 |
HOW-TO
Enable Website Filtering (With
IPCop)
with Squid ACL's
-: Part III :-
By Da Geek
This is the 3rd HOW-TO about filtering using Squid ACL's, This is
aimed at the people who used Part Two of the HOW-TO and would like a few
computers to have Full Unrestricted Access to the web.
For these modifications to work you must have the Proxy service running on
IPCop 1st & have completed the steps in Part II
of these HOW-TOs.
The first thing you will need is SCP/WinSCP (http://winscp.sourceforge.net) and
set it up to run with your IPCop (Port 222)
The only other things you need is a list of IP Address of the computers that
will have Full Unrestricted Access to the web and
Notepad (Or compatible)
Step 1:
!!!! BACKUP YOUR IPCop CONFIGURATION !!!!
To do this, once inside WinSCP navigate to /var/ipcop
And Copy(F5) the hole Directory to an empty directory called IPCop Backup on
your local system.
|
Step 2:
Next make a new Directory(F7) on your own system again witch is where we are
going to put all the files we are going to change.
Step 3:
Now we need the file from the IPCop called 'squid.conf' from the '/var/ipcop/proxy' directory.
Now Copy(F5) the file 'squid.conf' to our empty directory
on our system.
|
Step 4:
Open the file squid.conf in your favorite Text Editor (e.g. UltraEdit)
There will be a section that looks like the following …
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl localnet src 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl goodsites url_regex "/var/ipcop/proxy/goodsites.txt"
http_access allow goodsites
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
#
http_access allow localnet
http_access deny all
N.B: = these
lines where added or changed in Part II of the
HOW-TO.
|
Now this needs to read…..
acl all src 0.0.0.0/0.0.0.0
acl localhost src 127.0.0.1/255.255.255.255
acl staff src "/var/ipcop/proxy/staff.ip"
acl localnet src 192.168.0.0/255.255.255.0
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl goodsites url_regex "/var/ipcop/proxy/goodsites.txt"
http_access allow goodsites
http_access allow localhost
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow staff
#
http_access allow localnet
http_access deny all
N.B: = these
lines have been added to the file.
|
Step 5:
This is were we make the list of IP Address of the computers that will have
Full Unrestricted Access to the web.
Just use your favorite Text Editor (e.g. UltraEdit) and add 1 IP Address per
line in the form of '192.168.0.40/32' without the quotation marks.
This dose mean that each of the computers that will have Full
Unrestricted Access to the web will need a static IP Address or a
reservation on the DHCP Server.
NB: You MUST add the '/32'
at the end of each IP Address of this will NOT work.
Once the list is completed save the file as 'staff.ip'
in the directory where we
put the squid.conf file on your computer.
|
Step 6:
Now all we need to do is to Copy(F5) the new files to the directory /var/ipcop/proxy
on the IPCop Box.
 N.B: Agree to Overwright the file 'squid.conf' when
prompted
Step 6:
The Last Step !!!!
Restart The IPCop Box.
That's It. That's all there is to it. Once the IPCop is up and running again
after the restart and after you have connected to the Internet, open a Web
Browser and type in one off the address you added to the goodsites.txt file.
You should have normal access to this site. But when you try to access any
other site you should see an 'Access Denied' Message generated by your Squid Proxy. |
|
|
