<div dir="ltr"><div><span style="background-color:rgb(255,255,255)"><font color="#000000"><span style="font-family:arial,sans-serif;font-size:13px">It's the websites i want to block & unblock occasionaly as in:</span></font></span></div><div><span style="background-color:rgb(255,255,255)"><font color="#000000"><span style="font-family:arial,sans-serif;font-size:13px">squid.conf:</span></font></span></div><span style="background-color:rgb(255,255,255)"><font color="#000000"><span style="font-family:arial,sans-serif;font-size:13px"> acl myrule dstdom_regex "/etc/squid3/domainblock.txt"</span><br style="font-family:arial,sans-serif;font-size:13px"><span style="font-family:arial,sans-serif;font-size:13px"> http_access deny myrule</span><br style="font-family:arial,sans-serif;font-size:13px"><br style="font-family:arial,sans-serif;font-size:13px"><span style="font-family:arial,sans-serif;font-size:13px">where domainblock.txt is</span></font></span><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"> </span><a href="http://someaddress.com/" target="_blank" style="font-family:arial,sans-serif;font-size:13px">someaddress.com</a><br style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"><span style="color:rgb(80,0,80);font-family:arial,sans-serif;font-size:13px"> </span><a href="http://blockthis.net/" target="_blank" style="font-family:arial,sans-serif;font-size:13px">blockthis.net</a><br><div><br></div><div>Now whenever i enter <a href="http://someaddress.com">someaddress.com</a> url & hit enter, it (squid or something on the network level) redirects to the localhost page. That's fine as long as i want to restrict access to that website.</div><div><br></div><div>Problem is, changing config "<span style="color:rgb(0,0,0);font-family:arial,sans-serif;font-size:13px">http_access allow myrule" and reconfiguring, parsing and r</span>estarting squid and then the computer does not change anything, i.e i still cant access <a href="http://someaddress.com">someaddress.com</a>. Removed the settings from config, no luck again.</div><div><br></div><div>As i said, iptables is empty. So what might be the reason then?</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Nov 10, 2014 at 5:45 PM, Amos Jeffries <span dir="ltr"><<a href="mailto:squid3@treenet.co.nz" target="_blank">squid3@treenet.co.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
</span><div><div class="h5">On 11/11/2014 2:58 a.m., Efe wrote:<br>
> Thank you for your reply. I've managed to retrieve uncommented<br>
> config lines:<br>
><br>
> $ grep -P '^\s*\w' /etc/squid3/squid.conf<br>
><br>
> acl localnet src 192.168.0.101 # RFC1918 possible internal<br>
> network acl SSL_ports port 443 acl Safe_ports port 80 # http<br>
> acl Safe_ports port 21 # ftp acl Safe_ports port 443 #<br>
> https acl Safe_ports port 70 # gopher acl Safe_ports port 210<br>
> # wais acl Safe_ports port 1025-65535 # unregistered ports acl<br>
> Safe_ports port 280 # http-mgmt acl Safe_ports port 488 #<br>
> gss-http acl Safe_ports port 591 # filemaker acl Safe_ports<br>
> port 777 # multiling http acl CONNECT method CONNECT<br>
> http_access deny !Safe_ports http_access deny CONNECT !SSL_ports<br>
> acl myrule dstdom_regex "/etc/squid3/domainblock.txt" http_access<br>
> allow myrule cache deny all http_access allow localhost manager<br>
> http_access deny manager acl Purge method PURGE http_access deny<br>
> Purge http_access allow localhost http_port 3128 coredump_dir<br>
> /var/spool/squid3 refresh_pattern ^ftp: 1440 20% 10080<br>
> refresh_pattern ^gopher: 1440 0% 1440 refresh_pattern -i<br>
> (/cgi-bin/|\?) 0 0% 0 refresh_pattern (Release|Packages(.gz)*)$<br>
> 0 20% 2880 refresh_pattern . 0 20% 4320<br>
><br>
> If helps, iptables is empty and netstat status is $ sudo netstat<br>
> -nltp | grep squid tcp6 0 0 :::3128<br>
> :::* LISTEN 20292/(squid-1)<br>
><br>
> Version info: $ sudo apt-cache policy squid3 squid3: Installed:<br>
> 3.3.8-1ubuntu6.1 Candidate: 3.3.8-1ubuntu6.1 Version table: ***<br>
> 3.3.8-1ubuntu6.1 0 500 <a href="http://archive.ubuntu.com/ubuntu/" target="_blank">http://archive.ubuntu.com/ubuntu/</a><br>
> trusty-updates/main i386 Packages 500<br>
> <a href="http://archive.ubuntu.com/ubuntu/" target="_blank">http://archive.ubuntu.com/ubuntu/</a> trusty-security/main i386<br>
> Packages 100 /var/lib/dpkg/status 3.3.8-1ubuntu6 0 500<br>
> <a href="http://archive.ubuntu.com/ubuntu/" target="_blank">http://archive.ubuntu.com/ubuntu/</a> trusty/main i386 Packages<br>
><br>
> Proof that squid is running: $ ps ax | grep squid 20290 ? Ss<br>
> 0:00 squid3 20292 ? S 0:06 (squid-1) 31535 ? S<br>
> 0:00 (logfile-daemon) /var/log/squid3/access.log 31720 pts/28 S+<br>
> 0:00 grep --color=auto squid<br>
><br>
> Maybe i used the wrong terminology as "redirect". B/c whenever the<br>
> website in the blocklist is called, localhost page of my LAMP shows<br>
> up.<br>
><br>
> So, what i want to achieve in the end is blocking and sometimes<br>
> unblocking a list of websites based on their domain name. Problem<br>
> is even the config is changed to "http_access allow myrule" it<br>
> doesnt reflect allow/deny options accordingly anymore. At this<br>
> moment, the websites in the list are still non-accessible.<br>
><br>
<br>
</div></div>Let me guess, you are testing this with a browser URL<br>
<a href="http://192.168.whatever:3128/" target="_blank">http://192.168.whatever:3128/</a> or even just <a href="http://192.168.whatever/" target="_blank">http://192.168.whatever/</a><br>
and it shows your LAMP server page?<br>
<br>
You seem to have missed out all the bits of the setup which make the<br>
browser use the proxy rather than just connecting directly to Apache<br>
in the LAMP stack.<br>
You may need to read through this:<br>
<a href="http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers" target="_blank">http://wiki.squid-cache.org/SquidFaq/ConfiguringBrowsers</a><br>
<span class=""><br>
Amos<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.22 (MingW32)<br>
<br>
</span>iQEcBAEBAgAGBQJUYN2bAAoJELJo5wb/XPRj5VMIANLLVIb8kjqk5BiycDBAH1MR<br>
5qA896B3hhcoVEgFIH2lxSzFVBXJBFSwcjXnZN9nkqf5b7/t6k58hY3+56+UfZSF<br>
xO7tHOy/mvtCNA+ol7JlyVz+MvgaKMRqzXdAnJdP3OrhQ4g75WfGKCxoCBBwPNgU<br>
5gD7rSSQq8PpD0uBNuHV8SDwwKkYaoYtoqAs1OWD5p+WbyAylYZB7cJKKgex1+d9<br>
nPqGIlaRLaWRJzcTDFUW0C3B0zIggIv5GRNsO50gqqQZ0Xb9F3Iy5aDOwyiyiCYn<br>
LmlRADaoqf4MWfBh+nmmufcwUcfsAGknI7tStk3dXCzNQNA9O2gy3e7s+H+7Poo=<br>
=A5vS<br>
<div class="HOEnZb"><div class="h5">-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
squid-users mailing list<br>
<a href="mailto:squid-users@lists.squid-cache.org">squid-users@lists.squid-cache.org</a><br>
<a href="http://lists.squid-cache.org/listinfo/squid-users" target="_blank">http://lists.squid-cache.org/listinfo/squid-users</a><br>
</div></div></blockquote></div><br></div>