Hi to all. Im trying to block some web to a ip group. [root@squid ips]# cat i-restringidos.lst 192.168.1.42 192.168.1.43 192.168.1.44 192.168.1.45 192.168.1.99 192.168.1.50 192.168.1.128
This same ip group has access to all internet. [root@squid ips]# cat prensa_isla.lst 192.168.1.42 192.168.1.43 192.168.1.44 192.168.1.45 192.168.1.99 192.168.1.50 192.168.1.128 This is what i want to block [root@squid listas]# cat restringidos.lst .whatsapp.com .facebook.com .instagram.com .twitter.com (so i have this 2 acl whit the same ip, one for deny, the other to allow. So this is my config... and it's not working. Some help?? Thanks! acl i-restringidos src "/etc/squid/ips/i-restringidos.lst" acl logistica src "/etc/squid/ips/logistica.lst" acl adminis src "/etc/squid/ips/adminis.lst" acl institucionales src "/etc/squid/ips/institucionales.lst" acl patriysumi src "/etc/squid/ips/patriysumi.lst" acl rrhh src "/etc/squid/ips/rrhh.lst" acl proyecto src "/etc/squid/ips/proyecto.lst" acl programas_y_activ src "/etc/squid/ips/programas_y_activ.lst" acl auditoria src "/etc/squid/ips/auditoria.lst" acl legales src "/etc/squid/ips/legales.lst" acl proteccion src "/etc/squid/ips/proteccion.lst" acl oe src "/etc/squid/ips/oe.lst" acl prensa-isla src "/etc/squid/ips/prensa_isla.lst" #acl red6 src "/etc/squid/ips/red6.lst" acl red6 src 192.168.6.0/24 #para la red 6 acl red2 src 192.168.2.0/24 #red 2 ####Bloquea Publicidad ( http://pgl.yoyo.org/adservers/ ) acl ads dstdom_regex "/etc/squid/listas/ad_block.lst" http_access deny ads #deny_info TCP_RESET ads ####Streaming acl youtube url_regex -i \.flv$ acl youtube url_regex -i \.mp4$ acl youtube url_regex -i watch? acl youtube url_regex -i youtube acl facebook url_regex -i facebook acl facebook url_regex -i fbcdn\.net\/v\/(.*\.mp4)\? acl facebook url_regex -i fbcdn\.net\/v\/(.*\.jpg)\? acl facebook url_regex -i akamaihd\.net\/v\/(.*\.mp4)\? acl facebook url_regex -i akamaihd\.net\/v\/(.*\.jpg)\? ##Dominios denegados acl dominios_denegados dstdomain "/etc/squid/listas/dominios_denegados.lst" ##bloqueo de pagina prueba acl blockprueba dstdomain "/etc/squid/listas/blockprueba.lst" ##Extensiones bloqueadas acl multimedia urlpath_regex "/etc/squid/listas/multimedia.lst" ##Extensiones peligrosas acl peligrosos urlpath_regex "/etc/squid/listas/peligrosos.lst" ##Redes sociales acl restringidos dstdomain “/etc/squid/listas/restringidos.lst” #Puertos acl SSL_ports port 443 acl SSL_ports port 8443 acl SSL_ports port 8080 acl SSL_ports port 20000 #acl SSL_ports port 30666 #acl SSL_ports port 31666 acl SSL_ports port 10000 acl SSL_ports port 10040 # webmin sitio web acl SSL_ports port 2083 acl Safe_ports port 631 # httpCUPS acl Safe_ports port 85 acl Safe_ports port 80 # http acl Safe_ports port 21 # ftp acl Safe_ports port 443 # https acl Safe_ports port 70 # gopher acl Safe_ports port 210 # wais acl Safe_ports port 8443 # httpsalt acl Safe_ports port 1025-65535 # unregistered ports acl Safe_ports port 280 # http-mgmt acl Safe_ports port 488 # gss-http acl Safe_ports port 591 # filemaker acl Safe_ports port 777 # multiling http acl Safe_ports port 8080 # edesur y otros acl CONNECT method CONNECT http_access allow localhost manager http_access deny manager http_access deny to_localhost http_access deny i-restringidos restringidos http_access allow prensa-isla http_access allow red6 http_access allow red2 http_access allow logistica !dominios_denegados !multimedia !peligrosos http_access allow adminis !dominios_denegados http_access allow institucionales !dominios_denegados !peligrosos !multimedia http_access allow patriysumi !multimedia !peligrosos !dominios_denegados http_access allow proyecto !dominios_denegados !peligrosos !multimedia http_access allow rrhh !dominios_denegados !peligrosos !multimedia http_access allow programas_y_activ !dominios_denegados !peligrosos !multimedia http_access allow auditoria !dominios_denegados !peligrosos !multimedia http_access allow legales !dominios_denegados !peligrosos !multimedia http_access allow proteccion !dominios_denegados !peligrosos !multimedia http_access allow oe !dominios_denegados !peligrosos !multimedia http_access deny all http_port 127.0.0.1:3128 http_port 192.168.1.97:3128 ssl-bump generate-host-certificates=on dynamic_cert_mem_cache_size=5MB cert=/etc/squid/ssl_cert/myca.pem key=/etc/squid/ssl_cert/myca.pem acl step1 at_step SslBump1 acl excludeSSL ssl::server_name_regex "/etc/squid/listas/excluidosSSL.lst" ssl_bump peek step1 ssl_bump splice excludeSSL ssl_bump bump all cache_dir diskd /var/spool/squid 15000 16 256 cache_mem 256 MB cache_swap_low 75 cache_swap_high 85 # Leave coredumps in the first cache dir coredump_dir /var/spool/squid #My refresh pattern #obliga el cache de imagenes .jgp refresh_pattern -i \.jpg$ 30 0% 30 ignore-no-cache ignore-no-store ignore-private # # Add any of your own refresh_pattern entries above these. # refresh_pattern ^ftp: 1440 20% 10080 refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i (/cgi-bin/|\?) 0 0% 0 refresh_pattern . 0 20% 4320 via off forwarded_for delete request_header_access From deny all request_header_access Server deny all request_header_access WWW-Authenticate deny all request_header_access Link deny all request_header_access Cache-Control deny all request_header_access Proxy-Connection deny all request_header_access X-Cache deny all request_header_access X-Cache-Lookup deny all request_header_access Via deny all request_header_access X-Forwarded-For deny all request_header_access Pragma deny all request_header_access Keep-Alive deny all delay_pools 15 #Limitar Youtube delay_class 1 2 delay_parameters 1 2000000/2000000 100000/1000000 delay_access 1 allow adminis youtube !facebook delay_access 1 allow logistica youtube !facebook delay_access 1 allow institucionales youtube !facebook delay_access 1 allow patriysumi youtube !facebook delay_access 1 allow rrhh youtube !facebook delay_access 1 allow proyecto youtube !facebook delay_access 1 allow programas_y_activ youtube !facebook delay_access 1 allow auditoria youtube !facebook delay_access 1 allow legales youtube !facebook delay_access 1 allow oe youtube !facebook delay_access 1 allow proteccion youtube !facebook delay_access 1 deny all #Limitar Facebook delay_class 2 2 delay_parameters 2 2000000/2000000 100000/1000000 delay_access 2 allow adminis facebook !youtube delay_access 2 allow logistica facebook !youtube delay_access 2 allow institucionales facebook !youtube delay_access 2 allow patriysumi facebook !youtube delay_access 2 allow rrhh facebook !youtube delay_access 2 allow proyecto facebook !youtube delay_access 2 allow programas_y_activ facebook !youtube delay_access 2 allow auditoria facebook !youtube delay_access 2 allow legales facebook !youtube delay_access 2 allow oe facebook !youtube delay_access 2 allow proteccion facebook !youtube delay_access 2 deny all #Limitar Video Streaming a 500k delay_class 3 1 delay_parameters 3 3000000/3000000 delay_access 3 allow prensa-isla youtube !facebook delay_access 3 deny all #Ancho de Banda Administracion delay_class 4 2 delay_parameters 4 1000000/1000000 350000/750000 delay_access 4 allow adminis !youtube !facebook delay_access 4 deny all #Ancho de Banda Logistica delay_class 5 2 delay_parameters 5 1000000/1000000 350000/750000 delay_access 5 allow logistica !youtube !facebook delay_access 5 deny all #Ancho de Banda Institucionales delay_class 6 2 delay_parameters 6 1000000/1000000 350000/750000 delay_access 6 allow institucionales !youtube !facebook delay_access 6 deny all #Ancho de Banda Patrimonio y Suministro delay_class 7 2 delay_parameters 7 1000000/1000000 350000/750000 delay_access 7 allow patriysumi !youtube !facebook delay_access 7 deny all #Ancho de Banda RRHH delay_class 8 2 delay_parameters 8 1000000/1000000 350000/750000 delay_access 8 allow rrhh !youtube !facebook delay_access 8 deny all #Ancho de Banda Proyecto delay_class 9 2 delay_parameters 9 1000000/1000000 350000/750000 delay_access 9 allow proyecto !youtube !facebook delay_access 9 deny all #Ancho de Banda programas_y_activ delay_class 10 2 delay_parameters 10 1000000/1000000 350000/750000 delay_access 10 allow programas_y_activ !youtube !facebook delay_access 10 deny all #Ancho de Banda Auditoria delay_class 11 2 delay_parameters 11 1000000/1000000 350000/750000 delay_access 11 allow auditoria !youtube !facebook delay_access 11 deny all #Ancho de Banda Legales delay_class 12 2 delay_parameters 12 1000000/1000000 350000/750000 delay_access 12 allow legales !youtube !facebook delay_access 12 deny all #Ancho de Banda Proteccion delay_class 13 2 delay_parameters 13 1000000/1000000 350000/750000 delay_access 13 allow proteccion !youtube !facebook delay_access 13 deny all #Ancho de Banda prensa-isla delay_class 14 2 delay_parameters 14 2000000/2000000 512000/2000000 delay_access 14 allow prensa-isla !youtube !facebook delay_access 14 deny all #Ancho de Banda OE delay_class 15 2 delay_parameters 15 1000000/1000000 350000/750000 delay_access 15 allow oe !youtube !facebook delay_access 15 deny all dns_nameservers 192.168.1.222 192.168.1.107 visible_hostname squid.mydomain.lan # try connecting to first 25 ips of a domain name forward_max_tries 25 dns_v4_first on -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html _______________________________________________ squid-users mailing list squid-users@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-users
