squid problem

Nathan England plug-discuss@lists.plug.phoenix.az.us
Wed, 4 Dec 2002 01:07:25 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I got it working.=20
In case anyone cares...=20

I had to do this

in the squid.conf file:

acl blocked_sites dstdomain "/etc/squid/blocked"
acl bademployee src 192.168.0.5

http_access deny blocked_sites bademployee

/etc/squid/blocked is a file that lists all the sites
mail.yahoo.com
=2Ehotmail.com
=2Ewildemail.com
=2Emicrosoft.com

that sort of thing. I had to enable all the debugging in squid so I could=
 tail=20
the log and see what was happening. I had the Allow all acl in place, so =
that=20
was pretty much blowing over anything else I put in. I got rid of that an=
d=20
everything works great.

nathan


Am 03 Dienstag, Dezember 2002 23:14 schrieb Nathan England:
> I agree completely, but you must realise, this is Payson. If the employ=
ee
> shows up for work everyday, that's better than 99% of the rest of the
> people in this town!
>
> We totally disabled net access before, but it became too much of a burd=
en
> for some of the others.
>
> We use cable access, and it has to dial up before you can use it. Becau=
se
> of this, I have not been able to get any IP chains stuff to work. Once =
the
> phone connection is dropped the net IP stays the same, but then we can =
no
> longer get to the cable modem to tell it to dial again. So I have to st=
op
> ipchains, then reset the IP address, then dialup, then reset the ipchai=
ns
> again. Until the line is dropped. Our phone lines really really suck.
>
> So, I made a script that checks if it's online and does nothing, but wh=
en
> it gets dropped, it automatically resets everything and allows us to ge=
t
> back to it and I do nothing...
>
> Now, hoping you understand the situation, when I set ipchains to block
> 192.168.0.5 from accessing yahoo.com it never seems to work.
> I'm not as fluent with ipchains as I should be, so maybe I'm doing it
> wrong, or in the wrong spot in my script.
> But doesn't yahoo have multple machines for mail.yahoo.com ? Or is it
> always the same ip?
>
> What would I use?
>
> ipchains -A input -p tcp -s 192.168.0.5 -d mail.yahoo.com -j DENY
>
> ???
>
> Thanks again.
>
> Am 03 Dienstag, Dezember 2002 22:55 schrieb Lee Levine:
> > Tell the employee to either stop checking e-mail from work
> > or go look for another job.
> >
> > After all, if he/she isn't working, then he/she shouldn't get paid.
> >
> > Taliesin MacAran
> > Phoenix, Arizona
> > My webpage http://kd7eth.net
> >
> > Taliesin's Az. Weather Page
> > http://kd7eth.net/Weather.shtml
> > MOLON LABE!!!
> >
> > GunFree Camps(tm) http://www.royalrife.com/990605.html
> >
> > The debate over whether to not to arm pilots has focused on the size =
of
> > the hole made by the projectile... With an unarmed pilot, the project=
ile
> > will be fired from an F-16 scrambled to intercept. I suggest that the
> > F-16's projectile will make a larger hole than the handgun will.
> > --JIM RICHARDSON
> > ----- Original Message -----
> > From: "Nathan England" <plug@the-arcanum.org>
> > To: <plug-discuss@lists.plug.phoenix.az.us>
> > Sent: Tuesday, December 03, 2002 22:14
> > Subject: squid problem
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > I'm trying to block a specific web adress. A computer in my office is=
 on
> > 192.168.0.5
> > I need to block that IP from going to mail.yahoo.com as the employee
> > using that computer will not stop checking email and it has begun
> > interfering with the employees work.
> >
> > I setup squid to keep track of the proxy access and I set the DHCP se=
rver
> > to give the 192.168.0.5 address a dns server of 127.0.0.1 so it has t=
o
> > use the proxy to access the net.
> > Now I just can't get the ACL correct to block access to mail.yahoo.co=
m
> > or login.yahoo.com.. and a list of others, but if I can get one to wo=
rk,
> > I'll
> > be happy. And any advice would be great!
> > Even not using squid, if someone else knows an easy route to do this.
> > Unfortunately, the employee does need net access for the job.
> >
> > Thanks
> >
> > - --
> > Nathan England
> >
> > plug  at the-arcanum.org
> > jabber id: linuxjunkie@jabber.earth.li
> >
> > "A free society is one where it is safe to be unpopular."
> > - --Adlai Stevenson
> >
> >
> > - -----------------------------------------------------------------
> >
> > Registered Linux User #189789, Machine #106603
> > www.sincerechoice.org
> >
> > Spam related material will be forwarded to:
> > uce@ftc.gov
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.0.7 (GNU/Linux)
> >
> > iD8DBQE97Y9OQ7yNnsYcupwRAiByAKCUMutojyNpjQjND//roph13vBRhwCffnZD
> > PXQg4mTWTOkpK3evUaT4ckQ=3D
> > =3Dw1pD
> > -----END PGP SIGNATURE-----
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change  you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> >
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change  you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

- --=20
Nathan England

plug  at the-arcanum.org
jabber id: linuxjunkie@jabber.earth.li

"A free society is one where it is safe to be unpopular."
- --Adlai Stevenson


- -----------------------------------------------------------------

Registered Linux User #189789, Machine #106603
www.sincerechoice.org

Spam related material will be forwarded to:
uce@ftc.gov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE97be9Q7yNnsYcupwRArpxAKCgG7WYaohuQ8nU9DPR7KfIZ6gyogCgjZt8
qAF6hbM+MlR4MPI4+ctU+AY=3D
=3Dh6Ah
-----END PGP SIGNATURE-----