ipcop support

community support forum
It is currently Sat Apr 19, 2014 12:17 am

All times are UTC [ DST ]




Post new topic Reply to topic  [ 17 posts ] 
Author Message
 Post subject: Ipcop v2.0
Unread postPosted: Wed Oct 19, 2011 5:21 pm 
New User

Joined: Wed Nov 14, 2007 1:30 pm
Posts: 64
Location: Bahia, Brasil
good afternoon

anyone knows if the URLFilter works with IPCop v2.0


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Wed Oct 19, 2011 7:26 pm 
User

Joined: Mon Jan 18, 2010 7:43 pm
Posts: 196
It does not. There's an advanced proxy addon that does, but I've found it's actually pretty easy to just manually edit the Squid ACL directly, though my needs are very simple.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Thu Oct 20, 2011 4:07 am 
Site Moderator

Joined: Wed Apr 28, 2004 1:27 am
Posts: 6945
Location: Beaumont, TX, USA
taustin wrote:
There's an advanced proxy addon that does
It is not an addon for 2.0, it is built-in.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Thu Oct 20, 2011 4:44 pm 
User

Joined: Mon Jan 18, 2010 7:43 pm
Posts: 196
ds531 wrote:
taustin wrote:
There's an advanced proxy addon that does
It is not an addon for 2.0, it is built-in.


Not . . . really. Not all the same capabilities, at least, not that I could find.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Thu Oct 20, 2011 7:11 pm 
User
User avatar

Joined: Sat Jul 03, 2004 2:01 pm
Posts: 313
taustin wrote:
Not all the same capabilities, at least, not that I could find.

What are you missing?

_________________
If you don't see the fnord, it can't eat you.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Thu Oct 20, 2011 7:26 pm 
User

Joined: Mon Jan 18, 2010 7:43 pm
Posts: 196
wintermute wrote:
taustin wrote:
Not all the same capabilities, at least, not that I could find.

What are you missing?


I needed to be able to deny access to everything but a whitelist, except for a specific list of IPs, except for one location where I needed the opposite (default allow, but restrict a specific list). I saw no way to do this in the web interface. Possibly because it's just different looking.

I am, however, missing nothing, as it turned out to be very easy to directly edit the ACLs for Squid, because the whitelist of allowed URLs is fairly small and does not change often.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Fri Oct 21, 2011 6:00 am 
Expert

Joined: Sat Sep 23, 2006 11:23 am
Posts: 2413
Location: LDK | Hessen | Germany
Since when was something like that a feature of the advanced proxy addon :?:

_________________
Image

-=[ If you want answers: provide lots of information, including tiny details! ]=-


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Sat Oct 22, 2011 10:33 pm 
Site Moderator
User avatar

Joined: Sun Feb 01, 2004 7:34 am
Posts: 779
Location: Everett, Wa USA
taustin, Urlfilter and advanced proxy are two different things. Advanced proxy is part of IPCop 2.0, Urlfilter is not a part of it as of 2.0.0, as far as Urlfilter becoming part of 2.x.x, the information is out there. The fact that the same author made both for IPCop 1.4.x as addons may have confused you.

I've used acl's in the past but I think the use of a database that Squidguard uses as a part of Urlfilter is far more efficient. To have everything go by a plain text list seems like it would have to tax the system resources quite a lot.

_________________
Dave
http://www.raqcop.com
Sun Cobalt Raq4i AMD K6-III clocked at 550mhz LCD replaced with 16x2 Newhaven VFD and Rose Filter for white output.
Raqcop-2.0.6 Flash Raid 1 with Two Transcend Industrial CF Drives and Syba adapters.
Bridged Actiontec 702 ADSL 2+ Modem using Frontier ADSL complete with blocked port 25 in both directions, sigh....
Cisco 1231 Access Point with both radios, chosen SSID bordering on obscene. SSID never made it to Google maps.
Image Image


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Sun Oct 23, 2011 12:24 am 
User

Joined: Mon Jan 18, 2010 7:43 pm
Posts: 196
Davesworld wrote:
taustin, Urlfilter and advanced proxy are two different things. Advanced proxy is part of IPCop 2.0, Urlfilter is not a part of it as of 2.0.0, as far as Urlfilter becoming part of 2.x.x, the information is out there. The fact that the same author made both for IPCop 1.4.x as addons may have confused you.


That is possible. Someone had recommended some add on as an alternative to URLFilter elsewhere, but after I had figured out ACLs.

Davesworld wrote:
I've used acl's in the past but I think the use of a database that Squidguard uses as a part of Urlfilter is far more efficient. To have everything go by a plain text list seems like it would have to tax the system resources quite a lot.


The whitelist is very, very short. It seems to work just fine.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Mon Dec 26, 2011 6:17 pm 
New User

Joined: Mon Dec 26, 2011 6:10 pm
Posts: 2
Hi, could you please tell us how did you managed to add that URL in squid.conf or if you added or edited an ACL in /var/ipcop/proxy/acls/

thanks!


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Tue Dec 27, 2011 5:35 pm 
User

Joined: Mon Jan 18, 2010 7:43 pm
Posts: 196
The file to edit is "include.acl" in /var/ipcop/proxy/acls/

This configuration will deny access to the web by default to all IPs, except those specifically listed as having full access.

First, define the local network to be blocked:
acl block_IPs src x.x.x.0/24

Then, add the list of unrestricted IPs:
acl allow_IPs src x.x.x.100
acl allow_IPs src x.x.x.106
acl allow_IPs src x.x.x.97


Then, define the list of URLs allowed:
acl whitelist url_regex .firstURL.com
acl whitelist url_regex .secondURL.com

(These are regex expressions, so far as I can tell, so pay attention to things like whether or not it has a period at the beginning or end, or whatever. I dont' know how well, or if, wildcards work as I haven't needed any.)

In the case of both these lists, it is far easier to keep track of what you're doing if you give each entry its own line.

Then, set the access permissions. As I recall, order is important; Squid stops processing after the first match it finds. So first, allow the unrestricted IPs:

http_access allow allow_IPs

Then, allow the whitelist of URLS:

http_access allow whitelist

Then, deny everything else:

http_access deny block_IPs

Be sure you restart the proxy after you save any changes.

The overall file should look like this:

acl block_IPs src x.x.x.0/24
acl allow_IPs src x.x.x.100
acl allow_IPs src x.x.x.106
acl allow_IPs src x.x.x.97
acl whitelist url_regex .firstURL.com
acl whitelist url_regex .secondURL.com
http_access allow allow_IPs
http_access allow whitelist
http_access deny block_IPs


(It seems to be pretty tolerant of white space, but I haven't exactly tested it. This works for me. And, as has been noted, doing this is plain text is not very efficient, but if your lists are short, and you have decent hardware, it works fine.)

You can reverse the situation - default to allowing unrestricted access except to a list of blocked IPs - by changing the "allow" to "deny" in the first http_access and changing the "deny" to "allow" in the last one - I think. I have not yet set that up.

If you pay attention to the details, you can easily add additional lists for finer control - you could, for instance, customize the allow list for different departments, so that HR could get to their payroll service's web sites, but not the bank's, while accounting can get to the bank but not payroll. There are a number of good tutorials on Squid ACLs that you can find through Google.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Wed Dec 28, 2011 3:43 am 
New User

Joined: Mon Dec 26, 2011 6:10 pm
Posts: 2
Taustin, I am simply amazed with your answer. Really thank you very much, it makes a lot of sense yor experience. Have a nice evening.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Sun Jan 29, 2012 3:52 pm 
New User

Joined: Tue Jun 08, 2010 6:49 pm
Posts: 9
Location: Boutersem, Belgiƫ
hello there!

not very amused with version IPCop2.0.2! 'cause we were ever so satisfied with the URLfilter add-on


I need to be able to ALLOW access to everything but Shala's blacklist!

can this be fixed? :roll:

and what about the option 'safesearch', does it still exist?


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Mon Jan 30, 2012 7:33 am 
Site Moderator

Joined: Wed Apr 28, 2004 1:27 am
Posts: 6945
Location: Beaumont, TX, USA
You can always use IPCOP 1.4.21. There is nothing wrong with it from a security point of view.


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Thu Jun 20, 2013 3:13 am 
New User

Joined: Thu Jun 20, 2013 3:05 am
Posts: 1
Not sure if this is overkill, but you could try the Cop+ (Dansguardian) add-on http://home.earthlink.net/~copplus/install.html

I have a very simple home network. Works on ipCop v2.0

Cheers


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Wed Jul 03, 2013 7:08 pm 
New User

Joined: Sun Jun 30, 2013 7:42 pm
Posts: 5
@for newbie IPCop user.. (Assume IPCop V.2.0.6, IPgreen192.168.1.1)
to access IPCop WebGui :
https://192.168.1.1:8443/cgi-bin/index.cgi
but unfortunately there is no menu URL Filter, dont worry
step 1----------------------
just replace index.cgi with urlfilter.cgi
ex: https://192.168.1.1:8443/cgi-bin/urlfilter.cgi

step 2----------------------
on menu urlfilter.cgi
tick urlfilter enabled > save
step 3------------------------
back to Services>Proxy menu
go to the option Redirectors tick Enable (will show if step2 urlfilter enabled)
step 4--------
save, finish & restart your IPcop


Top
 Profile  
 
 Post subject: Re: Ipcop v2.0
Unread postPosted: Fri Jul 05, 2013 4:46 am 
Site Moderator
User avatar

Joined: Sun Feb 01, 2004 7:34 am
Posts: 779
Location: Everett, Wa USA
dimmensi wrote:
@for newbie IPCop user.. (Assume IPCop V.2.0.6, IPgreen192.168.1.1)
to access IPCop WebGui :
https://192.168.1.1:8443/cgi-bin/index.cgi
but unfortunately there is no menu URL Filter, dont worry
step 1----------------------
just replace index.cgi with urlfilter.cgi
ex: https://192.168.1.1:8443/cgi-bin/urlfilter.cgi

step 2----------------------
on menu urlfilter.cgi
tick urlfilter enabled > save
step 3------------------------
back to Services>Proxy menu
go to the option Redirectors tick Enable (will show if step2 urlfilter enabled)
step 4--------
save, finish & restart your IPcop


2.1.1 will have it. The reason it was not enabled prior to the upcoming 2.1.0/2.1.1 update pair is because it was simply not ready, what you enabled is urlfilter in the state that it was in when the last full IPCop version was packaged which was unfinished. Hopefully when you update your modified system you won't end up with a mess.

To put it simply, the parts of urlfilter that are already there are not an easter egg to be discovered and used. Some important changes have been incorporated since 2.0.2-2.0.6 that will save your flash drive or even hard drive when updating your lists so long as you have more than 250MB of ram, else your drive will be thrashed for forty five minutes.. This is but one change that has occurred since then, there are many and may be more before 2.1.0/2.1.1 is actually ready.

_________________
Dave
http://www.raqcop.com
Sun Cobalt Raq4i AMD K6-III clocked at 550mhz LCD replaced with 16x2 Newhaven VFD and Rose Filter for white output.
Raqcop-2.0.6 Flash Raid 1 with Two Transcend Industrial CF Drives and Syba adapters.
Bridged Actiontec 702 ADSL 2+ Modem using Frontier ADSL complete with blocked port 25 in both directions, sigh....
Cisco 1231 Access Point with both radios, chosen SSID bordering on obscene. SSID never made it to Google maps.
Image Image


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 17 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group