Topic: SquidGuard Block Internet Access

[Richard Loy]

Hi all,

How can I use Squidguard to block all Internet website access to a user instead of denying access on some specified sites.  Is there a wildcard type address I can specify under untrusted sites?

Regards,
Richard Loy
Singapore

[krusty]

There is a package you can get called e-smith-squid-0.3-2.i386.rpm. This puts a proxy user interface in the server manger. Set the proxy to be protected and dont give this person right to pass through it. No proxy pass No web

[Richard Loy]

H Krusty,

I have tried that before.  It is good and efficient except that when I receive mails with URL links, it kept asking me for password for each link, which drives me and other email users nuts.  Anyway, it kept crashing my Squid proxy lately, after I installed the CISCO 515E Pix firewall.

Thanks.

Regards,
Richard Loy

[Kelvin]

Richard,

The method I use is to give the user you want to block a fixed IP address (you can fix his IP through the hostnames server panel - you'll need to know his MAC address), then deny web access to that IP in squid.conf. This involves modifying the templates and can get very messy if you are trying to block a large number of users. But for small numbers, it works.

By the way, this works both ways, ie. if you have a large number of people to block, specify to allow only the IPs you want and block all others. If you have a small number of people to block, do the reverse, ie. block the IPs you specify and allow all others through.

Kelvin

[ryan]

Provided your client is Win2k or XP Pro and not an admin on the computer, you can statically add a bogus IP address for the gateway.  This will keep this computer seeing only the local lan.

If the user must access services on the internet, you can add route statements to allow access to certain networks using route add command.  

ryan