Assume you already have a working squid installation.
Requirements:
Some websites will only be blocked during office hours (8am to 12pm and 1:30pm to 6pm).
Websites will be only blocked for specific IPs.
Deny websites using keywords.
Edit /etc/squid/squid.conf
# vi /etc/squid/squid.conf
Find the line "INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS" and add the following:
acl morning_hours time M T W H F 8:00-12:00
acl evening_hours time M T W H F 13:30-18:00
acl deniedDomains url_regex src "/etc/squid/deniedDomains"
acl blacklistIP src "/etc/squid/blacklistIP"
http_access deny deniedDomains morning_hours blacklistIP
http_access deny deniedDomains evening_hours blacklistIP
acl myNetwork src "/etc/squid/acl"
http_access allow myNetwork
Create the list of domain name separated by line to be blocked:
# vi /etc/squid/deniedDomains
friendster
metacafe
myspace
videos.google
youtube
chatenabled.mail.google.com
Create the list of users IP who's having rescticted access:
# vi /etc/squid/blacklistIP
192.168.0.254
192.168.1.221
192.168.1.236
172.16.70.0/24
Create the list of IP who can access your squid proxy:
# vi /etc/squid/acl
192.168.1.0/24
172.16.70.0/24
213.44.2.126
Restart squid:
# /etc/init.d/squid reload
Facebook
Posts
9 comments:
Iam trying to apply squid policy where few sites are allowed to open during few hours of working time.
acl morning_hours time S M T W H F S 12:45-14:15
acl evening_hours time S M T W H F S 18:00-22:00
acl deniedDomains url_regex src "/etc/squid/blocksite.acl
http_access deny deniedDomains morning_hours
http_access deny deniedDomains evening_hours
but this not working
I applied this setting, it works well
acl morning_hours time SMTWHFA 09:45-12:45
acl afternoon_hours time SMTWHFA 14:15-18:15
acl blocksite url_regex "/etc/squid/blocksite.acl"
http_access deny morning_hours blocksite
http_access deny afternoon_hours blocksite
some users need full access of internet, but some users need to block some websites using squid
i need to know that what is the process of blocking a website using squid server "
why my squid is not allowing any sites apart from google.com
This is so essential post. This information helps them who are new bloggers. Thanks for helpful post for us.
access Bee MP3 in UK
Your this work is looking awesome thanks for doing this.
Expatriate, Expatriate, Expatriate, Expatriate, Expatriate, Expatriate.
Thank you for posting this, and you can back this configuration up by blocking access to video domains with this blacklist. http://www.squidblacklist.org/downloads/squidblacklists/squid-video.tar.gz
result of "sudo squid3 -k parse" shown below. time based access not at all working tried different methods but no result plz help me...
acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl CONNECT method CONNECT
acl office src 192.168.2.0/24
http_access allow office
acl non_working_hours time MTWHF 09:00-10:30
acl deniedDomains url_regex src "/etc/squid3/deniedDomains"
acl blacklistIP src "/etc/squid3/blacklistIP"
http_access allow deniedDomains non_working_hours blacklistIP
http_access deny deniedDomains non_working_hours
logfile_rotate 9
dns_nameservers 127.0.0.1 208.67.222.222 208.67.220.220 8.8.8.8 8.8.4.4
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localhost
http_access deny all
http_port 3128
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
2016/06/17 17:11:00| Processing: refresh_pattern . 0 20% 4320
Post a Comment