Configure Squid to block HTTP request to specific web sites

This article show step to configure Squid proxy server to block client from accessing specific web address (to block URL address).  Open and edit the configuration file of Squid proxy server that usually located under /etc/squid/squid.conf..

1.  Find and edit ACCESS CONTROL part and put in the ( acl bad_url dstdomain "/etc/squid/bad-sites.squid" ) as shown in example below.

# ACCESS CONTROLS-------------------------------------- **** +++++

#Examples

#acl macaddress arp 09:00:2b:23:45:67

#acl myexample dst_as 1241

#acl password proxy_auth REQUIRED

#acl fileupload req_mime_type -i ^multipart/form-data$

#acl javascript rep_mime_type -i ^application/x-javascript$

#

#Recommended minimum configuration:

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 2083 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 2083 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

acl FTP proto FTP

acl bad_url dstdomain "/etc/squid/bad-sites.squid"

2.  Then put the (http_access deny bad_url) on http_access part.

# TAG: http_access

# Allowing or Denying access based on defined access lists

#

# Access to the HTTP port:

# http_access allow|deny [!]aclname ...

#

# NOTE on default values:

#

# If there are no "access" lines present, the default is to deny

# the request.

#

# If none of the "access" lines cause a match, the default is the

# opposite of the last line in the list. If the last line was

# deny, the default is allow. Conversely, if the last line

# is allow, the default will be deny. For these reasons, it is a

# good idea to have an "deny all" or "allow all" entry at the end

# of your access lists to avoid potential confusion.

#

#Default:

# http_access deny all

#

#Recommended minimum configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

http_access deny bad_url

3.  Then save and exit the Squid configuration file.

4.  Create file new file called bad-sites.squid and then enter sites URI that clients not suppose to access, save and exit the file:.

[root@cempakasari ~]# cat /etc/squid/bad-sites.squid

...

.fanfiction.net

.meebo.com

.playboy.com

.myspace.com

[root@cempakasari ~]#

5.  Restart or reload the Squid proxy server to make sure the new configuration apply.

RESTART:

[root@linux fedora]# /sbin/service squid stop

[root@linux fedora]# /sbin/service squid start

RELOAD:

[root@linux fedora]# /sbin/service squid reload

6.  Then point the browser URL adrress to the site that you put in the bad site list to verify the changes that you made, if nothing goes wrong you should see the ERROR page that say "The requested URL could not be retrieved".

Source : http://www.labtestproject.com/linnet/squid_block_address.html

My Experience with Lifebushido

Lifebushido is a company that offers Virtual Assistance jobs to those who looks for genuine work from home assignments. I first heard about this company from a classified website. Using the information provided with website, I applied for a job and they mail be details for further recruitment process. It was about one month and one week ago I have applied for a job. My first communication with Lifebushido started from 12/12/12. They have got a unique way of application process. I uploaded my application and resume in the given portal site, Quickbase.com. Llifebushido tied up with Quickbase.com for managing prospective applicant's application data and other relevant information online.

After few weeks, I received a mail from Lifebushido, explaining about the application process and tasks that I need to complete to take my application process to the next level. These tasks are assigned to new applicants only, and it takes about 5 hours to complete. During the same time, I received my next mail from them that explained about Lifebushido Triangle process and its importance. I was also informed that once these tasks were completed, the applicants would be given another set of tasks and then eventually would be taken to the next level of process and Lifebushido Triangle finally.
  So far, I have completed most of the first set of tasks that have been assigned to me. I gets response on each task that I completed and they update me with details. I came to know that Lifebushido offers varieties of Virtual Assistance assignments online for people who wants to do part time work from home. I look forward a very fruitful association with this company and a rewarding career ahead. 

Lifebushido Creative Ventures

Lifebushido offer creative and social entrepreneurial ventures to provide free ideas and information to help people focus on their unique talents.  Enjoy!

If you found something helpful, please tell us.  If you want to contribute and participate in the efforts, apply for a job.

Goalbushido - Goal setting advice

Bookbushido - Business book summaries

Lessonsbushido - Lessons learned

Coffee Stories - Coffee Stories book/project

Lifebushido passionately believes that people who write clear goals achieve greater success, people who read will be more successful, and we can
learn lessons from other people.

And...we believe in this so much that we share this knowledge for free.

Internet Connection Sharing on Linux using iptables

Internet Connection Sharing on Linux using iptables

It is very easy to setup an internet connection sharing in Linux system using iptables. This method can be used to share an internet connection from a Linux system(I used CentOS 6.2, but it should work on other distributions that support iptables). Another method of doing this is using a proxy server like squid.

Enable IP forwarding

Run as root

sysctl -w net.ipv4.ip_forward=1

To enable it in system startup, edit the file /etc/sysctl.conf and set

net.ipv4.ip_forward = 1

iptables

Run command as root

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save

Configuration

The configuration should be like this

Router

Connected to the internet provider
IP : 192.168.1.1

Internet Connected System

eth0 (LAN Card 1)

Connected to router

• IP : 192.168.1.10
• Netmask : 255.255.255.0
• Gateway : 192.168.1.1 (IP of the router)

eth1 (LAN Card 2)

Connected to the other system

• IP : 192.168.0.20 (Not the same network as the first card)
• Netmask : 255.255.255.0
• Gateway : 192.168.1.1 (IP of the router)

You can even use Squid as transparent proxy as website access log for your LAN. Just add the command given below after installing and configuring squid as transparent proxy.

iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 3128 

Basics to configure a CISCO router to Share Internet

Any Cisco router you have around you say Cisco 1000, 1600, 2500, 2600, And 3600 Series Routers. Any cisco router you have the below configurations will be able to workout. These configurations will help you connect your LAN onto internet, Provide basic security to your Local Area Network (LAN) so that no other network connects if not defined in the configs. 
I will go straight to what I have around me to have this configuration done successfully.


1. Router: Cisco 1600 series.
2. ISP Addresses: [IP Address: 192.168.23.11 SubMask: 255.255.255.0 Gateway:192.168.23.1].
3. LAN Addresses: [IP Address: 10.100.10.1 SubnetMask: 255.255.255.0]
4. Console Cable.

Step 1:
-    Connect your router into power and connect your console cable (will need an RJ-45 to DB-25 adapter). Power up that router without wasting a lot of time.
-    Open up your HyperTerminal: Start -> All Programs -> Accessories ->Communications -> HyperTerminal.
-    You can name anything your “Connection Description” mine is “ictmagazine” and choose 2nd icon.

-    Press OK , Then on the next interface choose a “COM” port your console is connecting to from the router. Mine was COM3 then press OK.
-    On the next screen restore to defaults “Restore Defaults” and you should be having something similar to that below.

Then press OK. You should be in your router now.
Well I will avoid you all the boring talk and just dive straight into the really thing “configuring a router to internet”, so let us go straight to step 2.
Please note that the names and password have used those are as per on my router. You can use anything you prefer to make sure your configurations are secure and matching to your standards.

..............Step 2:  Configure Basics
Router>en
Router# config t
Router(config)# hostname ICT
ICT(config)# enable password joinict
ICT(config)# enable secret m@g@z1n3
ICT(config)# ip name-server 208.67.222.222

...............Step 3: Configuring the Line console and vty 0 4
ICT(config)# line console 0
ICT(config-line)# password g3t1n
ICT(config-line)# login
ICT(config-line)# exit

ICT(config)# line vty 0 4
ICT(config-line)# password b0b0ut
ICT(config-line)# login
ICT(config-line)# exit

................Step 4: setting up the LAN interface
ICT(config)# interface Ethernet1/0
ICT(config-if)# Description ICTMAGAZINE LAN
ICT(config-if)# ip address 10.100.10.1 255.255.255.0
ICT(config-if)# ip nat inside
ICT(config-if)# no shutdown
ICT(config-if)# exit

....................Step 5: setting up the INTERNET interface (this interface has IP Addresses provided by Internet provider –ISP)
ICT(config)# interface FastEthernet0/0
ICT(config-if)# Description Broadband Internet
ICT(config-if)# ip address 192.168.23.11 255.255.255.0
ICT(config-if)# ip nat outside
ICT(config-if)# no shutdown
ICT(config-if)# exit


....................Step 6: Configuring NAT and Routing statements.
ICT(config)# ip nat inside source list 1 interface FastEthernet0/0 overload
ICT(config)# ip route 0.0.0.0 0.0.0.0 192.168.23.1

...................Step 7: Configuring the Access-list 1 (This allows the LAN to get connection to the internet).
ICT(config)# access-list 1 permit 10.100.10.0 0.0.0.255

..................Step 8: Run show commands to confirm your configurations
ICT(config)# show interface ethernet1/0 (verify the LAN IP configuration)
ICT(config)# show interface fastethernet 0/0 (verify External/ISP IP configuration and status)
ICT(config)# Show ip route (show your routing statement if its correct)
ICT(config)# show ip nat translations (This is to confirm if your nat statements are right)
ICT(config)# show access-lists (configured access lists)

.................Step 9: Save your router configurations
ICT(config)#wr

Pheeeeeeeewwwwwwwwwww………….atlast we are done! At this point you should be in position to access internet using your cisco router.
There is a lot you can do with your cisco router. Let me know what you want to do on your cisco router. We shall be glad to help you out.

Source : http://www.yourictmagazine.com/techonology/tips-a-tricks/206-basic-to-configure-a-cisco-router-to-connect-to-internet-