How can I block by IP Address or IP address block?

[Roland Rose]

Can blocking by IP address be done?

 

Thank you,

[Rafael]

Yes, open Policy / Rules / Domains and Urls and add URL regex of http://\d+.\d+.\d+.\d+/.*

[Roland Rose]

Thank you Rafael

 

I did  it through SSH only because during the original setup the web management interface was wide open without username or password. I guess I can setup something such as .htaccess. Is that what people do?

 

Also, why websites are not blocked by IP? For intance, I block www.iheart.com, but if you use the ip address 69.5.89.13 you can cirvunvent the blocking. Any ideas

[Rafael]

Hello Rose,

 

I did  it through SSH only because during the original setup the web management interface was wide open without username or password. I guess I can setup something such as .htaccess. Is that what people do?

The default login/password can be changed from within the Web UI itself (see the hint below the login box). Using .htaccess you may limit access to the IP or your workstation only. The process is described in Apache documentation. Please have in mind if you are managing the /etc/opt/quintolabs/qlproxy/*.conf files manually then they will get overwritten when by any Web UI Save/Restart operation.
 

Also, why websites are not blocked by IP? For intance, I block www.iheart.com, but if you use the ip address 69.5.89.13 you can cirvunvent the blocking.

As qlproxy acts as ICAP server for Squid, then Squid passes all  *contents* of request/response to qlproxy stripping the IP connection information. So the recommended approach is either to block access to specific IPs on your firewall (not good  know) or just prohibit browsing with IP addresses instead of domain names in each policy. Then any GET url/blah/blah will be blocked completely.

BTW shall I add iheart.com to radio, music category so that you block the whole Radio/Music category? It is much easier that manually adding all radio stations...

Best regards,
Raf

[Roland Rose]

Excellent responses. Thank you Rafael,

 

I am afraid of blocking by IP addresses because it makes use of regex and the configuration file alerts about regex slowing down the proxy experience for the users.

 

Here are some radio sites that you might want to consider adding to the list:. I gues if I add them to my list they will get overwritten when the cron job downloads the most updated ones.; am I right?

 

http://www.classicrock945.com/

http://www.ktu.com

http://iheart.com

 

 

On Tuesday, January 7, 2014 12:03:57 PM UTC-5, Roland Rose wrote:

[Rafael]

That is correct, I will add these site and tomorrow update with contain them all :)

Best regards,
Raf

BTW. Well on Raspberry PI regexes may slow it down but on Intel Xeon you will not even notice a hundred of them I guess. I have a couple on for Atom home deployment with approx 10 devices and two active policies and do not see the difference.

[Roland Rose]

Thank you.

 

I would like to contribute to providing any sites I found that is not included in the broad categories. How can do that? Or maybe those lists are maintined differently?

On Tuesday, January 7, 2014 12:03:57 PM UTC-5, Roland Rose wrote:

[Rafael]

Unfortunately the list of categories is fixed and we cannot change that. The next version of qlproxy will have the ability to add your own custom category where you will be able to put any sites and just with single click block these sites in all categories.

for a contribution consider purchasing a home a business license (just 1 euro per month) that will ensure continuation of our activities.
We are planning to have the community manageable category list in future but for now it is out of our capacity.
 
Thank you :)

[Rafael]

Sorry error - please read "block these sites in all categories" as "block these sites in all policies".

[Roland Rose]

Thank you Rafael. I will present a case to managment to buy a business license.

On Tuesday, January 7, 2014 12:03:57 PM UTC-5, Roland Rose wrote: