By Fahad Ahammed in ban domain access in squid proxy server

Blocking IP,Domain,Time to Access Websites in Squid Proxy Server !

We can control website or ip to access or accessed by squid proxy server . We can set timely access rule or some ip range to acccess the server or also can block some website or ip for a range of ip or for  some limited time .

block_ip_htaccess

#To block a particular Network:

acl my_net src 192.168.0.0/24 192.168.1.0/24
http_access allow my_net

#To block a particular ip:

acl bad_ip src 192.168.0.21
acl bad_ip src 192.168.0.22
http_access deny bad_ip

#To block a particular URL:

acl bad_site dst www.yahoo.com
http_access deny bad_site
#To block only one domain:
acl block_orkut dstdomain .orkut.com
http_access deny block_orkut

#To block a list of sites from / specified in a file:

acl block_list url_regex "/etc/squid/block_list.txt"
http_access deny block_list

#Blocking web access by time:

#acl aclname time [day-abbrevs] [h1:m1-h2:m2]
#h1:m1 must be less than h2:m2
#Day-abbrevs:
#S – Sunday,M – Monday,T – Tuesday,W – Wednesday,H – Thursday,F – Friday,A – Saturday
acl mynetwork src 192.168.0.0/255.255.255.0
acl Break time MTWHFA 02:32-03:00
http_access deny mynetwork Break

 

#To block the URLs contains the word “word”:

acl block_word_url url_regex sex
http_access deny block_word_url

#To prevent downloading files:

acl block_exe url_regex .*.exe$
http_access deny block_exe

#To block access to some TLDs:

acl block_tld dstdom_regex .uk$
http_access deny block_tld

 

—————————————————————————————————-
Now create block file and service restart

cat >/etc/squid/block_list.txt

 

www.hotmail.com
www.ibm.com
www.hp.com

[root@ubuntu Desktop]# /etc/init.d/squid3 restart
Stopping squid: [FAILED]
Starting squid: . [ OK ]
[root@ubuntu Desktop]# chkconfig squid3 on

#1: Create an acl for proxy clients.

acl accountant src 192.168.10.50/32

#2: Create an acl for facebook domain  (any required sites)

acl fb dstdomain .facebook.com

 

#3: Create an acl office time for Mon-Sat, 10:00 to 17:00 (24hrs)

acl officetime time MTWHFA 10:00-17:00

#4: Deny access to “http” facebook to accountant only in office times

http_reply_access deny  fb accountant officetime

#5: The below line will deny access to “https” secured facebook to the proxy user “accountant” in office times. Squid proxy will deny access to “https” facebook to accountant only in office times.

http_access deny CONNECT fb accountant officetime

[root@ubuntu ~#]service squid3 restart

Tips: The way to include multiple sites in one ACL
acl badsites dstdomain .facebook.com .twitter.com .blogger.co