Squid can natively via built in ACL.
acl mydstdomain dstdomain .abc123.net
acl mydstdomain dstdomain .def456.com
http_access deny mydstdomain
you can also add regex
# acl aclname url_regex [-i] ^http:// ... # regex matching on whole
URL
# acl aclname urlpath_regex [-i] \.gif$ ..
Squid by it self won't but if you add something like SquidGuard to Squid,
which is desinged to block spcific sites was as down to pages. They have
thosands of prebuilt urls to block (i.e. porn, shopping, hacking all in groups
to add).
There are several packages to Squid which uses helper apps to d
On Fri, Jul 11, 2014 at 12:19:11PM -0700, ARUN CHAKRAPANI RAO wrote:
>Hi,
> Please do forgive me if this is the wrong place to as this Q?
>We are an isp looking for a tool which can block specific url instead of
>the domain itself.
>for example
>[1]http://www.facebook.com/se
You may want to look at a web based proxy solution that can block inline
(such as squid proxy in transparency mode).. That wont help you much though
with SSL because that would be considered man-in-the-middle and you
would not be able to see http header info of the SSL traffic.
Danny
From:
Hi,
Please do forgive me if this is the wrong place to as this Q?
We are an isp looking for a tool which can block specific url instead of the
domain itself.
for example
http://www.facebook.com/seekinghelp
https://twitter.com/canweblockurl
The reason being, we get mails from the Government order
yeah. I set ROUTE_FILTER=No and now the packets are getting through. But if
possible I'd like to just routefilter the one's coming from ipsec0.
Unfortunately I can't set that on a wildcard interface. Can I just prep up
ipsec0 as an optional interface with routefilter=0 and will routefiltering be
On 7/10/2014 8:41 AM, ray klassen wrote:
> I have 30 odd permanent vpns running pure ipsec over KLIPS, the openswan
> option erroneously called 2.4 kernel in the shorewall documentation. It
> still works way better than NETKEY. Switching over to KLIPS from NETKEY
> after using it for years solved i
DOH! looks like rsyslog didn't make it through the upgrade for some reason.
installed, all good now.. thanks for pointing me in the right direction.
From: Tom Eastep [teas...@shorewall.net]
Sent: Thursday, July 10, 2014 2:36 PM
To: shorewall-users@lists.s