Is there a chance to block this content with ufdbguard?
No, because ufdbguard is only a URL rewriter.
Can you give me a hint how to do it, than I can try to help @Harold_Maponde_Shama.
Yes Iâve read it, itâs described at the second link I posted
Take a look to these examples:
@giacomo
Thanks for your answer. My problem is I think I have to put the media aclâs at the acl section before the line
acl CONNECT method CONNECT
but the acl section is not in a template. How should I integrate it without overwriting.
I didnât tried, but looking into the template, you should be able to create two files:
- 20acl_60_mime
- 30http_access_60_mime
[code]GNU nano 2.3.1 File: squid.conf
at NethServer official site: https://www.nethserver.org
Uncomment this to enable debug
#debug_options ALL,1 33,2 28,9
Sites not cached
acl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
no_cache deny no_cache
Allow access from green and trusted networks.
acl localnet src 192.168.2.0/24
GNU nano 2.3.1 File: squid.conf GNU nano 2.3.1 File: squid.conf
at NethServer official site: https://www.nethserver.org
Uncomment this to enable debug
#debug_options ALL,1 33,2 28,9
Sites not cached
acl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
no_cache deny no_cache
^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos
^X Exit^J Justify ^W Where Is ^V Next Page ^U UnCut Text ^T To Spell
GNU nano 2.3.1 File: squid.conf
at NethServer official site: https://www.nethserver.org
Uncomment this to enable debug
#debug_options ALL,1 33,2 28,9
Sites not cached
acl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
no_cache deny no_cache
Allow access from green and trusted networks.
acl localnet src 192.168.2.0/24
GNU nano 2.3.1 File: squid.conf
at NethServer official site: https://www.nethserver.org
Uncomment this to enable debug
#debug_options ALL,1 33,2 28,9
Sites not cached
acl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
no_cache deny no_cache
Allow access from green and trusted networks.
acl localnet src 192.168.2.0/24
acl localnet_dst src 192.168.2.0/24
GNU nano 2.3.1 File: squid.conf
buffered_logs on
max_filedesc 16384
logfile_rotate 0
icap_service clamav_req reqmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access clamav_req allow all
icap_service clamav_resp respmod_precache bypass=1 icap://127.0.0.1:1344/squidclamav
adaptation_access clamav_resp allow all
[/code]
here is the conf
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
# Uncomment this to enable debug
#debug_options ALL,1 33,2 28,9
# Sites not cached
acl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
no_cache deny no_cache
# Allow access from green and trusted networks.
acl localnet src 192.168.2.0/24
acl localnet_dst src 192.168.2.0/24
# Allow access from blue: ens34
acl blue src 192.168.8.0/24
# Safe ports
acl SSL_ports port 443
acl SSL_ports port 980 # httpd-admin (server-manager)
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 980 # httpd-admin (server-manager)
acl CONNECT method CONNECT
#
# 20acl_00_portscustom
#
acl Safe_ports port 2083
acl SSL_ports port 2083
acl Safe_ports port 2096
acl SSL_ports port 2096
acl Safe_ports port 8443
acl SSL_ports port 8443
acl Safe_ports port 5000
acl SSL_ports port 5000
# Authentication required
# GSSAPI auth in ADS mode
auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -i
auth_param negotiate children 10
auth_param negotiate keep_alive on
# BASIC PAM auth (fallback)
auth_param basic program /usr/lib64/squid/basic_pam_auth
auth_param basic children 5
auth_param basic realm amanocs.local
auth_param basic credentialsttl 1 hours
auth_param basic casesensitive on
acl authenticated proxy_auth REQUIRED
# Allow access from localhost
http_access allow localhost
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
#
# Skip URL rewriter for local addresses
#
acl self dst 192.168.2.202
acl self dst 192.168.8.202
acl self_port port 80
acl self_port port 443
url_rewrite_access deny self localnet blue self_port
# Block access to green from other networks
http_access deny self blue localnet_dst
# Authentication required on green and trusted networks
http_access allow localnet authenticated
# Authentication required on blue
http_access allow blue authenticated
# And finally deny all other access to this proxy
http_access deny all
cache_mem 256 MB
# Enable disk cache
minimum_object_size 0 KB
maximum_object_size 4096 KB
cache_dir aufs /var/spool/squid 2048 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*\.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims
# Always enable manual proxy
http_port 3128
acl https_proto proto https
always_direct allow https_proto
ssl_bump none localhost
sslproxy_options NO_SSLv2,NO_SSLv3,No_Compression
sslproxy_cipher ALL:!SSLv2:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL
# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect all
ssl_bump splice all
# peek at TLS/SSL connect data
# splice: no active bumping
#
# 45marks
#
# Rule 1: src: iprange;student_computers action: priority;low dst: fantasy.premierleague.com
acl src_mark_1 src 192.168.2.11-192.168.2.49
acl dst_mark_1 dstdomain .fantasy.premierleague.com
tcp_outgoing_mark 0x3 src_mark_1 dst_mark_1
# Enable squidGuard
url_rewrite_program /usr/sbin/ufdbgclient -l /var/log/squid
url_rewrite_children 20 startup=5 idle=5 concurrency=0
url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
#
# 90options
#
forward_max_tries 25
shutdown_lifetime 1 seconds
buffered_logs on
max_filedesc 16384
logfile_rotate 0
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
# Uncomment this to enable debug
#debug_options ALL,1 33,2 28,9
# Sites not cached
acl no_cache dstdomain "/etc/squid/acls/no_cache.acl"
no_cache deny no_cache
# Allow access from green and trusted networks.
acl localnet src 192.168.2.0/24
acl localnet_dst src 192.168.2.0/24
# Allow access from blue: ens34
acl blue src 192.168.8.0/24
# Safe ports
acl SSL_ports port 443
acl SSL_ports port 980 # httpd-admin (server-manager)
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 980 # httpd-admin (server-manager)
acl CONNECT method CONNECT
#
# 20acl_00_portscustom
#
acl Safe_ports port 2083
acl SSL_ports port 2083
acl Safe_ports port 2096
acl SSL_ports port 2096
acl Safe_ports port 8443
acl SSL_ports port 8443
acl Safe_ports port 5000
acl SSL_ports port 5000
# Authentication required
# GSSAPI auth in ADS mode
auth_param negotiate program /usr/lib64/squid/negotiate_kerberos_auth -i
auth_param negotiate children 10
auth_param negotiate keep_alive on
# BASIC PAM auth (fallback)
auth_param basic program /usr/lib64/squid/basic_pam_auth
auth_param basic children 5
auth_param basic realm amanocs.local
auth_param basic credentialsttl 1 hours
auth_param basic casesensitive on
acl authenticated proxy_auth REQUIRED
# Allow access from localhost
http_access allow localhost
# Deny requests to certain unsafe ports
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager
#
# Skip URL rewriter for local addresses
#
acl self dst 192.168.2.202
acl self dst 192.168.8.202
acl self_port port 80
acl self_port port 443
url_rewrite_access deny self localnet blue self_port
# Block access to green from other networks
http_access deny self blue localnet_dst
# Authentication required on green and trusted networks
http_access allow localnet authenticated
# Authentication required on blue
http_access allow blue authenticated
# And finally deny all other access to this proxy
http_access deny all
cache_mem 256 MB
# Enable disk cache
minimum_object_size 0 KB
maximum_object_size 4096 KB
cache_dir aufs /var/spool/squid 2048 16 256
# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern ([^.]+.|)(download|(windows|)update|).(microsoft.|)com/.*\.(cab|exe|msi|msp) 4320 100% 43200 reload-into-ims
# Always enable manual proxy
http_port 3128
acl https_proto proto https
always_direct allow https_proto
ssl_bump none localhost
sslproxy_options NO_SSLv2,NO_SSLv3,No_Compression
sslproxy_cipher ALL:!SSLv2:!ADH:!DSS:!MD5:!EXP:!DES:!PSK:!SRP:!RC4:!IDEA:!SEED:!aNULL:!eNULL
# TLS/SSL bumping definitions
acl tls_s1_connect at_step SslBump1
acl tls_s2_client_hello at_step SslBump2
acl tls_s3_server_hello at_step SslBump3
# TLS/SSL bumping steps
ssl_bump peek tls_s1_connect all
ssl_bump splice all
# peek at TLS/SSL connect data
# splice: no active bumping
#
# 45marks
#
# Rule 1: src: iprange;student_computers action: priority;low dst: fantasy.premierleague.com
acl src_mark_1 src 192.168.2.11-192.168.2.49
acl dst_mark_1 dstdomain .fantasy.premierleague.com
tcp_outgoing_mark 0x3 src_mark_1 dst_mark_1
# Enable squidGuard
url_rewrite_program /usr/sbin/ufdbgclient -l /var/log/squid
url_rewrite_children 20 startup=5 idle=5 concurrency=0
url_rewrite_extras "%>a/%>A %un %>rm bump_mode=%ssl::bump_mode sni=\"%ssl::>sni\" referer=\"%{Referer}>h\""
#
# 90options
#
forward_max_tries 25
shutdown_lifetime 1 seconds
buffered_logs on
max_filedesc 16384
logfile_rotate 0
Here is my ufdbguard conf;
# ================= DO NOT MODIFY THIS FILE =================
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at NethServer official site: https://www.nethserver.org
#
#
# ufdbGuard.conf - default configuration file for use with URLfilterDB
# #
# # The Reference Manual has detailed information about the configuration
# # of ufdbGuard. It is highly recommended to read it before using ufdbGuard.
# #
# # Make sure that you edit the 4 lines that are marked with
# # 'EDIT THE NEXT LINE...' to adapt this file to your environment.
#
logdir "/var/log/ufdbguard"
dbhome "/var/squidGuard/blacklists"
squid-version "3.5"
analyse-uncategorised-urls off
upload-crash-reports off
# slow replies when reloading db to decrease the number of passed urls
url-lookup-delay-during-database-reload on
logblock on
# Always strip domain from squid username
strip-domain-from-username on
redirect-https "blocked.nethserver.org:443"
category "gamble" {
domainlist /var/squidGuard/blacklists/gamble/domains
}
category "chemistry" {
domainlist /var/squidGuard/blacklists/science/chemistry/domains
}
category "files" {
expressionlist /var/squidGuard/blacklists/custom/files/expressions
}
category "pets" {
domainlist /var/squidGuard/blacklists/hobby/pets/domains
}
category "bikes" {
domainlist /var/squidGuard/blacklists/automobile/bikes/domains
}
category "aggressive" {
domainlist /var/squidGuard/blacklists/aggressive/domains
}
category "radiotv" {
domainlist /var/squidGuard/blacklists/radiotv/domains
}
category "violence" {
domainlist /var/squidGuard/blacklists/violence/domains
}
category "cars" {
domainlist /var/squidGuard/blacklists/automobile/cars/domains
}
category "travel" {
domainlist /var/squidGuard/blacklists/recreation/travel/domains
}
category "martialarts" {
domainlist /var/squidGuard/blacklists/recreation/martialarts/domains
}
category "webradio" {
domainlist /var/squidGuard/blacklists/webradio/domains
}
category "wellness" {
domainlist /var/squidGuard/blacklists/recreation/wellness/domains
}
category "movies" {
domainlist /var/squidGuard/blacklists/movies/domains
}
category "politics" {
domainlist /var/squidGuard/blacklists/politics/domains
}
category "military" {
domainlist /var/squidGuard/blacklists/military/domains
}
category "ringtones" {
domainlist /var/squidGuard/blacklists/ringtones/domains
}
category "dynamic" {
domainlist /var/squidGuard/blacklists/dynamic/domains
}
category "astronomy" {
domainlist /var/squidGuard/blacklists/science/astronomy/domains
}
category "redirector" {
domainlist /var/squidGuard/blacklists/redirector/domains
}
category "dating" {
domainlist /var/squidGuard/blacklists/dating/domains
}
category "alcohol" {
domainlist /var/squidGuard/blacklists/alcohol/domains
}
category "audio-video-1" {
domainlist /var/squidGuard/blacklists/custom/audio-video-1/domains
}
category "gardening" {
domainlist /var/squidGuard/blacklists/hobby/gardening/domains
}
category "trading" {
domainlist /var/squidGuard/blacklists/finance/trading/domains
}
category "hacking" {
domainlist /var/squidGuard/blacklists/hacking/domains
}
category "adv" {
domainlist /var/squidGuard/blacklists/adv/domains
}
category "updatesites" {
domainlist /var/squidGuard/blacklists/updatesites/domains
}
category "tracker" {
domainlist /var/squidGuard/blacklists/tracker/domains
}
category "humor" {
domainlist /var/squidGuard/blacklists/recreation/humor/domains
}
category "shopping" {
domainlist /var/squidGuard/blacklists/shopping/domains
}
category "costtraps" {
domainlist /var/squidGuard/blacklists/costtraps/domains
}
category "forum" {
domainlist /var/squidGuard/blacklists/forum/domains
}
category "ddos" {
domainlist /var/squidGuard/blacklists/custom/ddos/domains
}
category "weapons" {
domainlist /var/squidGuard/blacklists/weapons/domains
}
category "sports" {
domainlist /var/squidGuard/blacklists/recreation/sports/domains
}
category "education" {
domainlist /var/squidGuard/blacklists/sex/education/domains
}
category "webmail" {
domainlist /var/squidGuard/blacklists/webmail/domains
}
category "moneylending" {
domainlist /var/squidGuard/blacklists/finance/moneylending/domains
}
category "cooking" {
domainlist /var/squidGuard/blacklists/hobby/cooking/domains
}
category "hospitals" {
domainlist /var/squidGuard/blacklists/hospitals/domains
}
category "searchengines" {
domainlist /var/squidGuard/blacklists/searchengines/domains
}
category "schools" {
domainlist /var/squidGuard/blacklists/education/schools/domains
}
category "downloads-1" {
domainlist /var/squidGuard/blacklists/custom/downloads-1/domains
}
category "remotecontrol" {
domainlist /var/squidGuard/blacklists/remotecontrol/domains
}
category "realestate" {
domainlist /var/squidGuard/blacklists/finance/realestate/domains
}
category "spyware" {
domainlist /var/squidGuard/blacklists/spyware/domains
}
category "drugs" {
domainlist /var/squidGuard/blacklists/drugs/domains
}
category "music" {
domainlist /var/squidGuard/blacklists/music/domains
}
category "government" {
domainlist /var/squidGuard/blacklists/government/domains
}
category "downloads" {
domainlist /var/squidGuard/blacklists/downloads/domains
}
category "models" {
domainlist /var/squidGuard/blacklists/models/domains
}
category "urlshortener" {
domainlist /var/squidGuard/blacklists/urlshortener/domains
}
category "builtin" {
domainlist /var/squidGuard/blacklists/custom/builtin/domains
expressionlist /var/squidGuard/blacklists/custom/builtin/expressions
}
category "imagehosting" {
domainlist /var/squidGuard/blacklists/imagehosting/domains
}
category "webphone" {
domainlist /var/squidGuard/blacklists/webphone/domains
}
category "insurance" {
domainlist /var/squidGuard/blacklists/finance/insurance/domains
}
category "socialnetworks" {
domainlist /var/squidGuard/blacklists/custom/socialnetworks/domains
}
category "planes" {
domainlist /var/squidGuard/blacklists/automobile/planes/domains
}
category "games-online" {
domainlist /var/squidGuard/blacklists/hobby/games-online/domains
}
category "warez" {
domainlist /var/squidGuard/blacklists/warez/domains
}
category "other" {
domainlist /var/squidGuard/blacklists/finance/other/domains
}
category "nh_blacklist" {
domainlist /var/squidGuard/blacklists/custom/blacklist/domains
}
category "lingerie" {
domainlist /var/squidGuard/blacklists/sex/lingerie/domains
}
category "homestyle" {
domainlist /var/squidGuard/blacklists/homestyle/domains
}
category "games-misc" {
domainlist /var/squidGuard/blacklists/hobby/games-misc/domains
}
category "podcasts" {
domainlist /var/squidGuard/blacklists/podcasts/domains
}
category "library" {
domainlist /var/squidGuard/blacklists/library/domains
}
category "jobsearch" {
domainlist /var/squidGuard/blacklists/jobsearch/domains
}
category "anonvpn" {
domainlist /var/squidGuard/blacklists/anonvpn/domains
}
category "socialnet" {
domainlist /var/squidGuard/blacklists/socialnet/domains
}
category "porn" {
domainlist /var/squidGuard/blacklists/porn/domains
}
category "webtv" {
domainlist /var/squidGuard/blacklists/webtv/domains
}
category "religion" {
domainlist /var/squidGuard/blacklists/religion/domains
}
category "blog" {
domainlist /var/squidGuard/blacklists/custom/blog/domains
}
category "fortunetelling" {
domainlist /var/squidGuard/blacklists/fortunetelling/domains
}
category "chat" {
domainlist /var/squidGuard/blacklists/chat/domains
}
category "restaurants" {
domainlist /var/squidGuard/blacklists/recreation/restaurants/domains
}
category "nh_whitelist" {
domainlist /var/squidGuard/blacklists/custom/whitelist/domains
}
category "banking" {
domainlist /var/squidGuard/blacklists/finance/banking/domains
}
category "boats" {
domainlist /var/squidGuard/blacklists/automobile/boats/domains
}
category "news" {
domainlist /var/squidGuard/blacklists/news/domains
}
category "isp" {
domainlist /var/squidGuard/blacklists/isp/domains
}
category "security" {
cacerts "/var/ufdbguard/blacklists/security/cacerts"
option enforce-https-with-hostname off
option enforce-https-official-certificate off
option allow-skype-over-https on
option allow-gtalk-over-https on
option allow-yahoomsg-over-https on
option allow-aim-over-https on
option allow-fb-chat-over-https on
option allow-citrixonline-over-https on
option allow-anydesk-over-https on
option allow-teamviewer-over-https on
option allow-unknown-protocol-over-https on
option https-prohibit-insecure-sslv2 off
option https-prohibit-insecure-sslv3 off
}
src src_default_staff {
execuserlist "/usr/libexec/nethserver/ufdbguard-list-group-members staff_proxies"
}
src src_default_student {
execuserlist "/usr/libexec/nethserver/ufdbguard-list-group-members student_proxies"
}
src src_dorm {
execuserlist "/usr/libexec/nethserver/ufdbguard-list-group-members dorm"
}
src src_heads {
execuserlist "/usr/libexec/nethserver/ufdbguard-list-group-members heads"
}
src src_itprofile {
execuserlist "/usr/libexec/nethserver/ufdbguard-list-group-members it"
}
src src_management {
execuserlist "/usr/libexec/nethserver/ufdbguard-list-group-members management"
}
src src_newitgroup {
execuserlist "/usr/libexec/nethserver/ufdbguard-list-group-members it"
}
src src_office {
execuserlist "/usr/libexec/nethserver/ufdbguard-list-group-members officemgmt_proxies"
}
time weekdays_students {
weekly mtwhf 08:00-20:00
}
acl {
# Profile: default_staff
src_default_staff {
pass !security !nh_blacklist !files !builtin !"adv" !"aggressive" !"alcohol" !"anonvpn" !"audio-video-1" !"blog" !"boats" !"chat" !"cooking" !"costtraps" !"dating" !"ddos" !"downloads" !"downloads-1" !"dynamic" !"fortunetelling" !"gamble" !"games-misc" !"games-online" !"hacking" !"isp" !"lingerie" !"military" !"models" !"movies" !"music" !"other" !"pets" !"podcasts" !"porn" !"radiotv" !"redirector" !"remotecontrol" !"shopping" !"socialnet" !"socialnetworks" !"spyware" !"tracker" !"updatesites" !"urlshortener" !"violence" !"warez" !"weapons" !"webphone" !"webradio" !"webtv" !"wellness" all
}
# Profile: default_student
src_default_student within weekdays_students {
pass !security !nh_blacklist !files !builtin !"adv" !"aggressive" !"alcohol" !"anonvpn" !"astronomy" !"audio-video-1" !"banking" !"bikes" !"blog" !"boats" !"cars" !"chat" !"chemistry" !"cooking" !"costtraps" !"dating" !"ddos" !"downloads-1" !"drugs" !"dynamic" !"education" !"education" !"fortunetelling" !"forum" !"gamble" !"games-misc" !"games-online" !"gardening" !"government" !"hacking" !"homestyle" !"hospitals" !"humor" !"imagehosting" !"insurance" !"isp" !"jobsearch" !"lingerie" !"martialarts" !"military" !"models" !"moneylending" !"movies" !"music" !"news" !"other" !"pets" !"planes" !"podcasts" !"politics" !"porn" !"realestate" !"redirector" !"religion" !"remotecontrol" !"restaurants" !"ringtones" !"shopping" !"socialnet" !"socialnetworks" !"sports" !"spyware" !"tracker" !"trading" !"travel" !"updatesites" !"urlshortener" !"violence" !"warez" !"weapons" !"webmail" !"webphone" !"webradio" !"webtv" !"wellness" all
}
# Profile: dorm
src_dorm {
pass !security !nh_blacklist !files !builtin !"adv" !"aggressive" !"alcohol" !"anonvpn" !"audio-video-1" !"blog" !"boats" !"chat" !"cooking" !"costtraps" !"dating" !"ddos" !"downloads" !"downloads-1" !"dynamic" !"fortunetelling" !"gamble" !"games-misc" !"games-online" !"hacking" !"isp" !"lingerie" !"military" !"models" !"movies" !"music" !"other" !"pets" !"podcasts" !"porn" !"radiotv" !"redirector" !"remotecontrol" !"shopping" !"socialnet" !"socialnetworks" !"spyware" !"tracker" !"updatesites" !"urlshortener" !"violence" !"warez" !"weapons" !"webphone" !"webradio" !"webtv" !"wellness" all
}
# Profile: heads
src_heads {
pass !security nh_whitelist !nh_blacklist !builtin !"adv" !"aggressive" !"anonvpn" !"chat" !"ddos" !"hacking" !"lingerie" !"movies" !"music" !"porn" !"socialnet" !"socialnetworks" !"updatesites" !"urlshortener" !"violence" !"warez" !"weapons" !"webphone" !"webradio" !"webtv" all
}
# Profile: itprofile
src_itprofile {
pass !security nh_whitelist !builtin !"adv" !"aggressive" !"anonvpn" !"ddos" !"gamble" !"games-misc" !"games-online" !"porn" !"spyware" !"tracker" !"warez" all
}
# Profile: management
src_management {
pass !security nh_whitelist !nh_blacklist !builtin !"adv" !"aggressive" !"anonvpn" !"chat" !"ddos" !"hacking" !"lingerie" !"movies" !"music" !"porn" !"socialnet" !"socialnetworks" !"updatesites" !"urlshortener" !"violence" !"warez" !"weapons" !"webphone" !"webradio" !"webtv" all
}
# Profile: newitgroup
src_newitgroup {
pass !security nh_whitelist !builtin !"adv" !"aggressive" !"anonvpn" !"ddos" !"gamble" !"games-misc" !"games-online" !"porn" !"spyware" !"tracker" !"warez" all
}
# Profile: office
src_office {
pass !security !nh_blacklist !files !builtin !"adv" !"aggressive" !"alcohol" !"anonvpn" !"astronomy" !"audio-video-1" !"banking" !"bikes" !"blog" !"boats" !"cars" !"chat" !"chemistry" !"cooking" !"costtraps" !"dating" !"ddos" !"downloads" !"downloads-1" !"drugs" !"dynamic" !"education" !"education" !"fortunetelling" !"forum" !"gamble" !"games-misc" !"games-online" !"gardening" !"government" !"hacking" !"homestyle" !"hospitals" !"humor" !"imagehosting" !"insurance" !"isp" !"jobsearch" !"library" !"lingerie" !"martialarts" !"military" !"models" !"moneylending" !"movies" !"music" !"other" !"pets" !"planes" !"podcasts" !"politics" !"porn" !"radiotv" !"realestate" !"redirector" !"religion" !"remotecontrol" !"restaurants" !"ringtones" !"schools" !"socialnet" !"socialnetworks" !"sports" !"spyware" !"tracker" !"trading" !"travel" !"updatesites" !"urlshortener" !"violence" !"warez" !"weapons" !"webphone" !"webradio" !"webtv" !"wellness" all
}
default {
pass !security !nh_blacklist !files !builtin !"adv" !"aggressive" !"alcohol" !"anonvpn" !"astronomy" !"audio-video-1" !"banking" !"bikes" !"blog" !"boats" !"cars" !"chat" !"chemistry" !"cooking" !"costtraps" !"dating" !"ddos" !"downloads-1" !"drugs" !"dynamic" !"education" !"education" !"fortunetelling" !"forum" !"gamble" !"games-misc" !"games-online" !"gardening" !"government" !"hacking" !"homestyle" !"hospitals" !"humor" !"imagehosting" !"insurance" !"isp" !"jobsearch" !"lingerie" !"martialarts" !"military" !"models" !"moneylending" !"movies" !"music" !"news" !"other" !"pets" !"planes" !"podcasts" !"politics" !"porn" !"realestate" !"redirector" !"religion" !"remotecontrol" !"restaurants" !"ringtones" !"shopping" !"socialnet" !"socialnetworks" !"sports" !"spyware" !"tracker" !"trading" !"travel" !"updatesites" !"urlshortener" !"violence" !"warez" !"weapons" !"webmail" !"webphone" !"webradio" !"webtv" !"wellness" all
redirect http://192.168.2.202/cgi-bin/nethserver-block.cgi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup=%t&url=%u
}
}
Ok, I would prefer to do it in two steps.
First we try to block streams for everyone. If it works we try to add the group management.
Please create like @giacomo said the following files:
/etc/e-smith/templates-custom/etc/squid.conf/20acl_60_mime
/etc/e-smith/templates-custom/etc/squid.conf/30http_access_60_mime
At the file 20acl_60_mime you write the following:
# ACL for Radio / Video Stream
acl StreamingRequest1 req_mime_type -i ^video/x-ms-asf$
acl StreamingRequest2 req_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
acl StreamingRequest3 req_mime_type -i ^application/x-mms-framed$
acl StreamingRequest4 req_mime_type -i ^audio/x-pn-realaudio$
acl StreamingReply1 rep_mime_type -i ^video/x-ms-asf$
acl StreamingReply2 rep_mime_type -i ^application/vnd.ms.wms-hdr.asfv1$
acl StreamingReply3 rep_mime_type -i ^application/x-mms-framed$
acl StreamingReply4 rep_mime_type -i ^audio/x-pn-realaudio$
#End of ACL for Radio / Video Stream
and at the file 30http_access_60_mime
#Rules to block Radio / Video Stream
http_access deny StreamingRequest1 all
http_access deny StreamingRequest2 all
http_access deny StreamingRequest3 all
http_access deny StreamingRequest4 all
http_reply_access deny StreamingReply1 all
http_reply_access deny StreamingReply2 all
http_reply_access deny StreamingReply3 all
http_reply_access deny StreamingReply4 all
# End of Rules to block Radio / Video Stream
After that you do a
expand-template /etc/squid/squid.conf
If squid doesnât work after expanding you can remove the two files and do the expand again.
hi, I would instead need to block the streaming movie sites, in the blacklist I use there is nothing specific and therefore the sites can unfortunately be visited
You can watch the squid logs for a period of time (1 month letâs say) and gather all the sites found in the logs.
Then add them to you blacklist.
Even if you use a custom blacklist like Shalla http://www.shalla.de/Info/blacklists.html or Squidguard, there is a great chance that the sites vizited by your users are not in those packs.
So you are left with manual hunting the logs (search by movie name or some other title, in order to get more results)
so can I add them to the blacklist? Iâm using shalla. so I have to add custom categories?