nixCraft Linux Forum

nixCraft

Linux / UNIX Tech Support Forum

Squid Proxy

This is a discussion on Squid Proxy within the Linux software forums, part of the Linux Getting Started category; Hi I have installed redhat linux 9.0 in our office and configured squid transperant proxy + iptables firewall. I have ...


Go Back   nixCraft Linux Forum > Linux Getting Started > Linux software

Linux answers from nixCraft.


Linux software General questions and discussion about Redhat/Fedora Core/Cent OS, Debian and Ubuntu Linux related to softwares should go here.

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 27-11-2006, 12:25 PM
Member
User
 
Join Date: Nov 2006
Location: Bangalore
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
bubloob_13
Default Squid Proxy

Hi

I have installed redhat linux 9.0 in our office and configured squid transperant proxy + iptables firewall. I have segregated my users into two groups like support staff and general users. There is no restriction for support staff and general users can browse only their allowed site and i denied access to all pronography stuffs for all. Now i want to add few more urls to be allowed to browse, entered the same in my ACL. But squid is not allowing, but already allowed sites i able to browse but newly added urls i am not able to browse.

Here is my ACL control list

http_access allow localhost
acl mylan src 192.168.1.0/255.255.255.0
acl allowed_pc src "/etc/squid/allowed_pc"
acl support_staff src "/etc/squid/support_staff"
acl general src "/etc/squid/general"
acl rejects url_regex "/etc/squid/rejects"
acl allowed dstdomain "/etc/squid/allowed"

http_access deny rejects
http_access deny !allowed_pc
http_access deny !mylan
http_access allow general allowed allowed_pc
http_access allow support_staff !general
http_access deny all

"allowed_pc" contains all the ip address to be able to access internet
"support_staff" contains the ip address of theirs
"general" contains all the general users ip address

"rejects" has all the keywords and domain name of pronography stuffs. For eg.

# vi rejects
.sex.com
.playboy.com
xxx.com
teengirls
.
.
etc

"allowed" has all the urls which can be accessed by general group. For eg.

# vi allowed
www.firstflight.com
www.ffclchennai.net
http://mq.hathway.com/mqsweb
www.royalsundaram.com
https://onlineservices.tin.nsdl.com/...eUsingPanno.do
incometaxindiaefiling.gov.in
mail1.hathway.com
.
.
.
etc

In the above list , www.firstflight.com
www.ffclchennai.net i am able browse which i made the entry at the time of installation. I recently added the remaining site, but i am unable browse the following sites

http://mq.hathway.com/mqsweb
www.royalsundaram.com
https://onlineservices.tin.nsdl.com/...eUsingPanno.do

surpringly i am able to browse incomtaxindiaefiling.gov.in , that also i added recently.

I am restarting the squid server after each modification....

I have no clue what went wrong. Desperately need solution. Can you help me out

Thanks in advance

Sakthi
Reply With Quote
  #2 (permalink)  
Old 27-11-2006, 11:56 PM
rockdalinux's Avatar
Is that all you got?
User
 
Join Date: May 2005
Location: Planet Vegeta
OS: Redhat
Posts: 708
Thanks: 15
Thanked 19 Times in 18 Posts
Rep Power: 10
rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light
Default

Just add domain name, no need to add url and http stuff:
Code:
mq.hathway.com
www.royalsundaram.com
onlineservices.tin.nsdl.com
Let me know...
__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.
Reply With Quote
  #3 (permalink)  
Old 28-11-2006, 07:23 PM
Member
User
 
Join Date: Nov 2006
Location: Bangalore
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
bubloob_13
Default Squid Proxy

Even i added only domain name. It's not working..... To test the same i installed one more linux server configured the same, given only domain name, i am able to browse. But in first server i couldn't browse.. I have ditto configuration in both the servers . It's behaving funny,..

Somewhere i am making mistake.... checked the syntax for any extra space , instead of putting the allowed sites in a separate files i added those domain names in the acl command itself like

acl xyz dstdomain mq.hathway.com .llspl.com

but still the same result.... where is the mistake..

Pls. help me out

Thanks in advance

Sakthi.S
Reply With Quote
  #4 (permalink)  
Old 03-12-2006, 04:33 PM
Member
User
 
Join Date: Nov 2006
Location: Bangalore
Posts: 32
Thanks: 0
Thanked 0 Times in 0 Posts
Rep Power: 0
bubloob_13
Default Re.

Can someone help me out.....

Regards
Sakthi
Reply With Quote
  #5 (permalink)  
Old 03-12-2006, 11:26 PM
rockdalinux's Avatar
Is that all you got?
User
 
Join Date: May 2005
Location: Planet Vegeta
OS: Redhat
Posts: 708
Thanks: 15
Thanked 19 Times in 18 Posts
Rep Power: 10
rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light rockdalinux is a glorious beacon of light
Default

Make sure you are using same version of squid.
Code:
/usr/sbin/squid -v
__________________
Rocky Jr.
What's wrong? I hope I am not making you uncomfortable...

Never send a boy to do a mans job.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads

Thread Thread Starter Forum Replies Last Post
How to Squid 2.6 transparent proxy? alex.inoa Networking, Firewalls and Security 5 30-10-2007 03:41 AM
Restrict number of simultaneous proxy connections in SQUID proxy pkvmreddy Getting started tutorials 1 15-06-2007 03:52 PM
Squid Proxy Server lacloai Linux software 3 02-06-2007 10:19 PM
How to allow MSN messenger through squid proxy bubloob_13 Linux software 4 08-04-2007 09:37 AM
Problems With SQUID Proxy rcordeiro Linux software 25 04-01-2007 01:39 PM


All times are GMT +5.5. The time now is 04:59 PM.


Powered by vBulletin® Version 3.8.5 - Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.3.2
©2005-2010 nixCraft. All rights reserved

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38