I wonder why some guyz took all the pain to configure SQUID without read the conf file or searching around...
its safe for them to switch to windows .... anyway ...everything iam mentioning here is already in squid.conf (if u can give ur ass some pain and read it).. PLEASE READ AND ADD THIS IN /etc/squid/squid.conf ####################################################### ########### THIS IS SQUID'S ACL ####################### ####################################################### # Only allow cachemgr access from localhost http_access allow manager localhost http_access allow manager http_access deny manager # Deny requests to unknown ports http_access deny !Safe_ports # Deny CONNECT to other than SSL ports http_access deny CONNECT !SSL_ports http_access allow localhost ## this is the ip address which is allowed to do everything..good for ur CEO or manager..let him watch porn and download ..who cares... acl server2 src 192.168.0.1 acl server2 src 223.194.144.28 #allowing SNMP..good if u want to monitor ur squid ising MRTG acl snmppublic snmp_community public # this is the URL u want to allow access to not matter wht acl GoodURL url_regex -i yahoo.com acl GoodURL url_regex -i google.com # these are the URL which u want to restrict..a long list..hope u can get the idea by now acl badURL url_regex -i spelletjes.nl acl badURL url_regex -i jigzone.com acl badURL url_regex -i funnies.com acl badURL url_regex -i mail.yahoo.com acl badURL url_regex -i candystand.com acl badURL url_regex -i email.indiatimes.com acl badURL url_regex -i popcap.com acl badURL url_regex -i miniclip.com acl badURL url_regex -i mail.indiatimes acl badURL url_regex -i mail.rediff acl badURL url_regex -i mail.lycos acl badURL url_regex -i hotmail acl badURL url_regex -i msn acl badURL url_regex -i sex acl badURL url_regex -i messenger acl badURL url_regex -i games acl badURL url_regex -i chat acl badURL url_regex -i mss acl badURL url_regex -i mp3 acl badURL url_regex -i mpg acl badURL url_regex -i mpeg acl badURL url_regex -i wma acl badURL url_regex -i raaga acl badURL url_regex -i indiafm acl badURL url_regex -i mail.sify acl badURL url_regex -i www.videodirectives.com acl badURL url_regex -i http://india.com acl badURL url_regex -i http://www.india.com acl badURL url_regex -i mymail.india.com acl badURL url_regex -i myaditya.mail.everyone.net acl badURL url_regex -i 2000greetings.com acl badURL url_regex -i mail4india.com acl badURL url_regex -i aditsan.com:8383 acl badURL url_regex -i mail.khalsa.com acl badURL url_regex -i agilemes.com:8383 acl badURL url_regex -i webmail.mschumacher.com acl badURL url_regex -i http://mail.com acl badURL url_regex -i http://www.mail.com acl badURL url_regex -i http://email.com acl badURL url_regex -i http://www.email.com acl badURL url_regex -i windowsmedia.com acl badURL url_regex -i gator.com acl badURL url_regex -i thinks.com acl badURL url_regex -i tickle.com acl badURL url_regex -i emode.com acl badURL url_regex -i allfreegals.com acl badURL url_regex -i fastclick.net acl badURL url_regex -i doubleclick.net acl badURL url_regex -i bonzi.com #This is restricting MIME type REQUEST acl x-type req_mime_type -i ^application/octet-stream$ acl x-type req_mime_type -i application/octet-stream acl x-type req_mime_type -i application/octet-stream acl x-type req_mime_type -i ^application/x-mplayer2$ acl x-type req_mime_type -i application/x-mplayer2 acl x-type req_mime_type -i ^application/x-oleobject$ acl x-type req_mime_type -i application/x-oleobject acl x-type req_mime_type -i application/x-pncmd acl x-type req_mime_type -i ^video/x-ms-asf$ #This is restricting MIME type REPLY acl x-type2 rep_mime_type -i ^application/octet-stream acl x-type2 rep_mime_type -i application/octet-stream acl x-type2 rep_mime_type -i application/octet-stream acl x-type2 rep_mime_type -i ^application/x-mplayer2$ acl x-type2 rep_mime_type -i application/x-mplayer2 acl x-type2 rep_mime_type -i ^application/x-oleobject$ acl x-type2 rep_mime_type -i application/x-oleobject acl x-type2 rep_mime_type -i application/x-pncmd acl x-type2 rep_mime_type -i ^video/x-ms-asf$ #NOW ALLOWING OR DENYING ALL ACL'S http_access allow server2 all http_access allow GoodURL all http_access deny x-type all http_reply_access deny x-type all http_access deny x-type2 all http_reply_access allow server2 all http_reply_access deny x-type2 all http_access deny badURL all # THIS IS THE EXTERNAL BAN LIST FILE acl filedeny url_regex -i "/etc/squid/filedeny" #Download definition for filedeny acl download method GET http_access deny filedeny download http_access deny filedeny ############################################### ##### ##### ##### #### ##### ##### ##### ###### create a file named '/etc/squid/filedeny' and add the following file extension which u want to restrict from downloading ################################## \.cpt$ \.pif$ \.scr$ \.dot$ \.wrd$ \.bin$ \.dms$ \.lha$ \.lzh$ \.ace$ \.r00$ \.r01$ \.exe$ \.wp5$ \.wk$ \.wz$ \.vcd$ \.bz2$ \.deb$ \.dvi$ \.tar$ \.gtar$ \.tgz$ \.gz$ \.bat$ \.rpm$ \.spm$ \.zip$ \.mid$ \.midi$ \.kar$ \.mpga$ \.mp2$s \.mp3$ \.ra$ \.dl$ \.fli$ \.gl$ \.mpe$ \.mpeg$ \.mpg$ \.qt$ \.mov$ \.avi$ \.movie \.wav$ \.au$ \.asf$ \.af$ \.bin$ \.gz$ \.bz2$ \.asx$ \.afx$ \.asf$ \.asx$ \.au$ \.avi$ \.divx$ \.m3u$ \.mov$ \.mp2$ \.mp3$ \.mpeg$ \.mpg$ \.qt$ \.ra$ \.ram$ \.rm$ \.viv$ \.vivo$ \.vob$ \.vqf$ \.wav$ \.wma$ \.wmv$ \.vbs$ \.shs$ \.pif$ \.wpm$ \.wvx$ ################################## now save the file..and chomod 655 /etc/squid/filedeny now restart squid service squid restart And do let me know if it works.. Regards, Peeyush Maurya http://peeyush.tk http://linux-fqs.com (under const.) __________________________________ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail _______________________________________________ ilugd mailinglist -- [EMAIL PROTECTED] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[EMAIL PROTECTED]/