Dear Amber, Thanks for writing back. I have got the concept very clear now and for others here are some clear cut examples that I had come across in squid.conf acl blockedsites url_regex "/etc/squid/block.txt" acl unblockedsites url_regex "/etc/squid/unblock.txt" http_access deny blockedsites http_access allow unblockedsites all in /etc/squid/block.txt give one site per line and same as in the unblock.txt file acl workinghours time M-F 8:00-18:00 # defining the working hours acl sexsitez url_regex //[^/]*sex # any url which has "sex" in the host part acl eviluser user abcde # block employee who is always surfing instead of work... # don't forget to set ident_lookup on earlier in the config file acl blockedsitez src 207.68.0.0/255.255.0.0 acl myfriend src 207.68.222.222/255.255.255.255 # there is a range of sites which is blocked from the cache, # but in this range we have a friend, who is not To build up the rules. http_access deny sexsitez workinghours #sex sites in working hours http_access deny blockedsitez !myfriend #the blocked range of sites. Only exception is our friend This should make things more clear. Rest do R&D yourself. With Regards George Joseph T ----------------------------------------------------------- On Mon, 22 Jan 2001, Ambar Roy wrote: > Hi George, > Basically you setup one acl for every site/destination set that you > might like to block, then you have to block each of those acls in seperate > http_deny lines (If i remember correctly). Right now i don't use squid over > here, and i deleted the old conf files, but basically it was something like > this: > > acl <acl name and definationm here> > http_deny <aclname> > > I used this mainly to block ad servers, and it was quite effective. > for the syntax of the acl statement, see the squid.conf file for samples.. > > Bye, > /\ |\/| |3 /\ r > > > One more query. In squid.conf file which parameter is used to block > > unwanted sites. Do we need to create seperate ACL's (Access Control List) > > for each site ?? Please put some light on this and if possible give some > > examples too. > > > also note that in case you just wan't to block web access, then it is > better > > > to set up transparent proxying with squid, and then letting squid do the > > > filtering. With squid you can set up simple rules for access blocking, > with > > > ipchains, it is really difficult to block anything effectively. ipchains > is > > > better suited for protecting your internal network, and disallowing > access > > > to ppl from the internal network. Lets say you wan't to block all yahoo > > > sites. With squid, you just set up a rule for destination domain > yahoo.com, > > > and then block it. with ipchains, you will surely go mad (yahoo seems to > > > have hundreds of ip addresses!!!!) My experience has been real good with > > > squid. (especially for things like banner ads, which choke up my net > > > connections, squid works real nice.. just disable doubleclick.net, > > > imgis.com, flycast.com, ads.*, ad.*, /banner/*, /adserve* and you will > see > > > that all the users are really happy...) > > > > > > Bye, > > > /\ |\/| |3 /\ r > > > > The best option to achieve this without any major configuration > changes is > > > > the implementation of ipchains. > > > > > > > > I have a very simple but good article on ipchains attached with this > mail. > > > > Which will be enough for you to configure what you require. > > > > > Dear All, > > > > > > > > > > We are using LINUX server for last 7 months and with greate > > > > > results in Deepalaya. The process of communication and > > > > > documentation has become very effective for all Deepalaya > > > > > units all over Delhi. Now we are facing a problem. We have > > > > > to set up firewall at the minimum level. Like we want to > > > > > block some sites. Can anyone tell us how to do it. Please > > > > > tell us the easyest way so that we...with our moderate > > > > > knowledge on Linux can do it. We know that firewall can be > > > > > established at various levels. But we want to only block > > > > > some sites. > > > > > > > > > > > > ------------------------------------------------ > > > The mailing list archives are available at > > > http://lists.linux-india.org/cgi-bin/wilma/linux-delhi > > > > > > > > ------------------------------------------------ An alpha version of a web based tool to manage your subscription with this mailing list is at http://lists.linux-india.org/cgi-bin/mj_wwwusr
