[squid-users] cannot block a particular website

From: Mayuresh M Murkunde <mayuresh2710@dont-contact.us>
Date: Wed, 1 Aug 2007 14:51:16 +0530

Hi all

I want to block site over my network, but i'm unable to do it...

1)google chat
The simple acl said that it would be be blocked throgh acl statements,
But that never helped me, finally i took the help of host file and solve the
problem.
I edited a host file, made a following entry
127.0.0.1 chatenabled.mail.google.com
And now its working as i had required.

2)www.nseindia.com & online vedio cliping sites like youtube.com and others.
I'm not finding a proper solution for blocking this particular sites...
I'm pasting my squid configuration file.
______________________________________________________
http_port 3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

cache_mem 1500 Mb

cache_dir aufs /var/spool/squid 3000 16 256
cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log

mime_table /etc/squid/mime.conf
log_mime_hdrs on

auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320

acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl all src 0.0.0.0/0.0.0.0

# this is to block the sites, lets c how it works
acl go4_sites dstdom_regex -i "/etc/squid/blocked/bsite.acl"
acl go2 url_regex -i ^http://www.nseindia.com/

acl SSL_ports port 443 563
acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

acl block_port port 5269

acl office port 8383

acl google_block port 5222 5223

 

http_access allow safe_ports

http_access allow manager localhost

http_access allow office

 

http_access deny manager

http_access deny go4_sites

http_access deny go2

 

# Deny CONNECT to other than SSL ports

http_access deny CONNECT !SSL_ports

# Deny requests to unknown ports
http_access deny !Safe_ports
http_access deny !block_port
http_access deny !google_block
#This didn't work out as i wished to

acl our_networks src 192.168.1.0/24 192.168.2.0/24
http_access allow our_networks

# And finally deny all other access to this proxy
http_access deny all

#http_access allow localhost
http_access allow all
http_reply_access allow all
icp_access allow all
visible_hostname linux

httpd_accel_host linux
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
logfile_rotate 9

deny_info ERR_BLOCKED_FILES f29
deny_info ERR_BLOCKED_FILES junklist

#acl denydomain dstdomain talk.google.com
#http_access deny denydomain

error_directory /usr/share/squid/errors
coredump_dir /var/spool/squid

____________________________________________________

bsite.acl
has only one name of the site ie.
.nseindia.com

Please give any suggestion as i'm very desparate in doing this...

Mayuresh M Murkunde
Gujarat, India
Email: mayuresh2710@gmail.com
Received on Wed Aug 01 2007 - 03:21:26 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Sep 01 2007 - 12:00:03 MDT