In previous post we learnt installing Squid Proxy server. Once it's up and running in the organisation It's very important to have knowledge on implementing ACL, for better administration. Restricting site, ports, Ip's, browsers that are using squid server are some of the few things you must know.
Before actually start using ACL first we should know what is ACL and consists of. Two main parts are there in ACL
we cover most commonly needed ACL since there are lot of ACL elelments are there.
Useage will be like
Blocking particular sites :
url_regex is regular expressions that matches with any name begins or contains in it.
with above ACL twitter.com will be blocked, if you want to enter a group of social networking sites, do this
Port :
Port is one of the significant one in networking, if you want to block port you can.
1st ACL blocks ftp, 2nd allows 10000 port for webmin which is default for webmin.
Block proxy for one ip, or a domain
in this case we use the element src : sorce computer or a network from where request to squid server comes from
Limit number of simaltaneous connections :
maxconn is used to limit max. no of connections from one ip address
user cannot do more than 5 connections at a time.
Allow access in particular timings :
this is very useful if you are working for an college or school, which needs to be using internet in particular time. if college lab time is daily 2-3PM
If you want only for particular day's say sunday saturday's labs will be closed
Before actually start using ACL first we should know what is ACL and consists of. Two main parts are there in ACL
- ACL elements
- Access lists
we cover most commonly needed ACL since there are lot of ACL elelments are there.
Useage will be like
[root@squid~]# acl <acl name> <acl element> <value>
Once you write an acl we should tel squid server to allow or deny by following line
[root@squid~]# http_access deny <acl name>
Blocking particular sites :
url_regex is regular expressions that matches with any name begins or contains in it.
[root@squid~]# acl no_tweet url_regex twitter
[root@squid~]# http_access deny no_tweet
with above ACL twitter.com will be blocked, if you want to enter a group of social networking sites, do this
[root@squid~]# acl no_social url_regex twitter facebook orkut porn sex
[root@squid~]# http_access deny no_social
Port :
Port is one of the significant one in networking, if you want to block port you can.
[root@squid~]# acl block_ftp port 20
[root@squid~]# http_access deny block_ftp
[root@squid~]# acl allow_webmin port 10000
[root@squid~]# http_access allow allow_webmin
1st ACL blocks ftp, 2nd allows 10000 port for webmin which is default for webmin.
Block proxy for one ip, or a domain
in this case we use the element src : sorce computer or a network from where request to squid server comes from
[root@squid~]# acl no_proxy src 192.168.85.0/24Above acl blocks the network 192.168.85.0 from using proxy server. If you want to block a single ip you can replace network with single ip.Where no_proxy is the name of my acl, you can use your's.
[root@squid~]# http_access deny no_proxy
Limit number of simaltaneous connections :
maxconn is used to limit max. no of connections from one ip address
[root@squid~]# acl limit_use maxconn 5
[root@squid~]# http_access deny limit_use
user cannot do more than 5 connections at a time.
Allow access in particular timings :
this is very useful if you are working for an college or school, which needs to be using internet in particular time. if college lab time is daily 2-3PM
[root@squid~]# acl lab D 14.00-15.00
[root@squid~]# http_access allow lab
If you want only for particular day's say sunday saturday's labs will be closed
[root@squid~]# acl lab MTWTHF 14.00-15.00
[root@squid~]# http_access allow lab
3 Comments
These are all very helpful proxy list I would like to thanks to admin of this blog.
ReplyDelete1337x UK proxy
Thanks Julia, for visiting my blog.
ReplyDeleteHow to Play Casino: Easy Guide to playing slots on
ReplyDeleteCasino games are played by 4 í† í† players, the average time they https://octcasino.com/ take turns is around 14:20. The casinosites.one house is divided into ventureberg.com/ three distinct septcasino categories: the house