FREQUENTLY ASKED QUESTIONS (Squid Proxy)
Q: How to block a particular port number in squid proxy?
You can block a specific port number(port filtering) in squid proxy server. By blocking particular ports, you can restrict the use of some protocols/services/websites/applications through squid proxy.
For example to block ftp traffic all you need to do is block the port 21/TCP. same way you can block all https sites by blocking port 443/TCP. and so on...
Login as supersuer(root) and edit the squid's configuration file and block ports via ACLs.
This configuration will work in all linux distros like Fedora, redhat,CentOS,ubuntu, debian.
ACL based port blocking in squid
For example to block port number 443/tcp,(all the "https" sites will be blocked)
[root@server ~]# vi /etc/squid/squid.conf
acl Bad_ports port 443 #(create acl for port 443/tcp)
http_access deny Bad_ports #(block port 443/tcp)
#now save the squid.conf file
Restart or reload squid with new configurations
[root@server ~]# service squid reload
or
[root@server ~]# service squid restart
Test: Try to access some https sites eg: https://www.google.com (will be denied normally)
Important: By default the following port numbers will be added as "Safe_Ports" and open for browsing. and all the ports except listed below will be blocked by default.
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
Q: How to block a particular port number in squid proxy?
You can block a specific port number(port filtering) in squid proxy server. By blocking particular ports, you can restrict the use of some protocols/services/websites/applications through squid proxy.
For example to block ftp traffic all you need to do is block the port 21/TCP. same way you can block all https sites by blocking port 443/TCP. and so on...
Login as supersuer(root) and edit the squid's configuration file and block ports via ACLs.
This configuration will work in all linux distros like Fedora, redhat,CentOS,ubuntu, debian.
ACL based port blocking in squid
For example to block port number 443/tcp,(all the "https" sites will be blocked)
[root@server ~]# vi /etc/squid/squid.conf
acl Bad_ports port 443 #(create acl for port 443/tcp)
http_access deny Bad_ports #(block port 443/tcp)
#now save the squid.conf file
Restart or reload squid with new configurations
[root@server ~]# service squid reload
or
[root@server ~]# service squid restart
Test: Try to access some https sites eg: https://www.google.com (will be denied normally)
Important: By default the following port numbers will be added as "Safe_Ports" and open for browsing. and all the ports except listed below will be blocked by default.
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
Disabling the each above lines in squid.conf will block the appropriate ports. For example to block port 777/tcp, add a "#" infront of the same line (see below)
#acl Safe_ports port 777 # multiling http
Thanks for visiting...... add your comments and share with friends...
0 comments:
Post a Comment