Hi,
I'm not actually a squid expert... though I'd love to.
As far as I know, you should use this kind of syntax:
Code:
acl badURL url_regex -i sex
http_access deny badUrl
http_access allow myNet
http_access deny all
In this code above, I deny all urls containing the word "sex". Obviously, the only way you can deny access to porn sites is parsing the words and this means that something might pass through; safe 99% anyway, I believe.
Reguarding the second question, there are more then one way for not allowing http traffic.
The easiest way is:
assuming your clients cannot change their ip addresses, you can use iptables to filter.
example:
Code:
iptables -I FORWARD -s 192.168.0.5 --dport 80 -j DROP
this line denies http traffir from host 192.168.0.5.
Or, using squid:
Code:
acl theweb proto HTTP
acl thebadip src 192.168.0.5
http_access deny theweb
http_access allow all
In both solutions, you must be sure that the bad client won't be able to change it's own ip.
If you really are an evil one, you can try this with iptables:
Code:
iptables -A INPUT -m mac --mac uu:vv:ww:xx:yy:zz --dport 80 -j DROP
Well, I hope i didn't type any mistake as usual.
Good Luck!