Topic: squidGuard restrict access by IP

[robert]

I want to either allow-only-some-IPs or restrict-some-IPs from web browsing (whilst still allowing email from sme 5.6).

Can anyone please lead me in the right direction?
Rob

ps I dont want to restrict to 'valid-only' I want to prevent ALL browsing:
I thought of perhaps an 'all-IP' entry in aggressive/.blocked, then having my allow-IPs in the 'unrestricted' but dont seem to know enough to do that,
or it did not work.

[ryan]

robert,

If your dealing with 2k or XP, you can use Run:  gpedit.msc and set a bogus proxy server such as 'noproxy'.  Then in gpedit, make it so the proxy entry can't be changed.  You can also prevent iexplore.exe from running in gpedit.  This will take care of all port 80 traffic and will allow email.  If your in a routed environment, it will continue to work.  This won't stop instant messengers, irc, ftp, p2p, etc...just web browsing.  

Simpler is to set a bogus gateway in 2k or XP.   Email will work, but don't do this if in a routed environment unless you want to manually enter persistent routing entries into the routing table.  With a bogus gateway, your client does not leave the local LAN.  

Both of the above assume you have admin access to the PCs and the users are plain users.  Keep in mind that anything done in gpedit.msc affects the admin user as well.

ryan

[Byte]

Try this http://forums.contribs.org/index.php?topic=9070.msg34322#msg34322
 
Or

from what I posted before to block indivual ips follow this http://forums.contribs.org/index.php?topic=9070.msg34322#msg34322

[%sig%]

[Byte]

Byte wrote:

> from what I posted before to block indivual ips follow this
> http://forums.contribs.org/index.php?topic=18644.msg73437#msg73437
 
That url might not be the one you want, there is one an example on how to allow you will have to search for that as I just did quick search and couldnt find anything!

BTW - you could look at manual http://squid.visolve.com/squid24s1/access_controls.htm

[%sig%]

[robert]

THANKS TO RESPONSES
but Im trying to list allow/deny IPs in squidGuard.conf

after MUCH trial and all errors Ive got it! for anyone interested....

I use the 'unrestricted' (as the list can be maintained in server-manager) to list my 'restricted' IPs.

Then change squidGuard.conf in the acl section:
- add a 'redirect' line the same as in the default (a few lines below in the conf) into the 'unrestricted' parapgragh
- and change the 'pass all' to 'pass none'
(just a lucky guess that, as I could not find any docs on 'pass' - if anyone knows where there is some pls let me know):

The result is as follows (the redirect line has wrapped)...

# default policy
        unrestricted {
        pass none
        redirect http://IP/cgi-bin/blocked.cgi?clientaddr=%a&clientna
me=%n&clientuser=%i&clientgroup=%s&url=%u
    }

PS remember that this is a template file!
   so when you get it right, change the generating file too...

/etc/e-smith/templates/usr/local/squidGuard/squidGuard.conf/45-acl-local

[byte]

Robert - Thanks for that too, I now have another way of doing this will test out.

Byte