Linux – Squid: how to block websites for a particular IP address blockingiplinuxPROXYsquid How to block websites for particular IPs by squid? Please give solution with example or configuration file. Best Answer Example : I blocked Facebook & orkut to all user but now i want to open only facebook to particular user or IP Option 1 : Specify site with in configuration file, acl special_clients src "/etc/squid/special_client_ips.txt" acl facebook dstdomain .facebook.com acl orkut dstdomain .orkut.com Under http access http_access allow facebook special_clients http_access deny facebook http_access deny orkut http_access allow all Option 2 : Stick both client IP s and destination domains into lists, acl special_clients src "/etc/squid/special_client_ips.txt" acl bad_domains dstdomain "/etc/squid/bad_domains.txt" Under http access http_access allow bad_domains special_clients http_access deny bad_domains http_access allow all I get it from net, It work very well Thanks cstamas Related SolutionsHow to block utorrent by using Squid proxy (fedora 10 or RHEL5) Configure your firewall to default deny for all office traffic unless specifically allowed. Require all Web traffic to route through your proxy. If your users are unable to access the Internet directly, it will be substantially more difficult for them to use advanced protocols like BitTorrent. While using SQUID acls will be substantially more limited in scope and be easily circumvented, you could use something like: acl extensiondeny url_regex -i "/etc/squid/extensiondeny" acl download method GET http_access deny extensiondeny download http_access deny extensiondeny Within "/etc/squid/extensiondeny": \.torrent$ For more information see: http://www.squid-cache.org/Doc/config/acl/ Best way to bypass Squid for certain sites If you want to AVOID completely squid, adding exceptions to the transparent proxy iptables redirect rule is way. You can, however, create an acl in squid for the always_direct directive. From the squid docs: acl local-servers dstdomain my.domain.net always_direct allow local-servers It doesn't work in all cases, sometimes just avoiding the proxy completely will do. EDIT: If you use something like shorewall you can create lists that make the exception for the redirect rule easier to manage, but it may be too overkill. Related TopicLinux – how to block a ssh connection for particular IP addressUbuntu – How to tell squid use Source IP address for sending requestsSquid block domain transparentSquid 4.2 – Different Outbound IP for Each Client/User
Best Answer
Example :
I blocked Facebook & orkut to all user but now i want to open only facebook to particular user or IP
Option 1 : Specify site with in configuration file,
Under http access
Option 2 : Stick both client IP s and destination domains into lists,
Under http access
I get it from net, It work very well
Thanks cstamas