/ / / How to restrict website in Squid Proxy

How to restrict website in Squid Proxy

- , Edit

In this tutorial i am going to block and allow website for all user.

Before get started the practical you should know the ACL type
  •     src : source (client) IP addresses
  •     dst : destination (server) IP addresses
  •     myip: the local IP address of a client’s connection
  •     arp : Ethernet (MAC) address matching
  •     srcdomain: source (client) domain name
  •     dstdomain: destination (server) domain name
  •     time: time of day, and day of week
  •     url_regex: URL regular expression pattern matching
  •     urlpath_regex: URL-path regular expression pattern matching, leaves out the protocol and               hostname
  •     port  : destination (server) port number
  •     myport: local port number that client connected to
  •     proto : transfer protocol (http, ftp, etc)
  •     method: HTTP request method (get, post, etc)
  •     browser: regular expression pattern matching on the request user-agent header
  •     proxy_auth: user authentication via external processes
  •     maxconn: a limit on the maximum number of connections from a single client IP address
  •     max_user_ip: a limit on the maximum number of IP addresses one user can login from

Firstly create a ACL rule for blocking the website.
Squid ACL Syntax
acl <aclname> <type> <value>

Here i will take dstdomain acl type because i am going to block a domain.
Write below parameter in squid configuration file.
# vim /etc/squid/squid.conf

#acl Example
acl blocksites dstdomain .amazon.in
acl allowsites dstdomain .justdial.com

#Rule to apply
http_access  allow allowsites
http_access  deny blocksites

Brefore reloading the squid service make sure you comment below line

#acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
#acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
#http_access allow localnet
















Reload Squid service
# service squid reload

Note: Squid Implementation rules read from above, so write the rule in conf file accordingly as i mentioned. Firstly allowsites than denysites.

Now test website
# tail -f /var/log/squid/access.log
1486249774.702  84793 192.168.0.5 TCP_MISS/200 77489 CONNECT www.justdial.com:443 - DIRECT/122.252.142.91 

# tail -f /var/log/squid/access.log
1486249536.254      0 192.168.0.5 TCP_DENIED/403 4303 GET http://www.amazon.in/ - NONE/- text/html




Share on Google Plus

About Penguin Technology

I am a passionate cloud and DevOps professional specializing in Linux and open-source solutions. Through this blog, I share my knowledge and experience with the community, offering tips and insights on cloud technologies and DevOps practices.
    Blogger Comment

1 comments:

  1. Data Recovery Software22 June 2019 at 12:45

    I gathered as much knowledge regarding to the Linux, web sever and database server from your site.Keep on updating with more interesting topic.
    Moreover to recover the lost file from Linux Click on:
    android data recovery review
    launch android data recovery
    backup and restore android apps and data
    android backup app data
    recover lost files
    diskdigger pro file recovery

    ReplyDelete

Subscribe to: Post Comments ( Atom )