Operating Systems > Linux and UNIX
Networking Help!
voidmain:
That may work as well, you will find that Squid is very flexible in how you define rules. Now are you sure it works? You checked that it allowed one of those addresses, and did not allow an address outside of that range? It's good always to test if it is indeed working as you intended. Sometimes you might think you have it restricted to only specific addresses and then check later to find that your other addresses also have access because the rules you set up may not have actually worked as you intended. Once you do a few it gets easier to understand.
voidmain:
And like I mentioned two posts ago, I use authentication rather than IP addresses to restrict. The main reason is, an IP address can be changed on the client by anyone who's computer smart and if they change it to an allowed address, they've bypassed your security. They can't bypass authentication.
I do use IP addresses for "dst" though, along with domain names. That is, dst is used to determine where people are allowed to go based on who they authenticated as.
[ April 24, 2002: Message edited by: VoidMain ]
Master of Reality:
i need to do some customization of squid so i have a few questions:
should i use an authentication program with squid?
how do i set it up to block certain website (eg. microsoft.com)?
the adzapper thing works well, how do i get it to auto update?
[ April 24, 2002: Message edited by: Master of Reality ]
voidmain:
Authentication is totally up to your requirements. For me, authentication is a requirement because I don't want my children to have access to the *entire* internet. Authentication is the only way to nearly garantee that. So when they authenticate with their ID they are allowed access to only selected sites. You'll need a program to do your authentication, I believe by default Squid comes with "ncsa_auth" which should be defined in the squid.conf under the tag "authentication_program". Read the docs. Then right under that tag you would have a tag that looks like this:
--- Code: ---
--- End code ---
As far as who is allowed to go where I have my Squid configuration somewhat customized from the norm. I have all of my rules set up in the squid.conf in such a way that they never have to be changed. I keep a list of users in separate files and I keep a list of domains/addresses in a separate file that will get used by squid to determine who is allowed to go where. I have written a web based utility to edit those files so they can easily be managed. But for the normal and a good start for you might be:
--- Code: ---
--- End code ---
If you want to keep your restricted users and sites in files rather right in the squid.conf file you would set your rules to look something like this:
--- Code: ---
--- End code ---
Now a sample of each of the dat files.
unrestrictedusers.dat:
--- Code: ---
--- End code ---
bannedsites.dat:
--- Code: ---
--- End code ---
A huge advantage of breaking users and addresses out into files is your list of users or hosts could get quite long and it gets difficult very quickly to keep it straight in the squid.conf file. The web based program I wrote can edit each of the files and when you add something to the file it will keep the file sorted and it will perform a "/etc/rc.d/init.d/squid reload" as squid needs to be signaled that it's configuration has changed.
[ April 24, 2002: Message edited by: VoidMain ]
Master of Reality:
i tireid this but it didnt work:
--- Code: ---
--- End code ---
shouldnt that block my machines from going to microsoft.com or msn.com?
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version