Is it possible to allow specific user or IP to bypass squidguard?grub2: how to bypass “press any key”?bypass firewall with Openvpn + SquidAllow specific linux user to bind to port 443Squid: how to block a website, but allow access to certain foldersallow just running of two specific programs (scripts) for user's accountAllow specific port through iptablesHow to find specific RPi image?Allow non-root user to use timedatectlsquid with urlpath_regex not working with httpsSquid block non-proxy user

Why does Kotter return in Welcome Back Kotter?

Why can't I see bouncing of a switch on an oscilloscope?

How do I create uniquely male characters?

Mage Armor with Defense fighting style (for Adventurers League bladeslinger)

Do VLANs within a subnet need to have their own subnet for router on a stick?

What is the offset in a seaplane's hull?

Why not use SQL instead of GraphQL?

Why are electrically insulating heatsinks so rare? Is it just cost?

Test if tikzmark exists on same page

Fencing style for blades that can attack from a distance

What do the dots in this tr command do: tr .............A-Z A-ZA-Z <<< "JVPQBOV" (with 13 dots)

Modeling an IPv4 Address

Can a Warlock become Neutral Good?

What are the differences between the usage of 'it' and 'they'?

Why do I get two different answers for this counting problem?

Arthur Somervell: 1000 Exercises - Meaning of this notation

What does it mean to describe someone as a butt steak?

Font hinting is lost in Chrome-like browsers (for some languages )

Theorems that impeded progress

Risk of getting Chronic Wasting Disease (CWD) in the United States?

How does one intimidate enemies without having the capacity for violence?

Approximately how much travel time was saved by the opening of the Suez Canal in 1869?

How to format long polynomial?

Have astronauts in space suits ever taken selfies? If so, how?



Is it possible to allow specific user or IP to bypass squidguard?


grub2: how to bypass “press any key”?bypass firewall with Openvpn + SquidAllow specific linux user to bind to port 443Squid: how to block a website, but allow access to certain foldersallow just running of two specific programs (scripts) for user's accountAllow specific port through iptablesHow to find specific RPi image?Allow non-root user to use timedatectlsquid with urlpath_regex not working with httpsSquid block non-proxy user






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








0















I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denies the access to gamble websites.



My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.



Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).



My squid.conf file:



acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
redirect_program /usr/bin/squidGuard
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access deny all
http_port 3128
cache_dir ufs /var/spool/squid 1000 16 256
coredump_dir /var/spool/squid
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|?) 0 0% 0
refresh_pattern . 0 20% 4320


My squidGuard.conf file:



dbhome /var/lib/squidguard/db
logdir /var/log/squidguard
time workhours 
 weekly mtwhf 08:00 - 16:30
 date *-*-01 08:00 - 16:30

src admin 
 ip 1.2.3.4 1.2.3.5
 user root foo bar
 within workhours


src foo-clients 
 ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200


src bar-clients 
 ip 172.16.4.0/26


dest good 
dest local 
dest porn 
dest gamble
 domainlist gamble/domains
 urllist gamble/urls


acl 
 admin 
 pass any
 
 foo-clients within workhours 
 pass good !in-addr !porn any
 else 
 pass any
 
 bar-clients 
 pass local none
 
 default 
 pass !gamble any
 redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi? 
 clientaddr=%a&clientname=%n
 &clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u



After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.



Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.






linux debian raspberry-pi squid







share|improve this question









New contributor




Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.


























    0















    I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denies the access to gamble websites.



    My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.



    Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).



    My squid.conf file:



    acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
    acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
    acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
    redirect_program /usr/bin/squidGuard
    acl SSL_ports port 443
    acl Safe_ports port 80 # http
    acl Safe_ports port 21 # ftp
    acl Safe_ports port 443 # https
    acl Safe_ports port 70 # gopher
    acl Safe_ports port 210 # wais
    acl Safe_ports port 1025-65535 # unregistered ports
    acl Safe_ports port 280 # http-mgmt
    acl Safe_ports port 488 # gss-http
    acl Safe_ports port 591 # filemaker
    acl Safe_ports port 777 # multiling http
    acl CONNECT method CONNECT
    http_access deny !Safe_ports
    http_access deny CONNECT !SSL_ports
    http_access allow localhost manager
    http_access deny manager
    http_access allow localnet
    http_access allow localhost
    http_access deny all
    http_port 3128
    cache_dir ufs /var/spool/squid 1000 16 256
    coredump_dir /var/spool/squid
    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern -i (/cgi-bin/|?) 0 0% 0
    refresh_pattern . 0 20% 4320


    My squidGuard.conf file:



    dbhome /var/lib/squidguard/db
    logdir /var/log/squidguard
    time workhours 
     weekly mtwhf 08:00 - 16:30
     date *-*-01 08:00 - 16:30

    src admin 
     ip 1.2.3.4 1.2.3.5
     user root foo bar
     within workhours


    src foo-clients 
     ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200


    src bar-clients 
     ip 172.16.4.0/26


    dest good 
    dest local 
    dest porn 
    dest gamble
     domainlist gamble/domains
     urllist gamble/urls


    acl 
     admin 
     pass any
     
     foo-clients within workhours 
     pass good !in-addr !porn any
     else 
     pass any
     
     bar-clients 
     pass local none
     
     default 
     pass !gamble any
     redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi? 
     clientaddr=%a&clientname=%n
     &clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u



    After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.



    Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.






    linux debian raspberry-pi squid







    share|improve this question









    New contributor




    Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
    Check out our Code of Conduct.






















      0












      0








      0








      I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denies the access to gamble websites.



      My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.



      Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).



      My squid.conf file:



      acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
      acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
      acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
      redirect_program /usr/bin/squidGuard
      acl SSL_ports port 443
      acl Safe_ports port 80 # http
      acl Safe_ports port 21 # ftp
      acl Safe_ports port 443 # https
      acl Safe_ports port 70 # gopher
      acl Safe_ports port 210 # wais
      acl Safe_ports port 1025-65535 # unregistered ports
      acl Safe_ports port 280 # http-mgmt
      acl Safe_ports port 488 # gss-http
      acl Safe_ports port 591 # filemaker
      acl Safe_ports port 777 # multiling http
      acl CONNECT method CONNECT
      http_access deny !Safe_ports
      http_access deny CONNECT !SSL_ports
      http_access allow localhost manager
      http_access deny manager
      http_access allow localnet
      http_access allow localhost
      http_access deny all
      http_port 3128
      cache_dir ufs /var/spool/squid 1000 16 256
      coredump_dir /var/spool/squid
      refresh_pattern ^ftp: 1440 20% 10080
      refresh_pattern ^gopher: 1440 0% 1440
      refresh_pattern -i (/cgi-bin/|?) 0 0% 0
      refresh_pattern . 0 20% 4320


      My squidGuard.conf file:



      dbhome /var/lib/squidguard/db
      logdir /var/log/squidguard
      time workhours 
       weekly mtwhf 08:00 - 16:30
       date *-*-01 08:00 - 16:30

      src admin 
       ip 1.2.3.4 1.2.3.5
       user root foo bar
       within workhours


      src foo-clients 
       ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200


      src bar-clients 
       ip 172.16.4.0/26


      dest good 
      dest local 
      dest porn 
      dest gamble
       domainlist gamble/domains
       urllist gamble/urls


      acl 
       admin 
       pass any
       
       foo-clients within workhours 
       pass good !in-addr !porn any
       else 
       pass any
       
       bar-clients 
       pass local none
       
       default 
       pass !gamble any
       redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi? 
       clientaddr=%a&clientname=%n
       &clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u



      After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.



      Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.






      linux debian raspberry-pi squid







      share|improve this question









      New contributor




      Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.












      I configured a raspberry as a little server. In particular I installed DHCP, squid proxy and squidGuard for log the network activity which pass through my raspberry. Actually i have a black list on squidGuard which denies the access to gamble websites.



      My current OS version: Linux raspberrypi 4.14.98-v7+ #1200 SMP Tue Feb 12 20:27:48 GMT 2019 armv7l GNU/Linux.



      Squid: Version 3.5.23, SquidGuard: 1.5 Berkeley DB 5.3.28: (September 9, 2013).



      My squid.conf file:



      acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
      acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
      acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
      redirect_program /usr/bin/squidGuard
      acl SSL_ports port 443
      acl Safe_ports port 80 # http
      acl Safe_ports port 21 # ftp
      acl Safe_ports port 443 # https
      acl Safe_ports port 70 # gopher
      acl Safe_ports port 210 # wais
      acl Safe_ports port 1025-65535 # unregistered ports
      acl Safe_ports port 280 # http-mgmt
      acl Safe_ports port 488 # gss-http
      acl Safe_ports port 591 # filemaker
      acl Safe_ports port 777 # multiling http
      acl CONNECT method CONNECT
      http_access deny !Safe_ports
      http_access deny CONNECT !SSL_ports
      http_access allow localhost manager
      http_access deny manager
      http_access allow localnet
      http_access allow localhost
      http_access deny all
      http_port 3128
      cache_dir ufs /var/spool/squid 1000 16 256
      coredump_dir /var/spool/squid
      refresh_pattern ^ftp: 1440 20% 10080
      refresh_pattern ^gopher: 1440 0% 1440
      refresh_pattern -i (/cgi-bin/|?) 0 0% 0
      refresh_pattern . 0 20% 4320


      My squidGuard.conf file:



      dbhome /var/lib/squidguard/db
      logdir /var/log/squidguard
      time workhours 
       weekly mtwhf 08:00 - 16:30
       date *-*-01 08:00 - 16:30

      src admin 
       ip 1.2.3.4 1.2.3.5
       user root foo bar
       within workhours


      src foo-clients 
       ip 172.16.2.32-172.16.2.100 172.16.2.100 172.16.2.200


      src bar-clients 
       ip 172.16.4.0/26


      dest good 
      dest local 
      dest porn 
      dest gamble
       domainlist gamble/domains
       urllist gamble/urls


      acl 
       admin 
       pass any
       
       foo-clients within workhours 
       pass good !in-addr !porn any
       else 
       pass any
       
       bar-clients 
       pass local none
       
       default 
       pass !gamble any
       redirect http://admin.foo.bar.de/cgi-bin/blocked.cgi? 
       clientaddr=%a&clientname=%n
       &clientuser=%i&clientgroup=%s&targetgroup=%t&url=%u



      After all of these infos, for example there is user A and user B, A can visit gamble websites whereas B not.



      Is there any way to achieve this result using squid/squidGuard? But i don't want that user A bypass the proxy, only allow him to surf on gamble websites.






      linux debian raspberry-pi squid




      linux debian raspberry-pi squid






      share|improve this question









      New contributor




      Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.











      share|improve this question









      New contributor




      Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      share|improve this question




      share|improve this question








      edited 2 days ago









      Rui F Ribeiro

      41.9k1483142




      41.9k1483142






      New contributor




      Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.









      asked 2 days ago









      Leonardo BassiLeonardo Bassi

      12




      12




      New contributor




      Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.





      New contributor





      Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.






      Leonardo Bassi is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
      Check out our Code of Conduct.




















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );






          Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f510441%2fis-it-possible-to-allow-specific-user-or-ip-to-bypass-squidguard%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.









          draft saved

          draft discarded


















          Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.












          Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.











          Leonardo Bassi is a new contributor. Be nice, and check out our Code of Conduct.














          Thanks for contributing an answer to Unix & Linux Stack Exchange!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f510441%2fis-it-possible-to-allow-specific-user-or-ip-to-bypass-squidguard%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          getting Checkpoint VPN SSL Network Extender working in the command lineHow to connect to CheckPoint VPN on Ubuntu 18.04LTS?Will the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayVPN SSL Network Extender in FirefoxLinux Checkpoint SNX tool configuration issuesCheck Point - Connect under Linux - snx + OTPSNX VPN Ububuntu 18.XXUsing Checkpoint VPN SSL Network Extender CLI with certificateVPN with network manager (nm-applet) is not workingWill the Linux ( red-hat ) Open VPNC Client connect to checkpoint or nortel VPN gateways?VPN client for linux machine + support checkpoint gatewayImport VPN config files to NetworkManager from command lineTrouble connecting to VPN using network-manager, while command line worksStart a VPN connection with PPTP protocol on command linestarting a docker service daemon breaks the vpn networkCan't connect to vpn with Network-managerVPN SSL Network Extender in FirefoxUsing Checkpoint VPN SSL Network Extender CLI with certificate

          Image
          If human space travel is limited by the G force vulnerability, is there a way to counter G forces? Did Shadowfax go to Valinor? Do I have a twin with permutated remainders? Blender 2.8 I can't see vertices, edges or faces in edit mode 1960's book about a plague that kills all white people How can I make my BBEG immortal short of making them a Lich or Vampire? Alternative to sending password over mail? Is it inappropriate for a student to attend their mentor's dissertation defense? Why is Collection not simply treated as Collection<?> Took a trip to a parallel universe, need help deciphering Assassin's bullet with mercury Why is it a bad idea to hire a hitman to eliminate most corrupt politicians? I Accidentally Deleted a Stock Terminal Theme Is there a hemisphere-neutral way of specifying a season? What about the virus in 12 Monkeys? Why can't we play rap on piano? Arrow those variables! Today is the Center Modeling an IP Ad...
          Read more

          Cannot Extend partition with GParted The 2019 Stack Overflow Developer Survey Results Are In Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election ResultsCan't increase partition size with GParted?GParted doesn't recognize the unallocated space after my current partitionWhat is the best way to add unallocated space located before to Ubuntu 12.04 partition with GParted live?I can't figure out how to extend my Arch home partition into free spaceGparted Linux Mint 18.1 issueTrying to extend but swap partition is showing as Unknown in Gparted, shows proper from fdiskRearrange partitions in gparted to extend a partitionUnable to extend partition even though unallocated space is next to it using GPartedAllocate free space to root partitiongparted: how to merge unallocated space with a partition

          Image
          Make it rain characters Keeping a retro style to sci-fi spaceships? How to split my screen on my Macbook Air? How can I define good in a religion that claims no moral authority? does high air pressure throw off wheel balance? Scientific Reports - Significant Figures Relations between two reciprocal partial derivatives? How to delete random line from file using Unix command? How did passengers keep warm on sail ships? How are presidential pardons supposed to be used? Are my PIs rude or am I just being too sensitive? He got a vote 80% that of Emmanuel Macron’s Change bounding box of math glyphs in LuaTeX Match Roman Numerals Was credit for the black hole image misattributed? How to pronounce 1ターン? how can a perfect fourth interval be considered either consonant or dissonant? Working through the single responsibility principle (SRP) in Python when calls are expensive High Q peak in frequency response means what in time domain? ...
          Read more

          Marilyn Monroe Ny fiainany manokana | Jereo koa | Meny fitetezanafanitarana azy.

          Image
          OlonaBiôgrafiaVangovangoMpilalaoMpilalao amin'ny horonantsaryMpamoaka horonantsaryTeraka tamin'ny taona 1926Maty tamin'ny taona 1962 EtazoniaLos Angeles fanitarana azy . Marilyn Monroe Avy amin'i Wikipedia Sauter à la navigation Sauter à la recherche Marilyn Monroe Ankapobeny Anarana Marilyn Monroe Teraka 1 Jiona 1926 Maty 5 Aogositra 1962 Fiaviana sy ny andraikitra Firenena Etazonia Asa : mpilalao mpilalao amin'ny horonantsary mpamoaka horonantsary Fiainana manokana Marilyn Monroe dia mpilalao, mpilalao amin'ny horonantsary, mpamoaka horonantsary mizaka ny zom-pirenen'i Etazonia teraka ny 1 Jiona 1926 tao Los Angeles ary maty ny 5 Aogositra 1962 Ny fiainany manokana | Ny vadiny dia James Dougherty, Joe DiMaggio, Arthur Miller. Jereo koa | Biôgrafia Rohy ivelany | Ao amin'i Freebase: [1] Mbola ambangovangony ity lahatsoratra ity ary tokony hofenoina . Azonao atao ny mandray anjara eto amin'ny Wikipedia amin...
          Read more