, squid works real nice.. just disable doubleclick.net,
> > > imgis.com, flycast.com, ads.*, ad.*, /banner/*, /adserve* and you will
> > > that all the users are really happy...)
> > >
> > > Bye,
> > > /\ |\/| |3 /\ r
> > > > The best option to achieve this without any major configuration
> changes is
> > > > the implementation of ipchains.
> > > >
> > > > I have a very simple but good article on ipchains attached with this
> > > > Which will be enough for you to configure what you require.
> > > > > Dear All,
> > > > >
> > > > > We are using LINUX server for last 7 months and with greate
> > > > > results in Deepalaya. The process of communication and
> > > > > documentation has become very effective for all Deepalaya
> > > > > units all over Delhi. Now we are facing a problem. We have
> > > > > to set up firewall at the minimum level. Like we want to
> > > > > block some sites. Can anyone tell us how to do it. Please
> > > > > tell us the easyest way so that we...with our moderate
> > > > > knowledge on Linux can do it. We know that firewall can be
> > > > > established at various levels. But we want to only block
> > > > > some sites.
> > >
> > >
> > >
> > > ------------------------------------------------
> > > The mailing list archives are available at
> > > http://lists.linux-india.org/cgi-bin/wilma/linux-delhi
> > >