need squid help
Madan Thapa
madan.feedback at gmail.com
Mon Mar 31 06:55:54 UTC 2008
On Mon, Mar 31, 2008 at 12:09 PM, Anil Saini <anil.pilani at gmail.com> wrote:
> how can i block port 443 for all sites except gmail and gtalk
> i tried
> acl https url_regex -i www.gmail.com
> https_access https allow
> https_access deny all
>
> but it is not working
> is it correct....
>
=======>
You can do it with IPtables:
Testing
###############
[root@~]# telnet hotmail.com 443
Trying 64.4.32.7...
Connected to hotmail.com (64.4.32.7).
Escape character is '^]'.
quit
[root@ ~]# iptables -I OUTPUT -d hotmail.com -p tcp --dport 443 -j DROP
[root@ ~]# telnet hotmail.com 443
Trying 64.4.32.7...
[root@ ~]# telnet gmail.com 443
Trying 64.233.161.83...
Connected to gmail.com (64.233.161.83).
Escape character is '^]'.
quit
Connection closed by foreign host.
[root@ ~]#
So , in your case the following rules should work:
### First allow ###
/sbin/iptables -I OUTPUT -d gmail.com -p tcp --dport 443 -j ACCEPT
/sbin/iptables -I OUTPUT -d <GTALK IP > -p tcp --dport 443 -j ACCEPT
### Then Deny ###
/sbin/iptables -I OUTPUT -p tcp --dport 443 -j DROP
More information about the redhat-list
mailing list