[squid-users] Site filtering issue

From: Sheldon Carvalho <[email protected]>
Date: Tue, 15 Apr 2008 09:31:30 -0700

Site filtering issue

I am having issues with filtering of my websites. I have setup squid
2.6.STABLE17 over a Fedora 8 machine. Below is my squid.conf file.
Squid seems to log all sites that are going out from other stations
but does not filter and of the sites. They all go through.
My denied_domains.acl has
.youtube.com
.hotmail.com
.live.com
But these sites don't seem to get blocked out. I had also issues this
command thinking that it was to do with Iptables
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to
192.168.1.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT
--to-port 3128

Initially squid wouldn't work; everything would be blocked so I
disable the firewall which allowed access. SO I put a custom allow to
port 3128 which opened it up but to all sites.

--------------
squid.conf
--------------
visible_hostname vanderpolgroup

http_port 3128

maximum_object_size 32768 KB
maximum_object_size_in_memory 128 KB

cache_mem 256 MB
cache_dir ufs /var/spool/squid 70000 32 512

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log

acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl our_network src 192.168.10.0/24
acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 # SSL
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 563 70
acl CONNECT method CONNECT

acl custom_allowed_domains dstdomain "/etc/squid/allowed_domains.acl"
acl custom_denied_domains dstdomain "/etc/squid/denied_domains.acl"

acl ads_blacklist dstdom_regex "/etc/squid/blacklist/ads/domains"
acl aggressive_blacklist dstdom_regex "/etc/squid/blacklist/aggressive/domains"
acl audio-video_blacklist dstdom_regex
"/etc/squid/blacklist/audio-video/domains"
acl drugs_blacklist dstdom_regex "/etc/squid/blacklist/drugs/domains"
acl gambling_blacklist dstdom_regex "/etc/squid/blacklist/gambling/domains"
acl hacking_blacklist dstdom_regex "/etc/squid/blacklist/hacking/domains"
acl mail_blacklist dstdom_regex "/etc/squid/blacklist/mail/domains"
acl porn_blacklist dstdom_regex "/etc/squid/blacklist/porn/domains"
acl proxy_blacklist dstdom_regex "/etc/squid/blacklist/proxy/domains"
acl redirector_blacklist dstdom_regex "/etc/squid/blacklist/redirector/domains"
acl spyware_blacklist dstdom_regex "/etc/squid/blacklist/spyware/domains"
acl suspect_blacklist dstdom_regex "/etc/squid/blacklist/suspect/domains"
acl violence_blacklist dstdom_regex "/etc/squid/blacklist/violence/domains"
acl warez_blacklist dstdom_regex "/etc/squid/blacklist/warez/domains"
acl networking_blacklist dstdom_regex "/etc/squid/blacklist/networking/domains"

http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow our_network
http_access deny all
icp_access allow all
#miss_access allow all

http_access allow custom_allowed_domains
http_access deny custom_denied_domains

http_access deny ads_blacklist
http_access deny aggressive_blacklist
http_access deny audio-video_blacklist
http_access deny drugs_blacklist
http_access deny gambling_blacklist
http_access deny hacking_blacklist
http_access deny mail_blacklist
http_access deny porn_blacklist
http_access deny proxy_blacklist
http_access deny redirector_blacklist
http_access deny spyware_blacklist
http_access deny suspect_blacklist
http_access deny violence_blacklist
http_access deny warez_blacklist
http_access deny networking_blacklist

cache_mgr abc@abc.com

Thanks
Sheldon
Received on Tue Apr 22 2008 - 13:13:16 MDT

This archive was generated by hypermail 2.2.0 : Thu May 01 2008 - 12:00:04 MDT