Using Squid to restrict access to sites

asliyanage · 07-26-2009, 10:26 PM

canc we use squid in our personall computer ?

win32sux · 07-26-2009, 10:34 PM

Quote:

Originally Posted by asliyanage

canc we use squid in our personall computer ?

Yes, definitely. BTW, why have you posted your question in the Security forum? Are you trying to use Squid for security-related matters on your PC or something like that? Please elaborate.

asliyanage · 07-26-2009, 10:46 PM

no , i just heard that squid can restrict some site to visit.so i think it is relavant to security forum.

win32sux · 07-26-2009, 10:49 PM

Quote:

Originally Posted by asliyanage

no , i just heard that squid can restrict some site to visit.so i think it is relavant to security forum.

Sure, that would be a context suitable for this forum. Your question, however, is whether or not one can use Squid on a PC. That is not in itself a security issue. Therefore, unless you would like to follow-up with some Squid questions relevant to access restrictions or similar, I'll go ahead and move this to the Software forum for more adequate exposure.

asliyanage · 07-26-2009, 10:54 PM

no, i need to know how to use squid to restrict some sites.
can anyone give me any link for tutorials or any reference.

win32sux · 07-26-2009, 11:12 PM

Quote:

Originally Posted by asliyanage

no, i need to know how to use squid to restrict some sites.
can anyone give me any link for tutorials or any reference.

A quick search will provide you with tons of good tutorials.

Once you've got Squid up and running, you'll need to decide whether you want to do whitelisting (deny access to all sites, with certain exceptions) or blacklisting (allow access to all sites, with certain exceptions). Doing this sort of thing is basically just a matter of using an ACL built with the dstdomain type, along with an accompanying ACL rule.

Example whitelist:

Code:

acl good_sites dstdomain .linuxquestions.org
acl good_sites dstdomain .freshmeat.net
acl good_sites dstdomain .reuters.com
http_access allow good_sites
http_access deny all

This would mean only those three sites would be accessible.

Example blacklist:

Code:

acl bad_sites dstdomain .microsoft.com
acl bad_sites dstdomain .msn.com
acl bad_sites dstdomain .bing.com
http_access deny bad_sites
http_access allow all

This would mean all sites would be accessible, except those three.

The links/examples I provided should give you an idea of what this involves. Depending on what your situation is (you haven't really elaborated on it), a more complex configuration might be necessary. Also, it's quite common to use additional tools (such as iptables, for example) in order to obtain a more reasonable level of security.

EDIT: I've taken the liberty of giving this thread a more descriptive title.

kirukan · 07-27-2009, 12:29 AM

Dansguardian, Squidguard etc these also more helpful tool with squid for content filtering
http://dansguardian.org/
http://www.squidguard.org/

sigey · 07-27-2009, 06:53 AM

the documentation (the squid.conf) file that comes with the squid package is a very good source for references. It gives clues on how to use various features of squid and how to enable/disable them.