Ryfujk

Is infinity mathematically observable?

Simple recursive Sudoku solver

Are taller landing gear bad for aircraft, particulary large airliners?

Are Warlocks Arcane or Divine?

Is the next prime number always the next number divisible by the current prime number, except for any numbers previously divisible by primes?

Can a malicious addon access internet history and such in chrome/firefox?

My boss asked me to take a one-day class, then signs it up as a day off

Freedom of speech and where it applies

How do I repair my stair bannister?

Identify a stage play about a VR experience in which participants are encouraged to simulate performing horrific activities

How will losing mobility of one hand affect my career as a programmer?

Can somebody explain Brexit in a few child-proof sentences?

What should I use for Mishna study?

Superhero words!

Giant Toughroad SLR 2 for 200 miles in two days, will it make it?

How to deal with or prevent idle in the test team?

What is the opposite of 'gravitas'?

Why does this part of the Space Shuttle launch pad seem to be floating in air?

Why are on-board computers allowed to change controls without notifying the pilots?

Blender - show edges angles “direction”

What was required to accept "troll"?

Is it okay / does it make sense for another player to join a running game of Munchkin?

A workplace installs custom certificates on personal devices, can this be used to decrypt HTTPS traffic?

Could solar power be utilized and substitute coal in the 19th century?

squid block domain transparent

How to configure PFSense firewall with external transparent Squid proxy?Transparent redirection to squid proxy server on the cloudLocal transparent proxy with ipfw and squidCan't Block https://facebook using squid TransparentTransparent Proxy squid TCP_MISS/503 Error in all pagesTwo transparent gateway using squid return 403squid transparent proxy for https / ssl traficSquid Transparent CachingTransparent Proxy Squid with internal and external network

0

How to block domain with transparent on Debian Squid?

http_port 3128 transparent

but I still have to set the manual proxy on the browser.

NB: I'm using Debian Wheezy with squid 2.7

proxy squid debian-wheezy

share|improve this question

asked Feb 22 '17 at 14:31

user401880user401880

1

bumped to the homepage by Community♦ 8 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Your question is not clear! Are you asking about blocking a specific domain or now to configure transparent proxy?
  
  – Khaled
  Feb 22 '17 at 14:36
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  blocking a specific domain. Do I have to set the proxy manually on the client's browser?
  
  – user401880
  Feb 22 '17 at 14:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @user401880, Your transparent proxy is not working. So first make sure you have a working transparent proxy. Thtat means the user doesn't need to set the proxy in browser. When this works, then you can try the domain blocking part. If the user traffic is not going through the proxy then it is useless whatever acl you put in squid.
  
  – Diamant
  Feb 22 '17 at 22:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  As pointed out by @bangal, these are two different issues. If you were looking to block a domain entirely, then I am not sure transparent mode is the best choice (to make that work for HTTPS, you would need to effectively MITM your users). I would ditch the transparent mode, configure your clients explicitly to use your proxy, and then configure squid (or use something like DansGuardian) to block the domain. If you run a DNS server, you could also create a record to redirect the domain to a specific IP (e.g. localhost, or some server you run).
  
  – iwaseatenbyagrue
  Mar 9 '17 at 8:43
  

  
  
  
  

add a comment | 

0

How to block domain with transparent on Debian Squid?

http_port 3128 transparent

but I still have to set the manual proxy on the browser.

NB: I'm using Debian Wheezy with squid 2.7

proxy squid debian-wheezy

share|improve this question

asked Feb 22 '17 at 14:31

user401880user401880

1

bumped to the homepage by Community♦ 8 mins ago

This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.

• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Your question is not clear! Are you asking about blocking a specific domain or now to configure transparent proxy?
  
  – Khaled
  Feb 22 '17 at 14:36
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  blocking a specific domain. Do I have to set the proxy manually on the client's browser?
  
  – user401880
  Feb 22 '17 at 14:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @user401880, Your transparent proxy is not working. So first make sure you have a working transparent proxy. Thtat means the user doesn't need to set the proxy in browser. When this works, then you can try the domain blocking part. If the user traffic is not going through the proxy then it is useless whatever acl you put in squid.
  
  – Diamant
  Feb 22 '17 at 22:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  As pointed out by @bangal, these are two different issues. If you were looking to block a domain entirely, then I am not sure transparent mode is the best choice (to make that work for HTTPS, you would need to effectively MITM your users). I would ditch the transparent mode, configure your clients explicitly to use your proxy, and then configure squid (or use something like DansGuardian) to block the domain. If you run a DNS server, you could also create a record to redirect the domain to a specific IP (e.g. localhost, or some server you run).
  
  – iwaseatenbyagrue
  Mar 9 '17 at 8:43
  

  
  
  
  

add a comment | 

How to block domain with transparent on Debian Squid?

http_port 3128 transparent

but I still have to set the manual proxy on the browser.

NB: I'm using Debian Wheezy with squid 2.7

proxy squid debian-wheezy

share|improve this question

asked Feb 22 '17 at 14:31

user401880user401880

1

http_port 3128 transparent

share|improve this question

asked Feb 22 '17 at 14:31

user401880user401880

1

share|improve this question

asked Feb 22 '17 at 14:31

user401880user401880

1

asked Feb 22 '17 at 14:31

user401880user401880

1

asked Feb 22 '17 at 14:31

user401880user401880

1

1 Answer
1

active

oldest

votes

0

If you want to block specific domain using squid proxy, you can use acl to define the domain to block and apply it to specific client IPs.

acl bad_dom dstdomain example.com

http_access deny bad_dom

You need to pay attention to other defined ACLs, because ACLs order does matter. So, this htt_access deny line should appear before allow everything else to some clients.

share|improve this answer

answered Feb 22 '17 at 14:42

KhaledKhaled

31.4k65487

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  okay. Do I have to set the proxy configuration on the browser?
  
  – user401880
  Feb 22 '17 at 14:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @user401880: No, if you have proxy working transparently.
  
  – Khaled
  Feb 22 '17 at 14:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  not working even when I have already made the proxy work transparently with http_port 3128 transparent
  
  – user401880
  Feb 22 '17 at 15:33
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f834189%2fsquid-block-domain-transparent%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

0

If you want to block specific domain using squid proxy, you can use acl to define the domain to block and apply it to specific client IPs.

acl bad_dom dstdomain example.com

http_access deny bad_dom

You need to pay attention to other defined ACLs, because ACLs order does matter. So, this htt_access deny line should appear before allow everything else to some clients.

share|improve this answer

answered Feb 22 '17 at 14:42

KhaledKhaled

31.4k65487

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  okay. Do I have to set the proxy configuration on the browser?
  
  – user401880
  Feb 22 '17 at 14:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @user401880: No, if you have proxy working transparently.
  
  – Khaled
  Feb 22 '17 at 14:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  not working even when I have already made the proxy work transparently with http_port 3128 transparent
  
  – user401880
  Feb 22 '17 at 15:33
  

  
  
  
  

add a comment | 

0

If you want to block specific domain using squid proxy, you can use acl to define the domain to block and apply it to specific client IPs.

acl bad_dom dstdomain example.com

http_access deny bad_dom

You need to pay attention to other defined ACLs, because ACLs order does matter. So, this htt_access deny line should appear before allow everything else to some clients.

share|improve this answer

answered Feb 22 '17 at 14:42

KhaledKhaled

31.4k65487

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  okay. Do I have to set the proxy configuration on the browser?
  
  – user401880
  Feb 22 '17 at 14:45
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @user401880: No, if you have proxy working transparently.
  
  – Khaled
  Feb 22 '17 at 14:46
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  not working even when I have already made the proxy work transparently with http_port 3128 transparent
  
  – user401880
  Feb 22 '17 at 15:33
  

  
  
  
  

add a comment | 

If you want to block specific domain using squid proxy, you can use acl to define the domain to block and apply it to specific client IPs.

acl bad_dom dstdomain example.com

http_access deny bad_dom

You need to pay attention to other defined ACLs, because ACLs order does matter. So, this htt_access deny line should appear before allow everything else to some clients.

share|improve this answer

answered Feb 22 '17 at 14:42

KhaledKhaled

31.4k65487

acl bad_dom dstdomain example.com

http_access deny bad_dom

share|improve this answer

answered Feb 22 '17 at 14:42

KhaledKhaled

31.4k65487

answered Feb 22 '17 at 14:42

KhaledKhaled

31.4k65487

answered Feb 22 '17 at 14:42

KhaledKhaled

31.4k65487