Squid can natively via built in ACL. acl mydstdomain dstdomain .abc123.net acl mydstdomain dstdomain .def456.com http_access deny mydstdomain
you can also add regex # acl aclname url_regex [-i] ^http:// ... # regex matching on whole URL # acl aclname urlpath_regex [-i] \.gif$ ... # regex matching on URL path Again though this wont help you with SSL ________________________________________ From: Eric Teeter [teet...@charter.net] Sent: Friday, July 11, 2014 2:58 PM To: Shorewall Users Subject: Re: [Shorewall-users] Can shorewall block specific url Squid by it self won't but if you add something like SquidGuard to Squid, which is desinged to block spcific sites was as down to pages. They have thosands of prebuilt urls to block (i.e. porn, shopping, hacking all in groups to add). There are several packages to Squid which uses helper apps to do the work. Reguards Eric ----- Original Message ----- From: "Roberto C. Sánchez" <robe...@connexer.com> To: shorewall-users@lists.sourceforge.net Sent: Friday, July 11, 2014 2:38:33 PM Subject: Re: [Shorewall-users] Can shorewall block specific url On Fri, Jul 11, 2014 at 12:19:11PM -0700, ARUN CHAKRAPANI RAO wrote: > Hi, > Please do forgive me if this is the wrong place to as this Q? > We are an isp looking for a tool which can block specific url instead of > the domain itself. > for example > > [1]https://urldefense.proofpoint.com/v1/url?u=http://www.facebook.com/seekinghelp&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=HPUxQbufZnCuDwgRWQG%2BIhr9Sf2ayuw1c7jyyvlI3wQ%3D%0A&m=ALzJ5%2FZv5PkU%2B85zOgsMhA%2Bdpx6fSEp%2BFlbRxoHXhEU%3D%0A&s=41b8cf4c5a0c588aab9d48351a43b566bf4e07160ca2ee2652f7041c53481481 > > https://urldefense.proofpoint.com/v1/url?u=https://twitter.com/canweblockurl&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=HPUxQbufZnCuDwgRWQG%2BIhr9Sf2ayuw1c7jyyvlI3wQ%3D%0A&m=ALzJ5%2FZv5PkU%2B85zOgsMhA%2Bdpx6fSEp%2BFlbRxoHXhEU%3D%0A&s=80665445a5a8ff52599e681da08d9b8ee366d51883cac02e791950c2d048b69c > The reason being, we get mails from the Government ordering us to block > specific url's. > We are about to evaluate Shorewall, wanted to know from any one of you as > to whether this is possible. > If this is not the tool, anybody can guide as to which open source is > stable enought to do this job along with the firewall ? The short answer: No. The longer answer: Shorewall is only a front-end for iptables. The only thing that iptables cares about is packets. To block a specific URL, you will need something that works at the application layer. I would look at Squid and see if that does what you need. Regards, -Roberto -- Roberto C. Sánchez https://urldefense.proofpoint.com/v1/url?u=http://people.connexer.com/~roberto&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=HPUxQbufZnCuDwgRWQG%2BIhr9Sf2ayuw1c7jyyvlI3wQ%3D%0A&m=ALzJ5%2FZv5PkU%2B85zOgsMhA%2Bdpx6fSEp%2BFlbRxoHXhEU%3D%0A&s=43ad62623fb63a58734ea00cf4462eac6061e9d27c5e661d65c674929ac59207 https://urldefense.proofpoint.com/v1/url?u=http://www.connexer.com/&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=HPUxQbufZnCuDwgRWQG%2BIhr9Sf2ayuw1c7jyyvlI3wQ%3D%0A&m=ALzJ5%2FZv5PkU%2B85zOgsMhA%2Bdpx6fSEp%2BFlbRxoHXhEU%3D%0A&s=fdcdc60a81961d926bc6acdaa17937cd2b37791d5e7f6019e211883fc9fc09b6 ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://urldefense.proofpoint.com/v1/url?u=https://lists.sourceforge.net/lists/listinfo/shorewall-users&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=HPUxQbufZnCuDwgRWQG%2BIhr9Sf2ayuw1c7jyyvlI3wQ%3D%0A&m=ALzJ5%2FZv5PkU%2B85zOgsMhA%2Bdpx6fSEp%2BFlbRxoHXhEU%3D%0A&s=78a153add0f20ce06d0fc1b914decad279c3e52b07b3608caa77d6e042e3e10b ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4716 / Virus Database: 3986/7834 - Release Date: 07/11/14 ----- No virus found in this message. Checked by AVG - www.avg.com Version: 2014.0.4716 / Virus Database: 3986/7834 - Release Date: 07/11/14 ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://urldefense.proofpoint.com/v1/url?u=https://lists.sourceforge.net/lists/listinfo/shorewall-users&k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0A&r=HPUxQbufZnCuDwgRWQG%2BIhr9Sf2ayuw1c7jyyvlI3wQ%3D%0A&m=ALzJ5%2FZv5PkU%2B85zOgsMhA%2Bdpx6fSEp%2BFlbRxoHXhEU%3D%0A&s=78a153add0f20ce06d0fc1b914decad279c3e52b07b3608caa77d6e042e3e10b _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users