On 20.05.20 07:13, Leonardo Bacha Abrantes wrote:
Please does anyone has a effective way how to block file download over
https connection?
I tried many things but didn't work. Only worked over http.
this requires SSL bumping. in https, you don't see the content unless you
bump, and
On 12/19/19 5:56 AM, Patrícia Sousa wrote:
> I would like to have an IoT device that only receives and sends requests
> to and from certain devices that belong and are authenticated by a
> specific certificate authority. Is it possible to block all other
> connections or only allow connections
On 30/07/18 04:59, Walter H. wrote:
> skype was blocking every raw-ip:443 instead of just its own IPs, a bit
> too restricted, though it can have a list of its own IPs and dst might
> just work.
That was the point. Skype is P2P software. Certain versions use raw-IP
to connect to arbitrary IPs.
On 30/07/18 04:59, Walter H. wrote:
> On 29.07.2018 06:11, Gordon Hsiao wrote:
>> is there a way to block any attempt to visit http/https by _any_ IP
>> directly, i.e.
>>
>> http://my-IP or https://my-IP (yes this will give a warning for SSL
>> most likely). here my-IP could be any IPv4 address,
On 29.07.2018 06:11, Gordon Hsiao wrote:
is there a way to block any attempt to visit http/https by _any_ IP
directly, i.e.
http://my-IP or https://my-IP (yes this will give a warning for SSL
most likely). here my-IP could be any IPv4 address, for example.
Basically I want to have Squid to
part --
> An HTML attachment was scrubbed...
> URL: <
> http://lists.squid-cache.org/pipermail/squid-users/attachments/20180728/a65bf67a/attachment-0001.html
> >
>
> --
>
> Message: 2
> Date: Sun, 29 Jul 2018 18:32:45 +120
On 29/07/18 16:11, Gordon Hsiao wrote:
> is there a way to block any attempt to visit http/https by _any_ IP
> directly, i.e.
>
> http://my-IP or https://my-IP (yes this will give a warning for SSL most
> likely
Er, what makes you think that? Squid intercepting HTTPS has to already
be
On 24/02/18 04:45, erdosain9 wrote:
> Hi to all.
> Im trying to block some web to a ip group.
>
> [root@squid ips]# cat i-restringidos.lst
> 192.168.1.42
> 192.168.1.43
> 192.168.1.44
> 192.168.1.45
> 192.168.1.99
> 192.168.1.50
> 192.168.1.128
>
> This same ip group has access to all
On 05/12/17 13:07, erdosain9 wrote:
Thanks Amos.
Let's be clear ... this configuration was working exactly as I wanted it to.
The users in each of those groups (i-full, sin_autenticacion, i-limitados)
navigated without problems. So that they did not navigate, I simply took
them out of one of
Hi,
In general, the basic idea is this:
ACLs:
LARGEGROUP (eg. all users)
SMALLGROUP (subset of LARGEGROUP you want to further filter)
SMALLBLACKLIST (site list for SMALLGROUP)
http_access deny SMALLGROUP SMALLBLACKLIST
http_access allow LARGEGROUP [whatever]
http_access deny all
You could
Thanks Amos.
Let's be clear ... this configuration was working exactly as I wanted it to.
The users in each of those groups (i-full, sin_autenticacion, i-limitados)
navigated without problems. So that they did not navigate, I simply took
them out of one of those groups, period. Everything works
05.12.2017 5:06, erdosain9 пишет:
> mmm
>
> Ok, thanks
> i do that but, with users (calling a new group in the domain). Instead of
> this i can do a list of users in a file??
> Anyway, i do that, but instead of
> http access deny acl acl
>
> i do
>
> http access allow acl !acl
>
> This will be
But, that's exactly the problem.
Thats what i do.
I do a have this large group
i-full
and a small group with a few users from i-full, the small group is called
i-restringidos.
And put i-restringidos in the top... (as you can see in my config file)
But, is not working. They can go trough the web
Well, something like this (just to illustrate principe, dont copy and
paste ;)):
# Subset who don't have access to web whatsapp
acl no_web_whatsapp src IP1 IP2 IP3 IP4
acl web_whatsapp dstdomain web.whatsapp.com
# Group incouding IP1-IP4; the rest of group has access to web whatsapp
acl
Sorry, i dont understand.
Just enumerate the user in a acl?
a common acl or a kerberos acl??
can you put me a example please?
Thanks
--
Sent from:
http://squid-web-proxy-cache.1019090.n4.nabble.com/Squid-Users-f1019091.html
___
squid-users mailing
Indeed.
Just enumerate this users in acl and put this acl above group acl.
05.12.2017 4:17, erdosain9 пишет:
> I dont know if i explain well myself...
> i just want block some web access (facebook, web.whatsapp, etc.) to just a
> few users from a large group.
> Thanks
>
>
>
> --
> Sent from:
>
On 22/11/17 23:48, Vieri wrote:
From: Amos Jeffries
If you place that after the default "deny CONNECT !SSL_ports", and
before your UA checks, AND if you are using ssl_bump on the allowed
tunnels then you can relatively safely use "allow
From: Amos Jeffries
>
> If you place that after the default "deny CONNECT !SSL_ports", and
> before your UA checks, AND if you are using ssl_bump on the allowed
> tunnels then you can relatively safely use "allow CONNECT".
>
> Just be
From: Amos Jeffries
>
> http_access allow goodAgents !baddomains (AND)
>
> If the first line matches the allow happens.
> otherwise deny happens
>
> ie. goodAgents are only allowed to non-baddomains. All non-goodAgents
> are denied to
On 20/11/17 21:45, Vieri wrote:
From: Alex Rousskov
You may be conflating two very different goals:
A) Understanding why Squid does X.
B) Configuring Squid to do what you want.
My response was focused on the former. Once you understand, you can
probably
From: Alex Rousskov
>
> You may be conflating two very different goals:
>
> A) Understanding why Squid does X.
> B) Configuring Squid to do what you want.
>
> My response was focused on the former. Once you understand, you can
On 18/11/17 04:27, Vieri wrote:
From: Alex Rousskov
1. Your "works" and "does not work" setups currently differ in at least
three variables: user agent name, slash after the user agent name, and
acl negation in http_access.
On 11/17/2017 08:27 AM, Vieri wrote:
> From: Alex Rousskov
>> 1. Your "works" and "does not work" setups currently differ in at least
>> three variables: user agent name, slash after the user agent name, and
>> acl negation in http_access. Find out which single
17.11.2017 21:27, Vieri пишет:
>
> From: Alex Rousskov
>> 1. Your "works" and "does not work" setups currently differ in at least
>> three variables: user agent name, slash after the user agent name, and
>> acl negation in
On 11/16/2017 01:44 AM, Vieri wrote:
> Let me rephrase my previous question "So why does my first example
> actually work even for https sites?" to "So why does my first example
> actually work even for https sites in an ssl-bumped setup (the same
> as in example 2)?"
AFAICT, there is not enough
From: Amos Jeffries
>
> If you are decrypting the traffic, then it works as I said exactly the
> same as for HTTP messages.
>
> If you are not decrypting the traffic, but receiving forward-proxy
> traffic then you are probably blocking the
On 16/11/17 21:29, Vieri wrote:
From: Amos Jeffries
The following works:
acl denied_useragent browser Chrome
acl denied_useragent browser MSIE
acl denied_useragent browser Opera
acl denied_useragent browser Trident
[...]
http_access
Let me rephrase my previous question "So why does my first example actually
work even for https sites?" to "So why does my first example actually work even
for https sites in an ssl-bumped setup (the same as in example 2)?"
___
squid-users mailing list
From: Amos Jeffries
>
>> The following works:
>>
>> acl denied_useragent browser Chrome
>> acl denied_useragent browser MSIE
>> acl denied_useragent browser Opera
>> acl denied_useragent browser Trident
>> [...]
>> http_access deny
On 16/11/17 00:18, Vieri wrote:
Hi,
I'm trying to block some user agents (I know it's easy to fake, but most users
won't try to fake that header value).
The following works:
acl denied_useragent browser Chrome
acl denied_useragent browser MSIE
acl denied_useragent browser Opera
acl
o:squid-users-boun...@lists.squid-cache.org] On
> Behalf Of Sekar Duraisamy
> Sent: Monday, August 28, 2017 09:26
> To: Amos Jeffries <squ...@treenet.co.nz>
> Cc: squid-users@lists.squid-cache.org
> Subject: Re: [squid-users] Block WebRTC Leak using Squid
>
> H
...@ngtech.co.il
-Original Message-
From: squid-users [mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Sekar Duraisamy
Sent: Monday, August 28, 2017 09:26
To: Amos Jeffries <squ...@treenet.co.nz>
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Block WebRTC Leak
[mailto:squid-users-boun...@lists.squid-cache.org] On Behalf
Of Sekar Duraisamy
Sent: Monday, August 28, 2017 09:26
To: Amos Jeffries <squ...@treenet.co.nz>
Cc: squid-users@lists.squid-cache.org
Subject: Re: [squid-users] Block WebRTC Leak using Squid
Hi,
I have tried the below.
via on
forward
On 28/08/17 21:19, Sekar Duraisamy wrote:
browserleaks.com/ip . I am testing through Mozilla Browser
One of the sites that use non-HTTP mechanisms to figure out their results.
Squid has nothing to do with the data sources they are actually using.
To see what details are being emitted
quid-cache.org
Subject: Re: [squid-users] Block WebRTC Leak using Squid
browserleaks.com/ip . I am testing through Mozilla Browser
On Mon, Aug 28, 2017 at 12:47 PM, Eliezer Croitoru <elie...@ngtech.co.il> wrote:
> I remembered something so please also try:
> http://ngtech.co.il/ip.ph
Hi,
I have tried the below.
via on
forwarded_for delete
visible_hostname localhost
request_header_access User-Agent deny all
But still I am able to see original client local IP address and Client
Public IP address instead of tcp_outgoing_address as original client
IP.
Am i missed anything
On 25/08/17 14:00, Sekar Duraisamy wrote:
Thanks Amos, Can i use the above configuration even though I am using
tcp_outgoing_address in the squid conf?
I want to make visible only tcp_outgoing_address only visible to
outside and not real client IP.
The second set of directives to hide the
Thanks Amos, Can i use the above configuration even though I am using
tcp_outgoing_address in the squid conf?
I want to make visible only tcp_outgoing_address only visible to
outside and not real client IP.
On Fri, Aug 25, 2017 at 4:11 AM, Amos Jeffries wrote:
> On
On 25/08/17 03:21, Sekar Duraisamy wrote:
I am using http_port 3128 ( direct proxy )
Then:
# to hide the proxy
via off
forwarded_for transparent
# to hide the client
via on
forwarded_for delete
request_header_access User-Agent deny all
As you may be able to tell from those you
I am using http_port 3128 ( direct proxy )
On Thu, Aug 24, 2017 at 5:33 PM, Eliezer Croitoru wrote:
> Hey,
>
> Is the proxy a simple forward proxy or a transparent?
> Ie what "http_port" line looks like?
>
> Also, you should never use this:
> request_header_access Host deny
Hey,
Is the proxy a simple forward proxy or a transparent?
Ie what "http_port" line looks like?
Also, you should never use this:
request_header_access Host deny all
if you want http to work properly. I am not sure if it's possible to apply this
rule.
Try to use:
forwarded_for delete
All The
On 27/06/17 23:53, Daniel Rieken wrote:
Hello,
I would like to block my users from downloading doc- and docm-files,
but not docx.
So this works fine for me:
/etc/squid3/blockExtensions.acl:
\.doc(\?.*)?$
\.docm(\?.*)?$
acl blockExtensions urlpath_regex -i "/etc/squid3/blockExtensions.acl"
You need an ICAP server intelligent enough to differentiate between the
file types. Squid is a proxy and can only deal with the protocol. An ICAP
server can deal with the content. C-icap and ecap are a couple options
that seem to be available. I havr no experience with either.
On Jun 27, 2017
On 26/08/2016 8:40 a.m., erdosain9 wrote:
> Is there any way to know which service (web, or whatever) provides this ip ??
> Because it consumes a lot of bandwidth.
> How do I know which machine asks for it ?? From the proxy.
>
> It also appears the ip 190.61.17.10
>
> Greetings and thanks.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Akamai works with many companies. Antivirus providers, MS updates,
Social networks (FB, Instagram, etc.etc.etc.).
26.08.2016 2:40, erdosain9 пишет:
> Is there any way to know which service (web, or whatever) provides this ip ??
Only squid's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Traceroute confirm this:
root @ khorne / # traceroute 190.61.17.9
traceroute to 190.61.17.9 (190.61.17.9), 30 hops max, 40 byte packets
1 192.168.201.1 (192.168.201.1) 0.978 ms 0.798 ms 0.755 ms
2 178.88.163.97 (178.88.163.97) 24.230 ms
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Feel free to check yoursuspicious IP:
http://www.tcpiputils.com/browse/ip-address/190.61.17.9
As you can see, this is Akamai. So, this can be (most probably)
perfectly legitimate traffic.
So, don't panic.
26.08.2016 0:58, erdosain9 пишет:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Feel free to check yoursuspicious IP:
http://www.tcpiputils.com/browse/ip-address/190.61.17.9
As you can see, this is Akamai. So, this can be (most probably)
perfectly legitimate traffic.
So, don't panic.
26.08.2016 0:58, erdosain9 пишет:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Feel free to check yoursuspicious IP:
http://www.tcpiputils.com/browse/ip-address/190.61.17.9
As you can see, this is Akamai. So, this can be (most probably)
perfectly legitimate traffic.
So, don't panic.
26.08.2016 0:58, erdosain9 пишет:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
With router or L3 switch.
26.08.2016 0:58, erdosain9 пишет:
> Hi.
> I have too much traffic to this ip 190.61.17.9 i really dont know what
> it is... so i want to block that ip.
> How i can do this?
> Thanks!
>
>
>
> --
> View this message
Thanks so much for detailed explanation, will try cisco thing and will
check if it gets working
On Sat, Apr 30, 2016 at 3:34 AM, Yuri Voinov wrote:
>
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> AFAIK,
>
> every proxy admin faced with excessively smart users who
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
AFAIK,
every proxy admin faced with excessively smart users who want to bypass
a proxy. If you think that this is not true in your case - it means you
not know yet. While you suffer prince Hamlet's ethical dilemma - "To
bump or not to bump - that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The another option is using advanced DPI with database. Like China
government uses.
Squid itself can't.
29.04.16 16:33, Reet Vyas пишет:
> Hi,
>
> I have working trasparent squid , Some users are using proxy vpn in
moziilla as addon and
Not with squid, man.
Only on Cisco/another router by IP.
ip access-list extended TO_INET
remark Hamachi
deny ip 25.0.0.0 0.255.255.255 any
deny ip 64.34.106.0 0.0.0.255 any
deny ip any host 69.25.21.195
deny ip any host 74.201.75.195
deny ip any host 146.255.195.92
remark
Not with squid, man.
Only on Cisco/another router by IP.
ip access-list extended TO_INET
remark Hamachi
deny ip 25.0.0.0 0.255.255.255 any
deny ip 64.34.106.0 0.0.0.255 any
deny ip any host 69.25.21.195
deny ip any host 74.201.75.195
deny ip any host 146.255.195.92
remark
Antony Stone
Gesendet: Donnerstag, 26. November 2015 13:36
An: squid-users@lists.squid-cache.org
Betreff: Re: [squid-users] Block google pictures
On Thursday 26 November 2015 at 13:18:46, Funke, Martin wrote:
Hello list,
is there a way to block the access to the google picture search?
https
On Thursday 26 November 2015 at 13:18:46, Funke, Martin wrote:
> Hello list,
>
> is there a way to block the access to the google picture search?
> https://www.google.de/imghp?hl=de
I'm going to stick my neck out and say "no", because there are just too many
ways of achieving the same result
Auftrag
von Antony Stone
Gesendet: Donnerstag, 26. November 2015 13:36
An: squid-users@lists.squid-cache.org
Betreff: Re: [squid-users] Block google pictures
On Thursday 26 November 2015 at 13:18:46, Funke, Martin wrote:
> Hello list,
>
> is there a way to block the access to the googl
use SSL bump and block URLs and/or URL-paths
On 26.11.2015 15:27, Funke, Martin wrote:
Im using squid + squid guard in a primary school and sometimes the
primary-school pupil search for penis and things like that :).
That’s why I need a way to stop them doing these things.
smime.p7s
Hi Amos. I wanted to try out the ssl-bump splice to send traffic to a
peer found in the recent snapshots for 3.5.6/7 to block Google images. I
compiled configured and installed the latest 3.5 snapshot and added the
directives you listed above to squid.conf but I am not sure I got them
right.
On 1/08/2015 8:49 a.m., Stanford Prescott wrote:
Hi Amos. I wanted to try out the ssl-bump splice to send traffic to a
peer found in the recent snapshots for 3.5.6/7 to block Google images. I
compiled configured and installed the latest 3.5 snapshot and added the
directives you listed above to
There is a project for icap that does exactly what you want. This is like a
L8 filter, meanwhile dns is L5.
The higher, the better
On Jul 31, 2015 5:20 PM, Amos Jeffries squ...@treenet.co.nz wrote:
On 1/08/2015 8:49 a.m., Stanford Prescott wrote:
Hi Amos. I wanted to try out the ssl-bump
On 21/07/2015 5:24 a.m., Felipe Almeida wrote:
Hi all,
I have a problem here where I need to block some words within a search result
in a URL.
For example, a I have those two URLs below:
https://www.youtube.com/results?search_query=porn
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
This is the best solution in many cases. ;)
09.06.15 0:11, Jonathan Filogna пишет:
ty yuki, but i finally decided to block whatsapp with pfSense via firewall
rules and aliases
El 08/06/15 a las 12:32, Yuri Voinov escibió:
Feel free to
ty yuki, but i finally decided to block whatsapp with pfSense via
firewall rules and aliases
El 08/06/15 a las 12:32, Yuri Voinov escibió:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://www.google.com/search?q=squid+watsup+blocking
Feel free to Google your question first.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
https://www.google.com/search?q=squid+watsup+blocking
Feel free to Google your question first.
08.06.15 20:37, Jonathan Filogna пишет:
Hi all, greetings from Argentina
I want to know if can be possible block whatsapp for mobiles with a
Hello Andres,
N.B. Please take my answer with a huge grain of salt.
The google images search returns image results (thumbnails) as inline base 64
encoded images in the CSS. Selectively blocking them with any URL redirector
will not work. It is possible to completely block google images but I
There is a way to use an internal dns server to redirect all google
searches to their safe search google. This does help with inappropriate
images and searches that maybe quesionable. Just 'google' dns safesearch.
You should get a few hits. Im currently doing this and it works very well.
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Transparent DNS interception is more reliable technics, but requires
some advanced things. Including continious support.
And also this will not proof against browser anti-proxy plugins.
BTW, gents, we are talking about advanced internet users -
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Also note:
Most browser's anti-proxy plugins exists for Android/Apple.
19.05.15 0:25, Dwayne Hottinger пишет:
There is a way to use an internal dns server to redirect all google
searches to their safe search google. This does help with
For youtube you can block couple domains and url patterns in order to
achive the same result.
Eliezer
On 06/03/2014 08:25, Caracol Bartolito wrote:
Hi Eliezer Thanks for your answer.
I use squid like web caching, I already block video streaming, it
works but in sometimes in a particular
Hi Eliezer Thanks for your answer.
I use squid like web caching, I already block video streaming, it
works but in sometimes in a particular time of the day.
On Wed, Feb 26, 2014 at 12:20 PM, Eliezer Croitoru elie...@ngtech.co.il wrote:
The issue can be seen in the logs.
It depense on how
The issue can be seen in the logs.
It depense on how you use the proxy.
in the case you do use the proxy as a forward proxy that is setup in the
browser settings it is pretty simple to block.(not that but still).
To block youtube and other videos the basic restrictions wont help.
What do you
I now have implemented FredB’s idea into my own basic helper in php,
which says ERR when the credential expire date time is in the past.
That seems to work also for iPads :)
That expire date time can be set (to now + xx min) via a php page and
correct credentials.
Can you post your helper
Op 21-feb.-2014, om 10:39 heeft FredB fredbm...@free.fr het volgende
geschreven:
I now have implemented FredB’s idea into my own basic helper in php,
which says ERR when the credential expire date time is in the past.
That seems to work also for iPads :)
That expire date time can be set
Amos, I implemented a custom ‚session’ helper that checks ip’s and expire date,
and used the acl order you gave in the regular session helper example. It
works! The reason why the default session helper does not work is that not only
my browser is sending requests, but also apps like Facebook
Op 21-feb.-2014, om 14:00 heeft Wim Ramakers wim.ramak...@lucine-os.be het
volgende geschreven:
There is however still one thing i need to fix, I need to pass the client ip
as parameter in the deny_info url. (to update the session db)
I now have implemented FredB’s idea into my own basic helper in php, which says
ERR when the credential expire date time is in the past. That seems to work
also for iPads :)
That expire date time can be set (to now + xx min) via a php page and correct
credentials.
Working fine, except for the
On 2014-02-21 03:39, Wim Ramakers wrote:
I now have implemented FredB’s idea into my own basic helper in php,
which says ERR when the credential expire date time is in the past.
That seems to work also for iPads :)
That expire date time can be set (to now + xx min) via a php page and
correct
Fred, have you ever tested your solution on a ios7 iPad with safari? I’m seeing
different behavior between my android 4.0 (chrome browser) and my iPad. The
android in general behaves more as expected than the iPad.
Wim
Fred, have you ever tested your solution on a ios7 iPad with safari?
I’m seeing different behavior between my android 4.0 (chrome
browser) and my iPad. The android in general behaves more as
expected than the iPad.
Wim
Which differences exactly ?
Only tested with Firefox and IE on PC
Op 19-feb.-2014, om 11:20 heeft FredB fredbm...@free.fr het volgende
geschreven:
Fred, have you ever tested your solution on a ios7 iPad with safari?
I’m seeing different behavior between my android 4.0 (chrome
browser) and my iPad. The android in general behaves more as
expected than the
On Wed, Feb 19, 2014 at 4:29 AM, Wim Ramakers wim.ramak...@lucine-os.be wrote:
Op 19-feb.-2014, om 11:20 heeft FredB fredbm...@free.fr het volgende
geschreven:
Fred, have you ever tested your solution on a ios7 iPad with safari?
I’m seeing different behavior between my android 4.0 (chrome
When I do a tcpdump and take a look at the raw packets I can see that squid
does send a '407 Proxy Authentication Required’ back to the client, but then
the magic happens…
Next I see a '200 Connection established’ and some scrambled content (the page
i request is https) and the page refreshes
On 18/02/2014 5:43 a.m., Scott Mayo wrote:
On Mon, Feb 17, 2014 at 10:39 AM, Wim Ramakers
wim.ramak...@lucine-os.be wrote:
I forgot to paste the line in the first post, I’ve set
authenticate_cache_garbage_interval 5 minutes.
Even after an hour I stayed authenticated, so I’ve changed it
Op 18-feb.-2014, om 11:53 heeft Amos Jeffries squ...@treenet.co.nz het
volgende geschreven:
...
The behaviour you are seeing is because the credentials are still valid
in the authentication database.
NP: browsers do not provide any logout mechanism to users. The above
wiki page has an
Hi,
I made a patch for BASIC ident for squid 3.3.11
http://numsys.eu/divers/squid/auth.patch by adding a new state CRED_BANNED = -3
Beyond credentialsTTL value, there is a re-authentication with pop-up
Hope this can help
Fred
Op 18-feb.-2014, om 13:45 heeft FredB fredbm...@free.fr het volgende
geschreven:
Hi,
I made a patch for BASIC ident for squid 3.3.11
http://numsys.eu/divers/squid/auth.patch by adding a new state CRED_BANNED =
-3
Beyond credentialsTTL value, there is a re-authentication with pop-up
Tried to compile it with patch applied but not yet working completely
(first time i tried compiling it myself).
I guess I’m doing something wrong because I don’t get the helpers
anywhere, but it seems to start the the helpers that came with my
squid3 debian package as well. (which is squid
On Mon, Feb 17, 2014 at 9:45 AM, Wim Ramakers wim.ramak...@lucine-os.be wrote:
I’m trying to configure squid3 (on Debian server) to block certain (mostly
social media) websites based on the LDAP (age) group the users are in.
The devices are apple ipads, safari is used as web browser, and apps
I forgot to paste the line in the first post, I’ve set
authenticate_cache_garbage_interval 5 minutes.
Even after an hour I stayed authenticated, so I’ve changed it also to a lower
value.
Wim
On Mon, Feb 17, 2014 at 10:39 AM, Wim Ramakers
wim.ramak...@lucine-os.be wrote:
I forgot to paste the line in the first post, I’ve set
authenticate_cache_garbage_interval 5 minutes.
Even after an hour I stayed authenticated, so I’ve changed it also to a lower
value.
I am curious to this
How did you setup the trasparent proxy?
Do you know you need ssl-bump in order to block https traffice?
Also it's limited only to a specified ports..
Eliezer
On 06/27/2013 09:29 PM, javed_samtiah wrote:
Hi, I have configured transparent proxy with squid 3.3.5 stable edition. I am
unable to
You could try something like following
acl FORBIDDEN_EXT urlpath_regex \.(jpg|png|jpeg|gif|bmp|ico)$
http_access deny FORBIDDEN_EXT
also you could try use of req_mime_type acl type
On Sun, May 26, 2013 at 12:47 PM, Squidblacklist
webmas...@squidblacklist.org wrote:
Anyone ever tried to block
On 11/08/2012 7:46 p.m., J Webster wrote:
I would like to allow access to some 18+ sites on the proxy server but
prevent anyone looking at dodgy illegal sites.
Is there a way to do that with squidguard because the filter dest only
seems to be on porn.
Would I have to write my own access
I'm not even sure how I could block this though. Anyone who publishes a
website with illegal pictures is probably not going to list keywords
that I can search for and prevent.
Would those illegal sites show up in the dest porn blocklist?
On 12/08/12 08:45, Amos Jeffries wrote:
On 11/08/2012
On 12/08/2012 7:28 p.m., J Webster wrote:
I'm not even sure how I could block this though. Anyone who publishes
a website with illegal pictures is probably not going to list keywords
that I can search for and prevent.
Would those illegal sites show up in the dest porn blocklist?
Good. You
On 14/07/2012 11:54 a.m., Ali Esf wrote:
hi list
is there any way to block BitTorrent and any other torrent connection throught
squid?
When a user begins a torrent download they fetch a file with extension
type .torrent. Once they have those details the rest of the torrent is
not trackable
Blocking .torrents doesn't resolve people downloading magnet links.
You would need to block all *.torrent .txt (you can download a
torrent as a .txt from some sites). It would be easier to filter your
users at the gateway... i.e If all you want is users to have Internet
access, block all ports
On 23/04/2012 9:26 p.m., Bijoy Lobo wrote:
Hello All,
Is it possible to block all IP based lookups from the browser with squid acls?
What do you call an IP based lookup? The obvious interpretation of a
request arriving over IP protocol means *everything* is blocked.
Amos
1 - 100 of 286 matches
Mail list logo