Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: turtle2472 on December 10, 2007, 03:25:02 AM

Title: How do I block domains/site?
Post by: turtle2472 on December 10, 2007, 03:25:02 AM

I've search but to no avail.  I'm trying to block certain sites from my network and can't seem to figure it out.  Looking through the host names and domains section I'm not seeing what I am looking for.

Here is an example of what I'm trying to do, block my server from ever accessing "myspace.com", "spamadserver.com", etc. 

On my Linksys RV042 I can just list domains and it blocks them.  I am currently using OpenDNS and blocking some of them through that, however I would rather block them locally than though the DNS.  Thanks.

Title: Re: How do I block domains/site?
Post by: mmccarn on December 10, 2007, 05:30:08 AM

You can control browser access to domains using http://wiki.contribs.org/SquidGuard or http://wiki.contribs.org/Dansguardian.

If you need to block other traffic beyond plain http you might be able to do something with http://wiki.contribs.org/P2p.

Lastly, you can block all traffic by IP address using the methods described in http://bugs.contribs.org/show_bug.cgi?id=2977.

I don't know of any easy, non-DNS way to use your SME to simply block all traffic to a specific website or domain. 

You should be able to block external domains pretty well by defining them in 'server-manager' and configuring them to 'resolve locally' - especially if you have the HTTP transparent proxy enabled.

Perhaps a combination of the last option (create fake virtual domains locally) and blocking all outbound DNS queries?

Title: Re: How do I block domains/site?
Post by: turtle2472 on December 10, 2007, 07:27:43 AM

Thanks for the great ideas.  Those will work well in conjunction with OpenDNS.

Title: Re: How do I block domains/site?
Post by: raem on December 10, 2007, 07:55:09 AM

turtle2472 & mmccarn

Quote

Lastly, you can block all traffic by IP address using the methods described in http://bugs.contribs.org/show_bug.cgi?id=2977.

...and that is in the Firewall wiki
http://wiki.contribs.org/Firewall#Block_outgoing_ports

Title: Re: How do I block domains/site?
Post by: turtle2472 on December 10, 2007, 05:43:57 PM

Quote from: RayMitchell on December 10, 2007, 07:55:09 AM

...and that is in the Firewall wiki
http://wiki.contribs.org/Firewall#Block_outgoing_ports

Thanks for that link! :)

Title: Re: How do I block domains/site?
Post by: srobinson on December 11, 2007, 03:31:07 AM

Here’s how I block sites using SME 7.2.  I’m still new to Linux so the following may not be the best.

echo acl block url_regex \”/etc/squid/block.acl\” >/etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL31block
echo http_access deny block >/etc/e-smith/templates-custom/etc/squid/squid.conf/40http_access21denyBlock
echo .myspace.com >/etc/e-smith/templates-custom/etc/squid/block.acl/10block
echo .spamadserver.com >>/etc/e-smith/templates-custom/etc/squid/block.acl/10block
/sbin/e-smith/expand-template /etc/squid/squid.conf
/sbin/e-smith/expand-template /etc/squid/block.acl
/sbin/service squid restart

If you want to change the list of blocked sites edit /etc/e-smith/templates-custom/etc/squid/block.acl/10block then enter the following:

/sbin/e-smith/expand-template /etc/squid/block.acl
/sbin/service squid restart

To remove the list, delete the custom templates and restart as follows:

rm /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL31block
rm /etc/e-smith/templates-custom/etc/squid/squid.conf/40http_access21denyBlock
rm /etc/e-smith/templates-custom/etc/squid/block.acl/10block
/sbin/e-smith/expand-template /etc/squid/squid.conf
/sbin/service squid restart

Title: Re: How do I block domains/site?
Post by: tariqf on July 16, 2008, 01:19:28 AM

thanks srobinson, just posting my slightly modified version which worked in sme 7.3 for me

mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf
mkdir -p /etc/e-smith/templates-custom/etc/squid/block.acl
echo acl block url_regex ”/etc/squid/block.acl” >/etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL31block
echo http_access deny block >/etc/e-smith/templates-custom/etc/squid/squid.conf/40http_access21denyBlock
echo .facebook.com >/etc/e-smith/templates-custom/etc/squid/block.acl/10block
echo .facebook.co.uk >>/etc/e-smith/templates-custom/etc/squid/block.acl/10block
/sbin/e-smith/expand-template /etc/squid/squid.conf
/sbin/e-smith/expand-template /etc/squid/block.acl
svc -d /service/squid
/sbin/service squid restart

If you want to change the list of blocked sites edit /etc/e-smith/templates-custom/etc/squid/block.acl/10block then enter the following:

/sbin/e-smith/expand-template /etc/squid/block.acl
svc -d /service/squid
/sbin/service squid restart


To remove the list, delete the custom templates and restart as follows:

rm /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL31block
rm /etc/e-smith/templates-custom/etc/squid/squid.conf/40http_access21denyBlock
rm /etc/e-smith/templates-custom/etc/squid/block.acl/10block
/sbin/e-smith/expand-template /etc/squid/squid.conf
svc -d /service/squid
/sbin/service squid restart

Title: Re: How do I block domains/site?
Post by: byte on July 16, 2008, 09:49:38 PM

Moving this topic to the SME 7.x contribs forum, it is more appropriate there. Thanks!