Recently, I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denied the access to gamble websites.
My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.
Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).
My squid.conf file:
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
redirect_program /usr/bin/squidGuard
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
My squidGuard.conf file:
dbhome /var/lib/squidguard/db
logdir /var/log/squidguard
time workhours {
weekly mtwhf 08:00 - 16:30
date *-*-01 08:00 - 16:30
}
src admin {
ip 1.2.3.4 1.2.3.5
user root foo bar
within workhours
}
src foo-clients {
ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200
}
src bar-clients {
ip 172.16.4.0/26
}
dest good { }
dest local { }
dest porn { }
dest gamble{
domainlist gamble/domains
urllist gamble/urls
}
acl {
admin {
pass any
}
foo-clients within workhours {
pass good !in-addr !porn any
} else {
pass any
}
bar-clients {
pass local none
}
default {
pass !gamble any
redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi?
clientaddr=%a&clientname=%n
&clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u
}
}
After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.
Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.
Best Answer
Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites? yes it is possible
here is the sample code if the A user using IP in the range foo-clients