Re: [squid-users] Blocked Domains help :(

From: IBT <support_at_ibtho.com.au>
Date: Wed, 20 May 2009 04:02:10 -0700 (PDT)

Thanks for the info. I have made the changes and here is my new script. Let
me explain what happens now.

# NETWORK OPTIONS
http_port 8085
acl QUERY urlpath_regex cgi-bin \?
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

# OPTIONS WHICH AFFECT THE CACHE SIZE
cache_mem 32 MB
cache_swap_low 90
cache_swap_high 95
maximum_object_size 4096 KB

# LOGFILE PATHNAMES AND CACHE DIRECTORIES
cache_dir ufs c:/squid/var/cache 1000 16 256
access_log c:/squid/var/logs/access.log squid
cache_log c:/squid/var/logs/cache.log
#cache_store_log c:/squid/var/logs/store.log
debug_options ALL,1

# OPTIONS FOR EXTERNAL SUPPORT PROGRAMS
allow_underscore on
dns_nameservers 192.168.2.3 192.168.2.1
#auth_param ntlm program c:/squid/libexec/mswin_ntlm_auth.exe
#auth_param ntlm children 5
auth_param negotiate program c:/squid/libexec/mswin_negotiate_auth.exe
auth_param negotiate children 5
#auth_param basic program c:/squid/libexec/mswin_auth.exe
external_acl_type NT_global_group %LOGIN
c:/squid/libexec/mswin_check_lm_group.exe -G -c

# ACCESS CONTROL LISTS
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443
acl SSL_ports port 563
acl Safe_ports port 80 # http
acl Safe_ports port 87 # http required for Telstra Statistics website
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl our_networks src 192.168.0.0/16
acl NoAuthDomains dstdomain "c:/squid/etc/domains/NoAuthDomains.txt"
acl proxycustom2 external NT_global_group proxycustom2
acl proxycustom1 external NT_global_group proxycustom1
acl proxyfullaccess external NT_global_group proxyfullaccess
acl password proxy_auth REQUIRED
acl custom2domains dstdomain "c:/squid/etc/domains/custom2domains.txt"
acl custom1domains dstdomain "c:/squid/etc/domains/custom1domains.txt"
acl DeniedDomains dstdomain "c:/squid/etc/domains/DeniedDomains.txt"
acl CONNECT method CONNECT
acl FTP proto FTP
always_direct allow FTP

http_access allow manager localhost
http_access deny manager

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_access deny !our_networks

http_access allow safe_ports NoAuthDomains
http_access allow safe_ports proxycustom2 custom2domains password
http_access allow safe_ports proxycustom1 custom1domains password
http_access allow password proxyfullaccess
http_access allow safe_ports !DeniedDomains password
http_access deny all

# MISCELLANEOUS
logfile_rotate 10
error_directory c:/squid/share/errors/English

So the noauthdomains works. websites that used to not work now work in that
domain list
the proxyfullaccess group works. i added 2 users and they can access domains
in the denieddomains group

now i have added 2 more custom groups. these 2 groups both have a
customdomains txt file associated. The txt file has a couple of domains that
have been blocked in the denied domains list which I need to give them
access to.

but for some reason i have added the users to this group... restarted
everything but they still get access denied when trying to go to those
domains.

have i made any mistakes in the config? do the acl's need to be in a
particular order or is it just the http_access that need to be?

Thanks in advance for your help :)
 

-- 
View this message in context: http://www.nabble.com/Blocked-Domains-help-%3A%28-tp23571021p23633291.html
Sent from the Squid - Users mailing list archive at Nabble.com.
Received on Wed May 20 2009 - 11:02:18 MDT

This archive was generated by hypermail 2.2.0 : Thu May 21 2009 - 12:00:01 MDT