 |
HOW-TO
Enable Website Filtering (With
IPCop)
with Squid ACL's
-: Part II :-
By Da Geek
This is the 2nd HOW-TO about filtering using Squid ACL's, hopefully
this will answer one of the questions I have seen
in my Mail-Box recently, witch is... "How do I block access to all web site
apart from a few 'Good' sites ?"
for these modifications to work you must have the Proxy service running on
IPCop 1st.
The first thing you will need is SCP/WinSCP (http://winscp.sourceforge.net) and
set it up to run with your IPCop (Port 222)
The only other things you need is a list of 'Good' sites to Allow Access too and
Notepad (Or compatible)
Step 1:
!!!! BACKUP YOUR IPCop CONFIGURATION !!!!
To do this, once inside WinSCP navigate to /var/ipcop
And Copy(F5) the hole Directory to an empty directory called IPCop Backup on
your local system.
|
Step 2:
Next make a new Directory(F7) on your own system again witch is where we are
going to put all the files we are going to change.
Step 3:
Now we need the file from the IPCop called 'squid.conf' from the '/var/ipcop/proxy' directory.
Now Copy(F5) the file 'squid.conf' to our empty directory
on our system.
|
Step 4:
Open the file squid.conf in your favorite Text Editor (e.g. UltraEdit)
There will be a section that looks like the following …
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localnet
http_access deny all
|
Now this needs to read…..
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl goodsites url_regex "/var/ipcop/proxy/goodsites.txt"
http_access allow goodsites
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
http_access allow localnet
http_access deny all
N.B: = these
lines have been added to the file,
= these
lines have been changed.
|
Step 5:
This is were we make the list of 'Good Sites'
Just use your favorite Text Editor (e.g. UltraEdit) and add 1 URL per line.
Once the list is completed save the file as 'goodsites.txt'
in the directory where we
put the squid.conf file on your computer.
|
Step 6:
Now all we need to do is to Copy(F5) the new files to the directory /var/ipcop/proxy
on the IPCop Box.
 N.B: Agree to Overwright the file 'squid.conf' when
prompted
Step 6:
The Last Step !!!!
Restart The IPCop Box.
That's It. That's all there is to it. Once the IPCop is up and running again
after the restart and after you have connected to the Internet, open a Web
Browser and type in one off the address you added to the goodsites.txt file.
You should have normal access to this site. But when you try to access any
other site you should see an 'Access Denied' Message generated by your Squid Proxy. |
|
|
