Configure Squid to block HTTP request to specific web sites.

 

Step by step configure SQUID proxy to block HTTP request to specific web pages or web site.

 

This article show step to configure Squid proxy server to block client from accessing specific web address (to block URL address).  Open and edit the configuration file of Squid proxy server that usually located under /etc/squid/squid.conf..

 

1.  Find and edit ACCESS CONTROL part and put in the ( acl bad_url dstdomain "/etc/squid/bad-sites.squid" ) as shown in example below.

 

# ACCESS CONTROLS

# ---------------------------

----------- **** +++++

#Examples:

#acl macaddress arp 09:00:2b:23:45:67

#acl myexample dst_as 1241

#acl password proxy_auth REQUIRED

#acl fileupload req_mime_type -i ^multipart/form-data$

#acl javascript rep_mime_type -i ^application/x-javascript$

#

#Recommended minimum configuration:

acl all src 0.0.0.0/0.0.0.0

acl manager proto cache_object

acl localhost src 127.0.0.1/255.255.255.255

acl to_localhost dst 127.0.0.0/8

acl SSL_ports port 443 2083 563

acl Safe_ports port 80 # http

acl Safe_ports port 21 # ftp

acl Safe_ports port 443 2083 563 # https, snews

acl Safe_ports port 70 # gopher

acl Safe_ports port 210 # wais

acl Safe_ports port 1025-65535 # unregistered ports

acl Safe_ports port 280 # http-mgmt

acl Safe_ports port 488 # gss-http

acl Safe_ports port 591 # filemaker

acl Safe_ports port 777 # multiling http

acl CONNECT method CONNECT

acl FTP proto FTP

acl bad_url dstdomain "/etc/squid/bad-sites.squid"

 

2.  Then put the (http_access deny bad_url) on http_access part.

 

# TAG: http_access

# Allowing or Denying access based on defined access lists

#

# Access to the HTTP port:

# http_access allow|deny [!]aclname ...

#

# NOTE on default values:

#

# If there are no "access" lines present, the default is to deny

# the request.

#

# If none of the "access" lines cause a match, the default is the

# opposite of the last line in the list. If the last line was

# deny, the default is allow. Conversely, if the last line

# is allow, the default will be deny. For these reasons, it is a

# good idea to have an "deny all" or "allow all" entry at the end

# of your access lists to avoid potential confusion.

#

#Default:

# http_access deny all

#

#Recommended minimum configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

http_access deny manager

http_access deny bad_url

 

3.  Then save and exit the Squid configuration file.

 

4.  Create file new file called bad-sites.squid and then enter sites URI that clients not suppose to access, save and exit the file:.

 

[root@cempakasari ~]# cat /etc/squid/bad-sites.squid

...

.fanfiction.net

.meebo.com

.playboy.com

.myspace.com

[root@cempakasari ~]#

 

5.  Restart or reload the Squid proxy server to make sure the new configuration apply.

 

RESTART:

[root@linux fedora]# /sbin/service squid stop

[root@linux fedora]# /sbin/service squid start

 

RELOAD:

[root@linux fedora]# /sbin/service squid reload

 

6.  Then point the browser URL adrress to the site that you put in the bad site list to verify the changes that you made, if nothing goes wrong you should see the ERROR page that say "The requested URL could not be retrieved".

 

Keywords: squid block address, block url, block uri, squid block url, squid block uri, block web, block web page, web, squid configure, squid fedora, squid server, block web address.

 

Tags:

10 comments

27
Jul

Block URL

Submitted by Festus Kitui (not verified) on Wed, 07/27/2011 - 07:53.

Tried the instructions and they worked perfectly. Only that if you have many sites, 1000s then the task is too much.

ciao

16
Apr

block url

Submitted by rodel sumaya (not verified) on Mon, 04/16/2012 - 05:56.

sir may i know what is the command when saving an added block site?

10
Aug

I had to place th

Submitted by Binary Snake (not verified) on Wed, 08/10/2011 - 22:35.

I had to place th "http_access deny bad_url" at the top of the rules list to make it work with Squid3, thanks a lot.

5
Nov

+1

Submitted by lx_usr (not verified) on Mon, 11/05/2012 - 21:21.

+1

7
Sep

new to Linux

Submitted by yvon (not verified) on Wed, 09/07/2011 - 22:48.

new to Linux

3
Oct

Unable to block miniclip.com

Submitted by Ambicapathy (not verified) on Mon, 10/03/2011 - 15:06.

Hi I am trying to block miniclip.com website using the above mentioned technique but it is not working. Still I am able to access miniclip.com in my computer through proxy.But meebo.com is blocked.

Can you please help me with this.

13
Oct

about https://facebook.com ?

Submitted by rene (not verified) on Thu, 10/13/2011 - 16:44.

about https://facebook.com ? https skip the bad_url file.

9
Nov

#acl name dstdom_regex

Submitted by filippo (not verified) on Wed, 11/09/2011 - 16:33.

#acl name dstdom_regex pattern
acl facefail dstdom_regex facebook
http_access deny facefail

it works with my SQUID 2.6.STABLE18 on Ubuntu 8.04.4 LTS

14
Dec

time base squid config

Submitted by knev (not verified) on Fri, 12/14/2012 - 12:08.

how to make the url will be accessable for a particular time, please share the squid config.

21
Nov

linux

Submitted by mohan singh (not verified) on Thu, 11/21/2013 - 08:24.

how to block a particular url on particular ip in squid centos 6

aaaaaaaaaaa