SQUID: Permit access only to gmail (https)
Bruno Galindro da Costa
bruno.galindro at gmail.com
Wed Jan 13 12:12:22 UTC 2010
Hi all,
I need to permit access to gmail (https) only and block all others https
sites. How can i do this in squid.conf? I've tried this, but isn't works (I
think it´s because the "deny CONNECT" line):
# cat /etc/squid3/squid.conf
...
...
...
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl SSL_ports port 443 2096 8080 # https
acl Safe_ports port 2401 # CVS
acl Safe_ports port 554 # rtsp
acl Safe_ports port 80 81 8080 # http
acl Safe_ports port 20 21 # ftp
acl purge method PURGE
acl CONNECT method CONNECT
auth_param basic program /usr/lib/squid3/squid_ldap_auth -R -b
"dc=domain,dc=com" -D cn=proxyqueryuser,cn=users,dc=domain,dc=com -w pass -f
sAMAccountName=%s -h domain.com
auth_param basic realm PROXY AUTH
auth_param basic children 5
auth_param basic credentialsttl 15 minutes
external_acl_type ldap_group %LOGIN /usr/lib/squid3/squid_ldap_group -R -b
"dc=domain,dc=com" -D cn=proxyqueryuser,cn=users,dc=domain,dc=com -w pass -f
"(&(objectclass=person)(sAMAccountName=%v)(memberof=cn=%a,ou=internal,dc=domain,dc=com))"
-h domain.com
acl white_sites url_regex -i "/etc/squid3/rules/white_sites"
acl user_group_1 external ldap_group user_group_1
http_access allow white_sites user_group_1
*http_access deny CONNECT SSL_ports user_group_1*
http_access allow user_group_1
...
...
...
# cat /etc/squid3/rules/white_sites
www.gmail.com
--
Att.
Bruno Galindro da Costa
bruno.galindro at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20100113/0c56986b/attachment.html>
More information about the ubuntu-users
mailing list