Is it possible to allow specific user or IP to bypass squidguard?Ubuntu 9.10 and Squid 2.7 Transparent Proxy...
Why is it a bad idea to hire a hitman to eliminate most corrupt politicians?
Is it inappropriate for a student to attend their mentor's dissertation defense?
Can we compute the area of a quadrilateral with one right angle when we only know the lengths of any three sides?
How do I know where to place holes on an instrument?
A friend helped me with a presentation – plagiarism or not?
Extract rows of a table, that include less than x NULLs
Is "remove commented out code" correct English?
Do UK voters know if their MP will be the Speaker of the House?
Bullying boss launched a smear campaign and made me unemployable
Am I breaking OOP practice with this architecture?
How can I deal with my CEO asking me to hire someone with a higher salary than me, a co-founder?
Can I run a new neutral wire to repair a broken circuit?
How do I gain back my faith in my PhD degree?
Why can't we play rap on piano?
Little known, relatively unlikely, but scientifically plausible, apocalyptic (or near apocalyptic) events
How to show a landlord what we have in savings?
I would say: "You are another teacher", but she is a woman and I am a man
Intersection Puzzle
How do I handle a potential work/personal life conflict as the manager of one of my friends?
How dangerous is XSS?
What about the virus in 12 Monkeys?
What is the most common color to indicate the input-field is disabled?
What is the difference between 仮定 and 想定?
Is there an expression that means doing something right before you will need it rather than doing it in case you might need it?
Is it possible to allow specific user or IP to bypass squidguard?
Ubuntu 9.10 and Squid 2.7 Transparent Proxy TCP_DENIEDSquid to allow specific portssquidGuard hangs during setupSquid squidGuard on Debian 6VPN client blocked through squid serverSquid2 on Debian 6 - No connection to the proxysquid slow initial webpage loadingsquid ssl bump sslv3 enforce to allow old sitesTwo transparent gateway using squid return 403HTTPS Content Filtering without de-crypting traffic using squid?
Recently, I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denied the access to gamble websites.
My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.
Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).
My squid.conf file:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
redirect_program /usr/bin/squidGuard
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
My squidGuard.conf file:
dbhome /var/lib/squidguard/db
logdir /var/log/squidguard
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
src admin {
ip 1.2.3.4 1.2.3.5
user root foo bar
within workhours
}
src foo-clients {
ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
}
src bar-clients {
ip 172.16.4.0/26
}
dest good { }
dest local { }
dest porn { }
dest gamble{
domainlist gamble/domains
urllist gamble/urls
}
acl {
admin {
pass any
}
foo-clients within workhours {
pass good !in-addr !porn any
} else {
pass any
}
bar-clients {
pass local none
}
default {
pass !gamble any
redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?
clientaddr=%a&clientname=%n
&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.
Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.
linux debian proxy squid
asked 1 min ago
Leonardo BassiLeonardo Bassi
12
New contributor
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Recently, I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denied the access to gamble websites.
My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.
Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).
My squid.conf file:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
redirect_program /usr/bin/squidGuard
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
My squidGuard.conf file:
dbhome /var/lib/squidguard/db
logdir /var/log/squidguard
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
src admin {
ip 1.2.3.4 1.2.3.5
user root foo bar
within workhours
}
src foo-clients {
ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
}
src bar-clients {
ip 172.16.4.0/26
}
dest good { }
dest local { }
dest porn { }
dest gamble{
domainlist gamble/domains
urllist gamble/urls
}
acl {
admin {
pass any
}
foo-clients within workhours {
pass good !in-addr !porn any
} else {
pass any
}
bar-clients {
pass local none
}
default {
pass !gamble any
redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?
clientaddr=%a&clientname=%n
&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.
Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.
linux debian proxy squid
asked 1 min ago
Leonardo BassiLeonardo Bassi
12
New contributor
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Recently, I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denied the access to gamble websites.
My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.
Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).
My squid.conf file:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
redirect_program /usr/bin/squidGuard
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
My squidGuard.conf file:
dbhome /var/lib/squidguard/db
logdir /var/log/squidguard
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
src admin {
ip 1.2.3.4 1.2.3.5
user root foo bar
within workhours
}
src foo-clients {
ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
}
src bar-clients {
ip 172.16.4.0/26
}
dest good { }
dest local { }
dest porn { }
dest gamble{
domainlist gamble/domains
urllist gamble/urls
}
acl {
admin {
pass any
}
foo-clients within workhours {
pass good !in-addr !porn any
} else {
pass any
}
bar-clients {
pass local none
}
default {
pass !gamble any
redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?
clientaddr=%a&clientname=%n
&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.
Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.
linux debian proxy squid
asked 1 min ago
Leonardo BassiLeonardo Bassi
12
New contributor
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Recently, I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denied the access to gamble websites.
My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.
Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).
My squid.conf file:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
redirect_program /usr/bin/squidGuard
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320
My squidGuard.conf file:
dbhome /var/lib/squidguard/db
logdir /var/log/squidguard
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
src admin {
ip 1.2.3.4 1.2.3.5
user root foo bar
within workhours
}
src foo-clients {
ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
}
src bar-clients {
ip 172.16.4.0/26
}
dest good { }
dest local { }
dest porn { }
dest gamble{
domainlist gamble/domains
urllist gamble/urls
}
acl {
admin {
pass any
}
foo-clients within workhours {
pass good !in-addr !porn any
} else {
pass any
}
bar-clients {
pass local none
}
default {
pass !gamble any
redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?
clientaddr=%a&clientname=%n
&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.
Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.
linux debian proxy squid
linux debian proxy squid
asked 1 min ago
Leonardo BassiLeonardo Bassi
12
New contributor
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 min ago
Leonardo BassiLeonardo Bassi
12
New contributor
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 min ago
Leonardo BassiLeonardo Bassi
12
New contributor
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
asked 1 min ago
Leonardo BassiLeonardo Bassi
12
asked 1 min ago
Leonardo BassiLeonardo Bassi
12
12
New contributor
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961435%2fis-it-possible-to-allow-specific-user-or-ip-to-bypass-squidguard%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.
Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.
Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.
Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961435%2fis-it-possible-to-allow-specific-user-or-ip-to-bypass-squidguard%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
