1 2 Previous Next 10 Replies Latest reply on Jul 24, 2012 4:51 PM by rcamm

    SG580 - blocking web sites

      Hi

       

      I've got the web cache enabled, now I'd like to manually block some sites.

       

      However, even though I've followed the instructions in the admin guide ie I added some sites to the URL block list, the 580 doesn't actually block them.

       

      I don't have the web filter service, does that matter?

       

      From the Admin guide:

       

      Blocking a URL

       

      1. From the Firewall menu, click Access control > Web Lists tab > URL Block tab. The URL Block Listpage appears (Figure 214).Figure 214 URL Block
      2. Enter the URL or fragment in the New Web URL field.
      3. Click Add. The URL is added to the Web URL list of blocked URLs. Repeat as necessary.
        • 1. Re: SG580 - blocking web sites

          You will need to set the client browser to use the web filter as a proxy on tcp port 81

          • 2. Re: SG580 - blocking web sites

            Hi, thanks for the answer, so not on port 3128 like it says in the guide?

            • 3. Re: SG580 - blocking web sites

              There are two proxyies on the 580....squid for web caching on tcp 3128, and the access control proxy on tcp 81

               

              You are using the access control proxy..hence tcp 81

              • 4. Re: SG580 - blocking web sites

                OK, shame though, I was hoping that since the SG uses Squid that some of that functionality would be useable

                • 5. Re: SG580 - blocking web sites

                  Squid is fully functional on the SG580, but not at this level via the GUI.

                   

                  The squid.conf file can be fully edited.

                   

                  While squid is fully supported, due to the embedded platform, any squid functionality that requires on external plugins is not supported.

                   

                  The GUI section you refer to in your intial posts is for the access control proxy only, on tcp 81.

                   

                  Hope that clarifies any confusion.

                  • 6. Re: SG580 - blocking web sites

                    interesting, I'll take a look.

                     

                    I'm looking to replace my current squid desktop install. I use NCSA authentication so I can tell who is doing what, and then call text files that contains lists of blocked sites, not that many, maybe a couple hundred.

                     

                    Presumably I can modify squid.conf to point as its next hop to the web filter on port 81, and do some basic access control like that, but I'd rather use Squid.

                     

                    Is there a way to create a suitable file?

                    • 7. Re: SG580 - blocking web sites

                      KB article KB62259 discuss how to set up access controls as an upstream proxy to squid.

                       

                      Under System -> Advanced -> Configuration Files you can create new files, or via the command line in /etc/config using vi

                      • 8. Re: SG580 - blocking web sites

                        Hmmm OK, I thought this would be easier than its turning out...

                         

                        I took my blocklist, and uploaded it as "blocklist"

                         

                        Then I added two lines to squid.conf:

                         

                        acl BadSites dstdomain "/etc/config/blocklist"

                        http_access deny BadSites

                         

                        but the SG580 really doesn't like this (major barf below)

                         

                        Any ideas? Funny thing is that even when I remove those two lines and reselect webcache, it still barfs.

                         

                         

                        Jul 22 18:34:50 kernel: cgix[29999] killed because of sig - 11
                        Jul 22 18:34:50 kernel: STACK DUMP:
                        Jul 22 18:34:50 kernel: 0xbe861780: 001cbf70 00000000 000e365c 001d6510 00019fdc 001cbf82 00000000
                        Jul 22 18:34:50 kernel: 0xbe86179c: 00000000 00000008 be86188c 00099478 00000000 00000000 00000000
                        Jul 22 18:34:50 kernel: 0xbe8617b8: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
                        Jul 22 18:34:50 kernel: 0xbe8617d4: 00000000 00000000 00000000 00000000 00000000 00000000 00000000
                        Jul 22 18:34:50 kernel: 0xbe8617f0: 00000000 00160381 000000b3 000c6398 be861888 001cbf81 000a2720
                        Jul 22 18:34:50 kernel: 0xbe86180c: 000a2730 000a2788 00000000 fffffffe 00160381 00160434 00160385
                        Jul 22 18:34:50 kernel: 0xbe861828: 00160381 00160381 00160434 00000000 00000000 00000000 00000000
                        Jul 22 18:34:50 kernel: 0xbe861844: 00000000 00000001 00000000 00000000 00000000 00000001 00000000
                        Jul 22 18:34:50 kernel: 0xbe861860: 00000000 00160334 00099478 be86195a 00161008 00000001 00000001
                        Jul 22 18:34:50 kernel: 0xbe86187c: 00160334 00099478 402c231c 402c231c be86195a 00161008 00000001
                        Jul 22 18:34:50 kernel: 
                        Jul 22 18:34:50 kernel: Pid: 29999, comm:                 cgix
                        Jul 22 18:34:50 kernel: CPU: 0    Tainted: P           (2.6.26-uc0 #1)
                        Jul 22 18:34:50 kernel: pc : [<402962b4>]    lr : [<00019c08>]    psr: a0000010
                        Jul 22 18:34:50 kernel: sp : be861780  ip : 0015d24c
                        Jul 22 18:34:50 kernel:   fp : 0000eb68

                        Jul 22 18:34:50 kernel: r10: 001cbf70  r9 : 000e367d  r8 : 001cbf78
                        Jul 22 18:34:50 kernel: r7 : 00000010  r6 : 001cbf78  r5 : be861808  r4 : 00000018
                        Jul 22 18:34:50 kernel: r3 : 0000002f  r2 : 00000063  r1 : fffffffe  r0 : 001cbf79
                        Jul 22 18:34:50 kernel: Flags: NzCv  IRQs on  FIQs on  Mode USER_32  ISA ARM  Segment user
                        Jul 22 18:34:50 kernel: Control: 000039ff  Table: 028b4000  DAC: 00000015
                        Jul 22 18:34:50 kernel: Function entered at [<c0020a50>] from [<c00799fc>]
                        Jul 22 18:34:50 kernel:  r4:c294cd7f
                        Jul 22 18:34:50 kernel: Function entered at [<c0079878>] from [<c003f4d0>]
                        Jul 22 18:34:50 kernel: Function entered at [<c003f208>] from [<c0021f80>]
                        Jul 22 18:34:50 kernel: Function entered at [<c0021f28>] from [<c002243c>]
                        Jul 22 18:34:50 kernel: Function entered at [<c0022410>] from [<c001fa8c>]
                        Jul 22 18:34:50 kernel: 00008000-0014a000 r-xp 00000000 1f:02 1255343 /home/httpd/cgi-bin/cgix
                        Jul 22 18:34:50 kernel: 00151000-00160000 rw-p 00141000 1f:02 1255343 /home/httpd/cgi-bin/cgix
                        Jul 22 18:34:50 kernel: 00160000-00205000 rwxp 00160000 1f:02 1255343 
                        Jul 22 18:34:50 kernel: 40000000-40005000 r-xp 00000000 1f:02 1255738 /lib/ld-uClibc-0.9.29.so
                        Jul 22 18:34:50 kernel: 40005000-40007000 rw-p 40005000 1f:02 1255738 
                        Jul 22 18:34:50 kernel: 4000c000-4000d000 r--p 00004000 1f:02 1255738 /lib/ld-uClibc-0.9.29.so
                        Jul 22 18:34:50 kernel: 4000d000-4000e000 rw-p 00005
                        Jul 22 18:34:50 kernel: 000 1f:02 1255738 /lib/ld-uClibc-0.9.29.so

                        Jul 22 18:34:50 kernel: 4000e000-4002b000 r-xp 00000000 1f:02 1256056 /lib/libnl.so.1
                        Jul 22 18:34:50 kernel: 4002b000-40032000 ---p 4002b000 1f:02 1256056 
                        Jul 22 18:34:50 kernel: 40032000-40034000 rw-p 0001c000 1f:02 1256056 /lib/libnl.so.1
                        Jul 22 18:34:50 kernel: 40034000-40037000 r-xp 00000000 1f:02 1256220 /lib/libstatsd.so
                        Jul 22 18:34:50 kernel: 40037000-4003f000 ---p 40037000 1f:02 1256220 
                        Jul 22 18:34:50 kernel: 4003f000-40040000 rw-p 00003000 1f:02 1256220 /lib/libstatsd.so
                        Jul 22 18:34:50 kernel: 40040000-400c0000 r-xp 00000000 1f:02 1255812 /lib/libconfig.so
                        Jul 22 18:34:50 kernel: 400c0000-400c7000 ---p 400c0000 1f:02 1255812 
                        Jul 22 18:34:50 kernel: 400c7000-400cb000 rw-p 0007f000 1f:02 1255812 /lib/libconfig.so
                        Jul 22 18:34:50 kernel: 400cb000-400eb000 r-xp 00000000 1f:02 1256226 /lib/libtcl.so
                        Jul 22 18:34:50 kernel: 400eb000-400ec000 rw-p 00020000 1f:02 1256226 /lib/libtcl.so
                        Jul 22 18:34:50 kernel: 400ec000-400ed000 rw-p 400ec000 1f:02 1256226 
                        Jul 22 18:34:50 kernel: 400ed000-40104000 r-xp 00000000 1f:02 1256196 /lib/libsnapgear.so
                        Jul 22 18:34:50 kernel: 40104000-4010c000 ---p 40104000 1f:02 1256196 
                        Jul 22 18:34:50 kernel: 4010c000-4010d000 rw-p 00017000 1f:02 1256196 /lib/libsnapgear.so
                        Jul 22 18:34:50 kernel: 4010d000-40110000 r-xp 00000000 1f:02 1255827 /lib/libcrypt-0.9
                        Jul 22 18:34:50 kernel: .29.so

                        Jul 22 18:34:50 kernel: 40110000-40117000 ---p 40110000 1f:02 1255827 
                        Jul 22 18:34:50 kernel: 40117000-40118000 r--p 00002000 1f:02 1255827 /lib/libcrypt-0.9.29.so
                        Jul 22 18:34:50 kernel: 40118000-40119000 rw-p 00003000 1f:02 1255827 /lib/libcrypt-0.9.29.so
                        Jul 22 18:34:50 kernel: 40119000-4011c000 rw-p 40119000 1f:02 1255827 
                        Jul 22 18:34:50 kernel: 4011c000-4011e000 r-xp 00000000 1f:02 1255866 /lib/libdl-0.9.29.so
                        Jul 22 18:34:50 kernel: 4011e000-40125000 ---p 4011e000 1f:02 1255866 
                        Jul 22 18:34:50 kernel: 40125000-40126000 r--p 00001000 1f:02 1255866 /lib/libdl-0.9.29.so
                        Jul 22 18:34:50 kernel: 40126000-40127000 rw-p 00002000 1f:02 1255866 /lib/libdl-0.9.29.so
                        Jul 22 18:34:50 kernel: 40127000-40128000 r-xp 00000000 1f:02 1256260 /lib/libutil-0.9.29.so
                        Jul 22 18:34:50 kernel: 40128000-4012f000 ---p 40128000 1f:02 1256260 
                        Jul 22 18:34:50 kernel: 4012f000-40130000 r--p 00000000 1f:02 1256260 /lib/libutil-0.9.29.so
                        Jul 22 18:34:50 kernel: 40130000-40131000 rw-p 00001000 1f:02 1256260 /lib/libutil-0.9.29.so
                        Jul 22 18:34:50 kernel: 40131000-40132000 r-xp 00000000 1f:02 1256185 /lib/librt-0.9.29.so
                        Jul 22 18:34:50 kernel: 40132000-40139000 ---p 40132000 1f:02 1256185 
                        Jul 22 18:34:50 kernel: 40139000-4013a000 r--p 00000000 1f:02 1256185 /lib/librt-0.9.29.so
                        Jul 22 18:34:50 kernel: 4013a000-4013b000 rw-p 00001000 1f:02 1256185 /lib/
                        Jul 22 18:34:50 kernel: librt-0.9.29.so

                        Jul 22 18:34:50 kernel: 4013b000-40170000 r-xp 00000000 1f:02 1256210 /lib/libssl.so.0.9.8
                        Jul 22 18:34:50 kernel: 40170000-40178000 ---p 40170000 1f:02 1256210 
                        Jul 22 18:34:50 kernel: 40178000-4017a000 rw-p 00035000 1f:02 1256210 /lib/libssl.so.0.9.8
                        Jul 22 18:34:50 kernel: 4017a000-40253000 r-xp 00000000 1f:02 1255845 /lib/libcrypto.so.0.9.8
                        Jul 22 18:34:50 kernel: 40253000-4025b000 ---p 40253000 1f:02 1255845 
                        Jul 22 18:34:50 kernel: 4025b000-4026b000 rw-p 000d9000 1f:02 1255845 /lib/libcrypto.so.0.9.8
                        Jul 22 18:34:50 kernel: 4026b000-4026d000 rw-p 4026b000 1f:02 1255845 
                        Jul 22 18:34:50 kernel: 4026d000-402ba000 r-xp 00000000 1f:02 1256241 /lib/libuClibc-0.9.29.so
                        Jul 22 18:34:50 kernel: 402ba000-402c1000 ---p 402ba000 1f:02 1256241 
                        Jul 22 18:34:50 kernel: 402c1000-402c2000 r--p 0004c000 1f:02 1256241 /lib/libuClibc-0.9.29.so
                        Jul 22 18:34:50 kernel: 402c2000-402c3000 rw-p 0004d000 1f:02 1256241 /lib/libuClibc-0.9.29.so
                        Jul 22 18:34:50 kernel: 402c3000-402c6000 rw-p 402c3000 1f:02 1256241 
                        Jul 22 18:34:50 kernel: 402c6000-402d7000 r-xp 00000000 1f:02 1255912 /lib/libm-0.9.29.so
                        Jul 22 18:34:50 kernel: 402d7000-402de000 ---p 402d7000 1f:02 1255912 
                        Jul 22 18:34:50 kernel: 402de000-402df000 r--p 00010000 1f:02 1255912 /lib/libm-0.9.29.so
                        Jul 22 18:34:50 kernel: 402df000-402e0000 rw-p 00011000 1f:02 1255912 /lib/libm-0.
                        Jul 22 18:34:50 kernel: 9.29.so

                        Jul 22 18:34:50 kernel: 402e0000-402e1000 r-xp 00000000 1f:02 1930009 /lib/tcl/cgi.so
                        Jul 22 18:34:50 kernel: 402e1000-402e8000 ---p 402e1000 1f:02 1930009 
                        Jul 22 18:34:50 kernel: 402e8000-402e9000 rw-p 00000000 1f:02 1930009 /lib/tcl/cgi.so
                        Jul 22 18:34:50 kernel: 402e9000-402ea000 r-xp 00000000 1f:02 1930015 /lib/tcl/ledman.so
                        Jul 22 18:34:50 kernel: 402ea000-402f2000 ---p 402ea000 1f:02 1930015 
                        Jul 22 18:34:50 kernel: 402f2000-402f3000 rw-p 00001000 1f:02 1930015 /lib/tcl/ledman.so
                        Jul 22 18:34:50 kernel: 402f3000-40301000 r-xp 00000000 1f:02 1930021 /lib/tcl/metash.so
                        Jul 22 18:34:50 kernel: 40301000-40309000 ---p 40301000 1f:02 1930021 
                        Jul 22 18:34:50 kernel: 40309000-4030a000 rw-p 0000e000 1f:02 1930021 /lib/tcl/metash.so
                        Jul 22 18:34:50 kernel: 4030a000-4030c000 r-xp 00000000 1f:02 1930027 /lib/tcl/syslog.so
                        Jul 22 18:34:50 kernel: 4030c000-40313000 ---p 4030c000 1f:02 1930027 
                        Jul 22 18:34:50 kernel: 40313000-40314000 rw-p 00001000 1f:02 1930027 /lib/tcl/syslog.so
                        Jul 22 18:34:50 kernel: be85d000-be862000 rwxp beffb000 1f:02 1930027

                        • 9. Re: SG580 - blocking web sites

                          Thought I'd try turning on "Extra diagnostic output", which was quite the mistake... pretty much destroyed the logging on the syslog server! Got a bazillion of these

                           

                          Jul 22 22:13:21 statsd[29545]: Starting statsd daemon...
                          Jul 22 22:13:21 statsd[29545]: Failed to open pid file '/var/run/statsd.pid' for writing: Permission denied
                          Jul 22 22:13:21 statsd[29545]: Failed to obtain lock on file '/var/run/statsd.pid' 
                          Jul 22 22:13:21 statsd[29546]: Starting statsd daemon...
                          Jul 22 22:13:21 statsd[29546]: Failed to open pid file '/var/run/statsd.pid' for writing: Permission denied
                          Jul 22 22:13:21 statsd[29546]: Failed to obtain lock on file '/var/run/statsd.pid' 
                          Jul 22 22:13:21 statsd[29547]: Starting statsd daemon...
                          Jul 22 22:13:21 statsd[29547]: Failed to open pid file '/var/run/statsd.pid' for writing: Permission denied
                          Jul 22 22:13:21 statsd[29547]: Failed to obtain lock on file '/var/run/statsd.pid' 
                          Jul 22 22:13:22 statsd[29566]: Starting statsd daemon...
                          Jul 22 22:13:22 statsd[29566]: Failed to open pid file '/var/run/statsd.pid' for writing: Permission denied
                          Jul 22 22:13:22 statsd[29566]: Failed to obtain lock on file '/var/run/statsd.pid'

                           

                          PS Was in BrizVegas only last week :-)

                          1 2 Previous Next