Saturday, June 19, 2010

Block domains with SQUID

Squid is one of the most popular proxy servers for Linux out there, it offers loads of features making it an excellent choice for organizations wanting to implement traffic policies.
With squid you can block content based on different criterias, also you can cache web content - this is another huge advantage because it helps to minimize WAN traffic. Many ISP's implement this feature to save valuable B/W to abroad.

In this example I will show you one of the most basic features - how to block domains using squid, perhaps I'll add more in the future, so let's start:

The main squid config file is:/etc/squid/squid.conf
The file consists of access lists & rules, it's very well documented and even contains some good examples. Generally, when creating a rule in Squid we need to stick for the following 3 steps:

1 - First we need to make an ACL for the subnet / range we want to block the URL from.

2 - Then, make an ACL for the URLs we want to block.

3 - Finally, create an "http_access deny" rule using those two ACLs.


Let's say we want to deny facebook.com in our organization. The following configuration would deny anybody in the 192.168.0.0/24 subnet access to facebook.com
acl banned_clients src 192.168.0.0/255.255.255.0
acl blocked_url dstdomain .facebook.com
http_access deny banned_clients blocked_url

So when a user tries to access facebook.com from 192.168.0.0/24 range he will get:

No comments: