Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: dave on July 01, 2003, 02:24:16 AM

Title: blocking access to urls
Post by: dave on July 01, 2003, 02:24:16 AM

I have restricted access to specific sites before, but am at a loss why it is failing to work now.
I updated the squid templates as follows:

acl BadWords url_regex rotten
http_access deny BadWords

expanded the template and have the following /etc/squid/squid.conf

acl all src 0.0.0.0/0.0.0.0
acl BadWords url_regex rotten
acl manager proto cache_object
acl localsrc src 127.0.0.1 192.168.1.0/255.255.255.0
acl localdst dst 127.0.0.1 192.168.1.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 21 443 563 70 210 1025-65535 980
acl CONNECT method CONNECT
acl webdav method PROPFIND TRACE PURGE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK
cache_mgr admin@davesshop.net
ftp_user nobody@davesshop.net
http_access allow manager localsrc
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localsrc
http_access deny BadWords
http_access deny all

httpd_accel_host virtual
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
icp_access allow all
miss_access allow all

store_avg_object_size 3 KB
always_direct allow webdav
always_direct allow all

and still I can access www.rotten.com

Please help me.

Title: Re: blocking access to urls
Post by: Mike on July 01, 2003, 06:05:29 AM

You might find it easier to get Dans Guardian and the server manager panel from http://www.dungog.net/sme/products/index.php works like a dream.

Title: Re: blocking access to urls
Post by: Steven on July 01, 2003, 12:37:31 PM

Did you stop and start squid after doing this?
Also once a rule is found that it complies to it does't look at the list again, try moving deny badwords to the top of the list instaed of the bottom.

Steven

Title: Re: blocking access to urls
Post by: dave on July 01, 2003, 06:16:13 PM

Mike,
   I have read some good things about Dan's Guardian, but I prefer to
work at the command line and know where things are.
Dave

Title: Re: blocking access to urls
Post by: dave on July 01, 2003, 06:17:04 PM

Steve,
   I did, in fact, restart squid and intended to mention it in my request
for help.  Moving it up to the top worked like a champ.  Of course, I
forgot to expand the template the first time and was about to give up
when I realized my mistake.

Thanks,
dave

Title: Re: blocking access to urls
Post by: Robert on July 12, 2003, 12:23:21 PM

try using squidGuard - it installs REALLY easy (check out the sme version, I think its in D.Mays contribs),
and has a conf file that will suit 'command line' people:
it also has lists of sites to bar access in porn, gambling, violence etc
categories.
you can bar / selectively bar some ip's , at certain times etc.
Rob