Squid Proxy not blocking any sites which are denied ... Kindly help !!!

Arjun_K · 05-05-2020, 06:32 AM

The squid proxy configured is not blocking the sites. Kindly help me in configuring the configuration file to block the sites. I have explicitly used a denylist file and contains the necessary URLs and the squid is not blocking.

###Configuration File###

####IP Ranges allowed to use proxy
acl localnet src 10.202.2.16
acl localnet src 10.202.2.80
acl localnet src 10.202.2.102
acl localnet src 10.201.50.10

acl localnet src 10.196.0.0/16
acl localnet src 10.197.0.0/16
acl localnet src 10.198.0.0/16
acl localnet src 10.199.0.0/16
acl localnet src 10.200.0.0/16

acl windowsupdate dstdomain windowsupdate.microsoft.com
acl windowsupdate dstdomain .update.microsoft.com
acl windowsupdate dstdomain download.windowsupdate.com
acl windowsupdate dstdomain redir.metaservices.microsoft.com
acl windowsupdate dstdomain images.metaservices.microsoft.com
acl windowsupdate dstdomain c.microsoft.com
acl windowsupdate dstdomain www.download.windowsupdate.com
acl windowsupdate dstdomain wustat.windows.com
acl windowsupdate dstdomain crl.microsoft.com
acl windowsupdate dstdomain sls.microsoft.com
acl windowsupdate dstdomain productactivation.one.microsoft.com
acl windowsupdate dstdomain ntservicepack.microsoft.com
acl windowsupdate dstdomain eu.vortex-win.data.microsoft.com
acl windowsupdate dstdomain eu-v20.events.data.microsoft.com
acl windowsupdate dstdomain usseu1northprod.blob.core.windows.net
acl windowsupdate dstdomain usseu1westprod.blob.core.windows.net
acl windowsupdate dstdomain winatp-gw-neu.microsoft.com
acl windowsupdate dstdomain winatp-gw-weu.microsoft.com
acl windowsupdate dstdomain wseu1northprod.blob.core.windows.net
acl windowsupdate dstdomain wseu1westprod.blob.core.windows.net
acl windowsupdate dstdomain automatedirstrprdweu.blob.core.windows.net
acl windowsupdate dstdomain automatedirstrprdneu.blob.core.windows.net
acl windowsupdate dstdomain play.google.com
acl windowsupdate dstdomain go.microsoft.com

acl CONNECT method CONNECT
acl wuCONNECT dstdomain www.update.microsoft.com
acl wuCONNECT dstdomain sls.microsoft.com
http_access allow CONNECT wuCONNECT localnet
http_access allow windowsupdate localnet

####Access and Deny of URL/Ports
acl Safe_ports port 80 # http
acl Safe_ports port 443 # https

####Allowed and Denied URLs
acl allowedurl dstdomain /etc/squid/allowed_url.txt
acl denylist dstdomain /etc/squid/denylist.txt

http_access allow allowedurl
http_access deny denylist
http_access allow localnet
http_access allow localhost manager
http_access allow localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny all

http_port 8080

cache_dir ufs /var/spool/squid 10000 16 256
coredump_dir /var/spool/squid

refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
refresh_pattern -i windowsupdate.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i microsoft.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims
refresh_pattern -i windows.com/.*\.(cab|exe|ms[i|u|f]|[ap]sf|wm[v|a]|dat|zip) 4320 80% 43200 reload-into-ims

Denylist File:
www.youtube.com
*.facebook.com
*.yahoo.com
*.msn.com
www.reddit.com