Re: [squid-users] Block file extension over https

On 20.05.20 07:13, Leonardo Bacha Abrantes wrote: Please does anyone has a effective way how to block file download over https connection? I tried many things but didn't work. Only worked over http. this requires SSL bumping. in https, you don't see the content unless you bump, and

Re: [squid-users] Block and allow connections by CA

On 12/19/19 5:56 AM, Patrícia Sousa wrote: > I would like to have an IoT device that only receives and sends requests > to and from certain devices that belong and are authenticated by a > specific certificate authority. Is it possible to block all other > connections or only allow connections

Re: [squid-users] block visit 80/443 browsing via IP(no domain name)

On 30/07/18 04:59, Walter H. wrote: > skype was blocking every raw-ip:443 instead of just its own IPs, a bit > too restricted, though it can have a list of its own IPs and dst might > just work. That was the point. Skype is P2P software. Certain versions use raw-IP to connect to arbitrary IPs.

Re: [squid-users] block visit 80/443 browsing via IP(no domain name)

On 30/07/18 04:59, Walter H. wrote: > On 29.07.2018 06:11, Gordon Hsiao wrote: >> is there a way to block any attempt to visit http/https by _any_ IP >> directly, i.e.  >> >> http://my-IP or https://my-IP (yes this will give a warning for SSL >> most likely). here my-IP could be any IPv4 address,

Re: [squid-users] block visit 80/443 browsing via IP(no domain name)

On 29.07.2018 06:11, Gordon Hsiao wrote: is there a way to block any attempt to visit http/https by _any_ IP directly, i.e. http://my-IP or https://my-IP (yes this will give a warning for SSL most likely). here my-IP could be any IPv4 address, for example. Basically I want to have Squid to

Re: [squid-users] block visit 80/443 browsing via IP(no domain name)

part -- > An HTML attachment was scrubbed... > URL: < > http://lists.squid-cache.org/pipermail/squid-users/attachments/20180728/a65bf67a/attachment-0001.html > > > > -- > > Message: 2 > Date: Sun, 29 Jul 2018 18:32:45 +120

Re: [squid-users] block visit 80/443 browsing via IP(no domain name)

On 29/07/18 16:11, Gordon Hsiao wrote: > is there a way to block any attempt to visit http/https by _any_ IP > directly, i.e.  > > http://my-IP or https://my-IP (yes this will give a warning for SSL most > likely Er, what makes you think that? Squid intercepting HTTPS has to already be

Re: [squid-users] Block some web to a group of ip and allow the rest.

On 24/02/18 04:45, erdosain9 wrote: > Hi to all. > Im trying to block some web to a ip group. > > [root@squid ips]# cat i-restringidos.lst > 192.168.1.42 > 192.168.1.43 > 192.168.1.44 > 192.168.1.45 > 192.168.1.99 > 192.168.1.50 > 192.168.1.128 > > This same ip group has access to all

Re: [squid-users] Block a web just for a group inside another group, or how?

On 05/12/17 13:07, erdosain9 wrote: Thanks Amos. Let's be clear ... this configuration was working exactly as I wanted it to. The users in each of those groups (i-full, sin_autenticacion, i-limitados) navigated without problems. So that they did not navigate, I simply took them out of one of

Re: [squid-users] Block a web just for a group inside another group, or how?

 Hi, In general, the basic idea is this: ACLs: LARGEGROUP (eg. all users) SMALLGROUP (subset of LARGEGROUP you want to further filter) SMALLBLACKLIST (site list for SMALLGROUP) http_access deny SMALLGROUP SMALLBLACKLIST http_access allow LARGEGROUP [whatever] http_access deny all You could

Re: [squid-users] Block a web just for a group inside another group, or how?

Thanks Amos. Let's be clear ... this configuration was working exactly as I wanted it to. The users in each of those groups (i-full, sin_autenticacion, i-limitados) navigated without problems. So that they did not navigate, I simply took them out of one of those groups, period. Everything works

Re: [squid-users] Block a web just for a group inside another group, or how?

05.12.2017 5:06, erdosain9 пишет: > mmm > > Ok, thanks > i do that but, with users (calling a new group in the domain). Instead of > this i can do a list of users in a file?? > Anyway, i do that, but instead of > http access deny acl acl > > i do > > http access allow acl !acl > > This will be

Re: [squid-users] Block a web just for a group inside another group, or how?

But, that's exactly the problem. Thats what i do. I do a have this large group i-full and a small group with a few users from i-full, the small group is called i-restringidos. And put i-restringidos in the top... (as you can see in my config file) But, is not working. They can go trough the web

Re: [squid-users] Block a web just for a group inside another group, or how?

Well, something like this (just to illustrate principe, dont copy and paste ;)): # Subset who don't have access to web whatsapp acl no_web_whatsapp src IP1 IP2 IP3 IP4 acl web_whatsapp dstdomain web.whatsapp.com # Group incouding IP1-IP4; the rest of group has access to web whatsapp acl

Re: [squid-users] Block a web just for a group inside another group, or how?

Sorry, i dont understand. Just enumerate the user in a acl? a common acl or a kerberos acl?? can you put me a example please? Thanks -- Sent from: http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html ___ squid-users mailing

Re: [squid-users] Block a web just for a group inside another group, or how?

Indeed. Just enumerate this users in acl and put this acl above group acl. 05.12.2017 4:17, erdosain9 пишет: > I dont know if i explain well myself... > i just want block some web access (facebook, web.whatsapp, etc.) to just a > few users from a large group. > Thanks > > > > -- > Sent from: >

Re: [squid-users] block user agent

On 22/11/17 23:48, Vieri wrote: From: Amos Jeffries If you place that after the default "deny CONNECT !SSL_ports", and before your UA checks, AND if you are using ssl_bump on the allowed tunnels then you can relatively safely use "allow

Re: [squid-users] block user agent

From: Amos Jeffries > > If you place that after the default "deny CONNECT !SSL_ports", and > before your UA checks, AND if you are using ssl_bump on the allowed > tunnels then you can relatively safely use "allow CONNECT". > > Just be

Re: [squid-users] block user agent

From: Amos Jeffries > > http_access allow goodAgents !baddomains (AND) > > If the first line matches the allow happens. > otherwise deny happens > > ie. goodAgents are only allowed to non-baddomains. All non-goodAgents > are denied to

Re: [squid-users] block user agent

On 20/11/17 21:45, Vieri wrote: From: Alex Rousskov You may be conflating two very different goals: A) Understanding why Squid does X. B) Configuring Squid to do what you want. My response was focused on the former. Once you understand, you can probably

Re: [squid-users] block user agent

From: Alex Rousskov > > You may be conflating two very different goals: > > A) Understanding why Squid does X. > B) Configuring Squid to do what you want. > > My response was focused on the former. Once you understand, you can

Re: [squid-users] block user agent

On 18/11/17 04:27, Vieri wrote: From: Alex Rousskov 1. Your "works" and "does not work" setups currently differ in at least three variables: user agent name, slash after the user agent name, and acl negation in http_access.

Re: [squid-users] block user agent

On 11/17/2017 08:27 AM, Vieri wrote: > From: Alex Rousskov >> 1. Your "works" and "does not work" setups currently differ in at least >> three variables: user agent name, slash after the user agent name, and >> acl negation in http_access. Find out which single

Re: [squid-users] block user agent

17.11.2017 21:27, Vieri пишет: > > From: Alex Rousskov >> 1. Your "works" and "does not work" setups currently differ in at least >> three variables: user agent name, slash after the user agent name, and >> acl negation in

Re: [squid-users] block user agent

On 11/16/2017 01:44 AM, Vieri wrote: > Let me rephrase my previous question "So why does my first example > actually work even for https sites?" to "So why does my first example > actually work even for https sites in an ssl-bumped setup (the same > as in example 2)?" AFAICT, there is not enough

Re: [squid-users] block user agent

From: Amos Jeffries > > If you are decrypting the traffic, then it works as I said exactly the > same as for HTTP messages. > > If you are not decrypting the traffic, but receiving forward-proxy > traffic then you are probably blocking the

Re: [squid-users] block user agent

On 16/11/17 21:29, Vieri wrote: From: Amos Jeffries The following works: acl denied_useragent browser Chrome acl denied_useragent browser MSIE acl denied_useragent browser Opera acl denied_useragent browser Trident [...] http_access

Re: [squid-users] block user agent

Let me rephrase my previous question "So why does my first example actually work even for https sites?" to "So why does my first example actually work even for https sites in an ssl-bumped setup (the same as in example 2)?" ___ squid-users mailing list

Re: [squid-users] block user agent

From: Amos Jeffries > >> The following works: >> >> acl denied_useragent browser Chrome >> acl denied_useragent browser MSIE >> acl denied_useragent browser Opera >> acl denied_useragent browser Trident >> [...] >> http_access deny

Re: [squid-users] block user agent

On 16/11/17 00:18, Vieri wrote: Hi, I'm trying to block some user agents (I know it's easy to fake, but most users won't try to fake that header value). The following works: acl denied_useragent browser Chrome acl denied_useragent browser MSIE acl denied_useragent browser Opera acl

Re: [squid-users] Block WebRTC Leak using Squid

o:squid-users-boun...@lists.squid-cache.org] On > Behalf Of Sekar Duraisamy > Sent: Monday, August 28, 2017 09:26 > To: Amos Jeffries <squ...@treenet.co.nz> > Cc: squid-users@lists.squid-cache.org > Subject: Re: [squid-users] Block WebRTC Leak using Squid > > H

Re: [squid-users] Block WebRTC Leak using Squid

...@ngtech.co.il -Original Message- From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Sekar Duraisamy Sent: Monday, August 28, 2017 09:26 To: Amos Jeffries <squ...@treenet.co.nz> Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Block WebRTC Leak

Re: [squid-users] Block WebRTC Leak using Squid

[mailto:squid-users-boun...@lists.squid-cache.org] On Behalf Of Sekar Duraisamy Sent: Monday, August 28, 2017 09:26 To: Amos Jeffries <squ...@treenet.co.nz> Cc: squid-users@lists.squid-cache.org Subject: Re: [squid-users] Block WebRTC Leak using Squid Hi, I have tried the below. via on forward

Re: [squid-users] Block WebRTC Leak using Squid

On 28/08/17 21:19, Sekar Duraisamy wrote: browserleaks.com/ip . I am testing through Mozilla Browser One of the sites that use non-HTTP mechanisms to figure out their results. Squid has nothing to do with the data sources they are actually using. To see what details are being emitted

Re: [squid-users] Block WebRTC Leak using Squid

quid-cache.org Subject: Re: [squid-users] Block WebRTC Leak using Squid browserleaks.com/ip . I am testing through Mozilla Browser On Mon, Aug 28, 2017 at 12:47 PM, Eliezer Croitoru <elie...@ngtech.co.il> wrote: > I remembered something so please also try: > http://ngtech.co.il/ip.ph

Re: [squid-users] Block WebRTC Leak using Squid

Hi, I have tried the below. via on forwarded_for delete visible_hostname localhost request_header_access User-Agent deny all But still I am able to see original client local IP address and Client Public IP address instead of tcp_outgoing_address as original client IP. Am i missed anything

Re: [squid-users] Block WebRTC Leak using Squid

On 25/08/17 14:00, Sekar Duraisamy wrote: Thanks Amos, Can i use the above configuration even though I am using tcp_outgoing_address in the squid conf? I want to make visible only tcp_outgoing_address only visible to outside and not real client IP. The second set of directives to hide the

Re: [squid-users] Block WebRTC Leak using Squid

Thanks Amos, Can i use the above configuration even though I am using tcp_outgoing_address in the squid conf? I want to make visible only tcp_outgoing_address only visible to outside and not real client IP. On Fri, Aug 25, 2017 at 4:11 AM, Amos Jeffries wrote: > On

Re: [squid-users] Block WebRTC Leak using Squid

On 25/08/17 03:21, Sekar Duraisamy wrote: I am using http_port 3128 ( direct proxy ) Then: # to hide the proxy via off forwarded_for transparent # to hide the client via on forwarded_for delete request_header_access User-Agent deny all As you may be able to tell from those you

Re: [squid-users] Block WebRTC Leak using Squid

I am using http_port 3128 ( direct proxy ) On Thu, Aug 24, 2017 at 5:33 PM, Eliezer Croitoru wrote: > Hey, > > Is the proxy a simple forward proxy or a transparent? > Ie what "http_port" line looks like? > > Also, you should never use this: > request_header_access Host deny

Re: [squid-users] Block WebRTC Leak using Squid

Hey, Is the proxy a simple forward proxy or a transparent? Ie what "http_port" line looks like? Also, you should never use this: request_header_access Host deny all if you want http to work properly. I am not sure if it's possible to apply this rule. Try to use: forwarded_for delete All The

Re: [squid-users] Block doc documents

On 27/06/17 23:53, Daniel Rieken wrote: Hello, I would like to block my users from downloading doc- and docm-files, but not docx. So this works fine for me: /etc/squid3/blockExtensions.acl: \.doc(\?.*)?$ \.docm(\?.*)?$ acl blockExtensions urlpath_regex -i "/etc/squid3/blockExtensions.acl"

Re: [squid-users] Block doc documents

You need an ICAP server intelligent enough to differentiate between the file types. Squid is a proxy and can only deal with the protocol. An ICAP server can deal with the content. C-icap and ecap are a couple options that seem to be available. I havr no experience with either. On Jun 27, 2017

Re: [squid-users] Block access to a ip (external)

On 26/08/2016 8:40 a.m., erdosain9 wrote: > Is there any way to know which service (web, or whatever) provides this ip ?? > Because it consumes a lot of bandwidth. > How do I know which machine asks for it ?? From the proxy. > > It also appears the ip 190.61.17.10 > > Greetings and thanks.

Re: [squid-users] Block access to a ip (external)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Akamai works with many companies. Antivirus providers, MS updates, Social networks (FB, Instagram, etc.etc.etc.). 26.08.2016 2:40, erdosain9 пишет: > Is there any way to know which service (web, or whatever) provides this ip ?? Only squid's

Re: [squid-users] Block access to a ip (external)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Traceroute confirm this: root @ khorne / # traceroute 190.61.17.9 traceroute to 190.61.17.9 (190.61.17.9), 30 hops max, 40 byte packets 1 192.168.201.1 (192.168.201.1) 0.978 ms 0.798 ms 0.755 ms 2 178.88.163.97 (178.88.163.97) 24.230 ms

Re: [squid-users] Block access to a ip (external)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Feel free to check yoursuspicious IP: http://www.tcpiputils.com/browse/ip-address/190.61.17.9 As you can see, this is Akamai. So, this can be (most probably) perfectly legitimate traffic. So, don't panic. 26.08.2016 0:58, erdosain9 пишет:

Re: [squid-users] Block access to a ip (external)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Feel free to check yoursuspicious IP: http://www.tcpiputils.com/browse/ip-address/190.61.17.9 As you can see, this is Akamai. So, this can be (most probably) perfectly legitimate traffic. So, don't panic. 26.08.2016 0:58, erdosain9 пишет: >

Re: [squid-users] Block access to a ip (external)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Feel free to check yoursuspicious IP: http://www.tcpiputils.com/browse/ip-address/190.61.17.9 As you can see, this is Akamai. So, this can be (most probably) perfectly legitimate traffic. So, don't panic. 26.08.2016 0:58, erdosain9 пишет: >

Re: [squid-users] Block access to a ip (external)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 With router or L3 switch. 26.08.2016 0:58, erdosain9 пишет: > Hi. > I have too much traffic to this ip 190.61.17.9 i really dont know what > it is... so i want to block that ip. > How i can do this? > Thanks! > > > > -- > View this message

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

Thanks so much for detailed explanation, will try cisco thing and will check if it gets working On Sat, Apr 30, 2016 at 3:34 AM, Yuri Voinov wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > AFAIK, > > every proxy admin faced with excessively smart users who

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 AFAIK, every proxy admin faced with excessively smart users who want to bypass a proxy. If you think that this is not true in your case - it means you not know yet. While you suffer prince Hamlet's ethical dilemma - "To bump or not to bump - that

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The another option is using advanced DPI with database. Like China government uses. Squid itself can't. 29.04.16 16:33, Reet Vyas пишет: > Hi, > > I have working trasparent squid , Some users are using proxy vpn in moziilla as addon and

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

Not with squid, man. Only on Cisco/another router by IP. ip access-list extended TO_INET remark Hamachi deny ip 25.0.0.0 0.255.255.255 any deny ip 64.34.106.0 0.0.0.255 any deny ip any host 69.25.21.195 deny ip any host 74.201.75.195 deny ip any host 146.255.195.92 remark

Re: [squid-users] Block VPN access like hola.org ,ultrasurf

Not with squid, man. Only on Cisco/another router by IP. ip access-list extended TO_INET remark Hamachi deny ip 25.0.0.0 0.255.255.255 any deny ip 64.34.106.0 0.0.0.255 any deny ip any host 69.25.21.195 deny ip any host 74.201.75.195 deny ip any host 146.255.195.92 remark

Re: [squid-users] Block google pictures

Antony Stone Gesendet: Donnerstag, 26. November 2015 13:36 An: squid-users@lists.squid-cache.org Betreff: Re: [squid-users] Block google pictures On Thursday 26 November 2015 at 13:18:46, Funke, Martin wrote: Hello list, is there a way to block the access to the google picture search? https

Re: [squid-users] Block google pictures

On Thursday 26 November 2015 at 13:18:46, Funke, Martin wrote: > Hello list, > > is there a way to block the access to the google picture search? > https://www.google.de/imghp?hl=de I'm going to stick my neck out and say "no", because there are just too many ways of achieving the same result

Re: [squid-users] Block google pictures

Auftrag von Antony Stone Gesendet: Donnerstag, 26. November 2015 13:36 An: squid-users@lists.squid-cache.org Betreff: Re: [squid-users] Block google pictures On Thursday 26 November 2015 at 13:18:46, Funke, Martin wrote: > Hello list, > > is there a way to block the access to the googl

Re: [squid-users] Block google pictures

use SSL bump and block URLs and/or URL-paths On 26.11.2015 15:27, Funke, Martin wrote: Im using squid + squid guard in a primary school and sometimes the primary-school pupil search for penis and things like that :). That’s why I need a way to stop them doing these things. smime.p7s

Re: [squid-users] block inappropriate images of google

Hi Amos. I wanted to try out the ssl-bump splice to send traffic to a peer found in the recent snapshots for 3.5.6/7 to block Google images. I compiled configured and installed the latest 3.5 snapshot and added the directives you listed above to squid.conf but I am not sure I got them right.

Re: [squid-users] block inappropriate images of google

On 1/08/2015 8:49 a.m., Stanford Prescott wrote: Hi Amos. I wanted to try out the ssl-bump splice to send traffic to a peer found in the recent snapshots for 3.5.6/7 to block Google images. I compiled configured and installed the latest 3.5 snapshot and added the directives you listed above to

Re: [squid-users] block inappropriate images of google

There is a project for icap that does exactly what you want. This is like a L8 filter, meanwhile dns is L5. The higher, the better On Jul 31, 2015 5:20 PM, Amos Jeffries squ...@treenet.co.nz wrote: On 1/08/2015 8:49 a.m., Stanford Prescott wrote: Hi Amos. I wanted to try out the ssl-bump

Re: [squid-users] Block word in a URL part

On 21/07/2015 5:24 a.m., Felipe Almeida wrote: Hi all, I have a problem here where I need to block some words within a search result in a URL. For example, a I have those two URLs below: https://www.youtube.com/results?search_query=porn

Re: [squid-users] Block whatsapp with transparent proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 This is the best solution in many cases. ;) 09.06.15 0:11, Jonathan Filogna пишет: ty yuki, but i finally decided to block whatsapp with pfSense via firewall rules and aliases El 08/06/15 a las 12:32, Yuri Voinov escibió: Feel free to

Re: [squid-users] Block whatsapp with transparent proxy

ty yuki, but i finally decided to block whatsapp with pfSense via firewall rules and aliases El 08/06/15 a las 12:32, Yuri Voinov escibió: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 https://www.google.com/search?q=squid+watsup+blocking Feel free to Google your question first.

Re: [squid-users] Block whatsapp with transparent proxy

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 https://www.google.com/search?q=squid+watsup+blocking Feel free to Google your question first. 08.06.15 20:37, Jonathan Filogna пишет: Hi all, greetings from Argentina I want to know if can be possible block whatsapp for mobiles with a

Re: [squid-users] block inappropriate images of google

Hello Andres, N.B. Please take my answer with a huge grain of salt. The google images search returns image results (thumbnails) as inline base 64 encoded images in the CSS. Selectively blocking them with any URL redirector will not work. It is possible to completely block google images but I

Re: [squid-users] block inappropriate images of google

There is a way to use an internal dns server to redirect all google searches to their safe search google. This does help with inappropriate images and searches that maybe quesionable. Just 'google' dns safesearch. You should get a few hits. Im currently doing this and it works very well. On

Re: [squid-users] block inappropriate images of google

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Transparent DNS interception is more reliable technics, but requires some advanced things. Including continious support. And also this will not proof against browser anti-proxy plugins. BTW, gents, we are talking about advanced internet users -

Re: [squid-users] block inappropriate images of google

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Also note: Most browser's anti-proxy plugins exists for Android/Apple. 19.05.15 0:25, Dwayne Hottinger пишет: There is a way to use an internal dns server to redirect all google searches to their safe search google. This does help with

Re: [squid-users] block youtube google videos and other kind of stream

For youtube you can block couple domains and url patterns in order to achive the same result. Eliezer On 06/03/2014 08:25, Caracol Bartolito wrote: Hi Eliezer Thanks for your answer. I use squid like web caching, I already block video streaming, it works but in sometimes in a particular

Re: [squid-users] block youtube google videos and other kind of stream

Hi Eliezer Thanks for your answer. I use squid like web caching, I already block video streaming, it works but in sometimes in a particular time of the day. On Wed, Feb 26, 2014 at 12:20 PM, Eliezer Croitoru elie...@ngtech.co.il wrote: The issue can be seen in the logs. It depense on how

Re: [squid-users] block youtube google videos and other kind of stream

The issue can be seen in the logs. It depense on how you use the proxy. in the case you do use the proxy as a forward proxy that is setup in the browser settings it is pretty simple to block.(not that but still). To block youtube and other videos the basic restrictions wont help. What do you

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

I now have implemented FredB’s idea into my own basic helper in php, which says ERR when the credential expire date time is in the past. That seems to work also for iPads :) That expire date time can be set (to now + xx min) via a php page and correct credentials. Can you post your helper

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Op 21-feb.-2014, om 10:39 heeft FredB fredbm...@free.fr het volgende geschreven: I now have implemented FredB’s idea into my own basic helper in php, which says ERR when the credential expire date time is in the past. That seems to work also for iPads :) That expire date time can be set

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Amos, I implemented a custom ‚session’ helper that checks ip’s and expire date, and used the acl order you gave in the regular session helper example. It works! The reason why the default session helper does not work is that not only my browser is sending requests, but also apps like Facebook

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Op 21-feb.-2014, om 14:00 heeft Wim Ramakers wim.ramak...@lucine-os.be het volgende geschreven: There is however still one thing i need to fix, I need to pass the client ip as parameter in the deny_info url. (to update the session db)

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

I now have implemented FredB’s idea into my own basic helper in php, which says ERR when the credential expire date time is in the past. That seems to work also for iPads :) That expire date time can be set (to now + xx min) via a php page and correct credentials. Working fine, except for the

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

On 2014-02-21 03:39, Wim Ramakers wrote: I now have implemented FredB’s idea into my own basic helper in php, which says ERR when the credential expire date time is in the past. That seems to work also for iPads :) That expire date time can be set (to now + xx min) via a php page and correct

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Fred, have you ever tested your solution on a ios7 iPad with safari? I’m seeing different behavior between my android 4.0 (chrome browser) and my iPad. The android in general behaves more as expected than the iPad. Wim

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Fred, have you ever tested your solution on a ios7 iPad with safari? I’m seeing different behavior between my android 4.0 (chrome browser) and my iPad. The android in general behaves more as expected than the iPad. Wim Which differences exactly ? Only tested with Firefox and IE on PC

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Op 19-feb.-2014, om 11:20 heeft FredB fredbm...@free.fr het volgende geschreven: Fred, have you ever tested your solution on a ios7 iPad with safari? I’m seeing different behavior between my android 4.0 (chrome browser) and my iPad. The android in general behaves more as expected than the

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

On Wed, Feb 19, 2014 at 4:29 AM, Wim Ramakers wim.ramak...@lucine-os.be wrote: Op 19-feb.-2014, om 11:20 heeft FredB fredbm...@free.fr het volgende geschreven: Fred, have you ever tested your solution on a ios7 iPad with safari? I’m seeing different behavior between my android 4.0 (chrome

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

When I do a tcpdump and take a look at the raw packets I can see that squid does send a '407 Proxy Authentication Required’ back to the client, but then the magic happens… Next I see a '200 Connection established’ and some scrambled content (the page i request is https) and the page refreshes

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

On 18/02/2014 5:43 a.m., Scott Mayo wrote: On Mon, Feb 17, 2014 at 10:39 AM, Wim Ramakers wim.ramak...@lucine-os.be wrote: I forgot to paste the line in the first post, I’ve set authenticate_cache_garbage_interval 5 minutes. Even after an hour I stayed authenticated, so I’ve changed it

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Op 18-feb.-2014, om 11:53 heeft Amos Jeffries squ...@treenet.co.nz het volgende geschreven: ... The behaviour you are seeing is because the credentials are still valid in the authentication database. NP: browsers do not provide any logout mechanism to users. The above wiki page has an

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Hi, I made a patch for BASIC ident for squid 3.3.11 http://numsys.eu/divers/squid/auth.patch by adding a new state CRED_BANNED = -3 Beyond credentialsTTL value, there is a re-authentication with pop-up Hope this can help Fred

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Op 18-feb.-2014, om 13:45 heeft FredB fredbm...@free.fr het volgende geschreven: Hi, I made a patch for BASIC ident for squid 3.3.11 http://numsys.eu/divers/squid/auth.patch by adding a new state CRED_BANNED = -3 Beyond credentialsTTL value, there is a re-authentication with pop-up

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

Tried to compile it with patch applied but not yet working completely (first time i tried compiling it myself). I guess I’m doing something wrong because I don’t get the helpers anywhere, but it seems to start the the helpers that came with my squid3 debian package as well. (which is squid

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

On Mon, Feb 17, 2014 at 9:45 AM, Wim Ramakers wim.ramak...@lucine-os.be wrote: I’m trying to configure squid3 (on Debian server) to block certain (mostly social media) websites based on the LDAP (age) group the users are in. The devices are apple ipads, safari is used as web browser, and apps

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

I forgot to paste the line in the first post, I’ve set authenticate_cache_garbage_interval 5 minutes. Even after an hour I stayed authenticated, so I’ve changed it also to a lower value. Wim

Re: [squid-users] block domains based on LDAP group and force re-authentication every 30 minutes

On Mon, Feb 17, 2014 at 10:39 AM, Wim Ramakers wim.ramak...@lucine-os.be wrote: I forgot to paste the line in the first post, I’ve set authenticate_cache_garbage_interval 5 minutes. Even after an hour I stayed authenticated, so I’ve changed it also to a lower value. I am curious to this

Re: [squid-users] Block SSL and HTTPS in transparent Squid 3.3.5

How did you setup the trasparent proxy? Do you know you need ssl-bump in order to block https traffice? Also it's limited only to a specified ports.. Eliezer On 06/27/2013 09:29 PM, javed_samtiah wrote: Hi, I have configured transparent proxy with squid 3.3.5 stable edition. I am unable to

Re: [squid-users] Block all known image files with squid?

You could try something like following acl FORBIDDEN_EXT urlpath_regex \.(jpg|png|jpeg|gif|bmp|ico)$ http_access deny FORBIDDEN_EXT also you could try use of req_mime_type acl type On Sun, May 26, 2013 at 12:47 PM, Squidblacklist webmas...@squidblacklist.org wrote: Anyone ever tried to block

Re: [squid-users] block dodgy sites with squidguard

On 11/08/2012 7:46 p.m., J Webster wrote: I would like to allow access to some 18+ sites on the proxy server but prevent anyone looking at dodgy illegal sites. Is there a way to do that with squidguard because the filter dest only seems to be on porn. Would I have to write my own access

Re: [squid-users] block dodgy sites with squidguard

I'm not even sure how I could block this though. Anyone who publishes a website with illegal pictures is probably not going to list keywords that I can search for and prevent. Would those illegal sites show up in the dest porn blocklist? On 12/08/12 08:45, Amos Jeffries wrote: On 11/08/2012

Re: [squid-users] block dodgy sites with squidguard

On 12/08/2012 7:28 p.m., J Webster wrote: I'm not even sure how I could block this though. Anyone who publishes a website with illegal pictures is probably not going to list keywords that I can search for and prevent. Would those illegal sites show up in the dest porn blocklist? Good. You

Re: [squid-users] block all torrents connections through squid

On 14/07/2012 11:54 a.m., Ali Esf wrote: hi list is there any way to block BitTorrent and any other torrent connection throught squid? When a user begins a torrent download they fetch a file with extension type .torrent. Once they have those details the rest of the torrent is not trackable

Re: [squid-users] block all torrents connections through squid

Blocking .torrents doesn't resolve people downloading magnet links. You would need to block all *.torrent .txt (you can download a torrent as a .txt from some sites). It would be easier to filter your users at the gateway... i.e If all you want is users to have Internet access, block all ports

Re: [squid-users] Block IP based lookups

On 23/04/2012 9:26 p.m., Bijoy Lobo wrote: Hello All, Is it possible to block all IP based lookups from the browser with squid acls? What do you call an IP based lookup? The obvious interpretation of a request arriving over IP protocol means *everything* is blocked. Amos

  1   2   3   >