[squid-users] How to i block porn sites

From: frank chibesakunda <fchibesakunda@dont-contact.us>
Date: Wed, 29 Jan 2003 14:00:22 +0200

Hi All
Please tell me how to block porn sites using ACL's or whatever method.. am
using squid..help!

Frank
----- Original Message -----
From: "Denis Vlasenko" <vda@port.imtp.ilyichevsk.odessa.ua>
To: <squid-users@squid-cache.org>
Sent: Wednesday, January 29, 2003 1:34 PM
Subject: Re: [squid-users] I thought transparent proxying wasn't working.
No, it's something different...

> On 29 January 2003 12:07, Denis Vlasenko wrote:
> > As you can see, wget sends different HTTP requests with and without
> > http_proxy environment variable. Seems like squid dislike this
> > request: GET /
> > User-Agent: Wget/1.7
> > Host: www.ilyichevsk.net
> > Accept: */*
> > Connection: Keep-Alive
> >
> > Why???!!
> >
> > P.S. I verified that with telnet too.
>
> BTW, I seem to never hit this code (debug_options ALL,1 22,3 33,5
> but grep of 'parseHttpRequest: addr =' yields nothing in logs):
>
> src/client_side.c
> ...
> #if LINUX_NETFILTER
> /* If the call fails the address structure will be unchanged
*/
> getsockopt(conn->fd, SOL_IP, SO_ORIGINAL_DST, &conn->me,
&sock_sz);
> debug(33, 5) ("parseHttpRequest: addr = %s",
inet_ntoa(conn->me.sin_addr));
> if (vport_mode)
> vport = (int) ntohs(http->conn->me.sin_port);
> #endif
>
> so maybe it's indeed a transparent proxy problem...
>
> # iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p tcp --dport 80 -j
REDIRECT --to 3128
> # iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p tcp --dport 3128 -j
REDIRECT --to 3128
> # iptables -t nat -A PREROUTING -s 172.16.0.0/16 -p tcp --dport 8080 -j
REDIRECT --to 3128
> # iptables -t nat -n -v --list
>
> Chain PREROUTING (policy ACCEPT 1 packets, 229 bytes)
> target prot opt in out source destination
> REDIRECT tcp -- * * 172.16.0.0/16 0.0.0.0/0
tcp dpt:80 redir ports 3128
> REDIRECT tcp -- * * 172.16.0.0/16 0.0.0.0/0
tcp dpt:3128 redir ports 3128
> REDIRECT tcp -- * * 172.16.0.0/16 0.0.0.0/0
tcp dpt:8080 redir ports 3128
>
> squid-2.5.STABLE1-20021119, was configured by:
>
> ../configure --host=i386-pc-linux-gnu \
> --enable-linux-netfilter \
> --enable-ssl \
> --with-openssl \
> --enable-default-err-language=English \
> --enable-err-languages="English" \
> --enable-useragent-log \
> --enable-referer-log \
> --enable-icmp
>
> and compiled with GCC 3.2.
>
> Linux 2.4.19
> --
> vda
>
Received on Wed Jan 29 2003 - 05:06:45 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:12:56 MST