Unofficial
IPCop
Add-Onz & Extraz
 

   home | contact
 


 

Squid HOW-TOz
Part I :-
Block Some URLz
Part II :-
Block All URLz
(apart from some)
Part III :-
Block All URLz
(with some Unrestricted Clients)


 

IPCop Security Scan


 

On-Line Virus Scan


 

Add-Onz System


 

 

 

 

 

 

 

  Print This Page

 

 


 
 
 

 

 
 

HOW-TO
Enable Website Filtering (With IPCop)
with Squid ACL's
-: Part I :-
By Da Geek
Updated 02/10/02 (Thx to JaVa)

This is hopefully a Quick fix to one of the most ask questions I have seen in my Mail-Box and on many of the mailing list I am a member of. "How do I get website/add site filtering working?"

Well first a bit about me…
I work as an IT Instructor at an IT College. I am also the Network Admin/Manager so I am in charge of the whole network (Around 80 systems when they are all working)

Any way enough of that self gratification! Lets get started on the Real Work 'Enabling Website Filtering with Squid ACL's'
Now it think it goes without saying that you must have the Proxy in IPCop running, in order for this fix to work.
The first thing you will need is SCP/WinSCP (http://winscp.sourceforge.net) and set it up to run with your IPCop (Port 222)
The only other things you need is a list of sites to Deny access too and Notepad (Or compatible)
 


Step 1:
!!!! BACKUP YOUR IPCop CONFIGURATION !!!!
To do this, once inside WinSCP navigate to /var/ipcop
 

And Copy(F5) the hole Directory to an empty directory called IPCop Backup on your local system.
 

Step 2:
Next make a new Directory(F7) on your own system again witch is where we are going to put all the files we are going to change.

Step 3:
Now we need the file called 'squid.conf' from the '/var/ipcop/proxy' directory.
 

Now Copy(F5) the file 'squid.conf' to our empty directory on our system.
 

Step 4:
Open the file squid.conf in your favorite Text Editor (e.g. UltraEdit)
 

the contents of the file will be…

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.0.0/255.255.255.0

acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all

 

Now this needs to read…..

acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.0.0/255.255.255.0

acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

acl ads url_regex "/var/ipcop/proxy/badsites.txt"
deny_info ERR_ACCESS_DENIED ads
http_access deny ads

http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all


N.B: the additional lines to the file.   
These lines are the lines needed to Deny Access to any sites you want.
 
Step 5:
This is were we make the list of 'Bad Sites'
Just use your favorite Text Editor (e.g. UltraEdit) and add 1 URL per line.

N.B: I have a list of Add Sites that I put together from the SquidGuard Blacklist
(http://ftp.teledanmark.no/pub/www/proxy/squidGuard/contrib/blacklists.tar.gz)
The list has over 400 Add servers listed.


Once the list is completed save the file as 'badsites.txt' the director we put the squid.conf file in.
 

Step 6:
Now all we need to do is to Copy(F5) the new files to the directory /var/ipcop/proxy on the IPCop Box.
 

N.B: Agree to Overwright the file 'squid.conf' when prompted

Step 6:
The Last Step !!!!
Restart The IPCop Box.


That's It. That's all there is to it. Once the IPCop is up and running again after the restart and after you have connected to the Internet, open a Web Browser and type in one off the address you added to the badsites.txt file. You should see an 'Access Denied' Message generated by your Squid Proxy.