ipcop support

What is the command to edit the/etc/squid/squid.conf on ipcop v2?

The IPCop web GUI.

_________________


-=[ If you want answers: provide lots of information, including tiny details! ]=-

You can't tell me?

squid.conf is in /var/ipcop/proxy, but that is subject to being overwritten by updates. Custom stuff should go in /var/ipcop/proxy/acl/include.acl (as noted in squid.conf)

Be careful if you're not certain what you're doing. You can break things there easily.

In version 2.0 of ipcop it gets in/etc/squid/

That's where squid.conf is, yes. If you modify squid.conf, then install an update, your modifications may disappear. squid.conf includes /var/ipcop/proxy/acl/include.acl

If you do not put your custom changes in /var/ipcop/proxy/acl/include.acl then they may disappear and you will probably have a hell of a time figuring out why.

Hence the reason NOT to go outside IPCOP's GUI.

If you need a full blown SQUID server - make a full blown SQUID server instead of trying to crowbar IPCOP, a working FIREWALL APPLIANCE to do something it was NOT designed to do.

_________________
For the 2.5^15th time :: Better Details = Better Answers

There's a reason include.acl is there.

And open source is all about doing things with your own stuff that it wasn't designed to do, after all.

(BTW, for what it's worth, the developers clearly intended the include.acl file to be used for custom configuration that is outside the scope of the GUI. We know that for two reasons:

First, there's a remark at the start of squid.conf that says "don't put custom stuff here or a future update might overwrite it" that's clearly not part of the standard squid.conf file, and all the squid.conf related stuff is in a non-standard pace.

And second, include.acl is part of the backup file. When you reinstall and retore, any custom stuff you put there is included.)

The developers clearly recognize that IPCop is not the be-all, end-all of firewalls, usable unmodified by everyone. They have taken this in to account, and made allowances for the fact that people do futz with things. And rightly so, on an open source project.

Thank you, thank you even

anyone here have a template of squid.conf who can pass me by time-constrained? Another thing to put my ip on "IP Addresses without restriction" and even then I'm picking up the restrictions. I am speaking of IPCOP 2.0.4

Posts merged.

Read the squid manpages. Edit stuff. Try and figure out why it does not work in the IPCop environment. Repeat.


Probably better to start from scratch with an empty suqid.conf on a XYZ linux though.

_________________


-=[ If you want answers: provide lots of information, including tiny details! ]=-

Your best bet really is to search Google for squid tutorials. There are a bunch of them out there.

No experience with time limiting, so I can't help you there. For restricting some, but not all, by IP, I have done that. You create lists of IPs like this:


This creates a list called "block_IPs" that is the entirety of 192.168.16.0


This creates a list called "allow_IPs" that includes two specific IP addresses. You can add more IPs by adding more lines.

I have a very short whitelist that's allowed everywhere, and a few PCs in each location that have unrestricted access. To create the whitelist, use the following:



Again, one item per line. This creates a a list of URLs called "whitelist" using regex rules (which you need someone far more knowledgeble than me to tutor you on).

The trick is get your access commands in the correct order. So far as I can tell, it processes them in order, and stops when it reaches one that applies to a particular connection. So to allow access to specific IPs, you put that in first:


A request from an IP on "allow_IPs" will be allowed, and squid will stop processing.

Otherwise, , to allow access to the white list only for the blocked list of IPS, you add:


If the URL is on "whitelist" list, it will be allowed, and squid will stop.

Otherwise, add this:



And any IP on the "block_IPs" list will be blocked, and told that access has been denied, and squid will stop processing.

If, for some reason, the IP isn't on either list, and the URL isn't on the whitelist, squid will allow access by default (presumably as a transparent proxy, otherwise, it's easy to bypass, but you have to turn that on in the GUI).

Again, do not put this in the squid.conf file, or it will possibly be overwritten by a future IPCop update. This belongs in the include.acl file in /var/ipcop/proxy/acls

One more note: This isn't a terribly efficient way to do this, from what I understand. There are other ways of putting information like this in to a database that are far more efficient. If, like me, your lists of IPs and URLs is short, and you're not pushing old, worn-out hardware to its limits, it doesn't make much of a difference. If if you have a large white list or black list, it can impact your internet speed.

Also, very important note: After you have saved your changes, you have to stop and restart squid, or the changes will not take effect. The easy way to do this is to turn off, then back on, the proxy in the GUI.

You can post the squid you should work as I quoted? Will help me a lot.
Sorry, but I have used a translator to read and respond.

I'm not quite sure what you're asking.

So I want is: Two lists of sites allowed in 1-2-horario intregal only in schedules off (before the record - lunch and after work) and to block anything that is not on the whitelist (a list of the first site .)

I hope I have been clear for you to help me.