I want to restrict some site (Social Networking) through my newly configured squid proxy.
But It always allow those site How to block those site.

My squid.conf file is configured as follow :-

.
.
.
.
.
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#acl workhrs time MTWHFA 11:00-16:00
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 127.0.0.1/255.255.255.255 # RFC1918 possible internal network
acl our_network src 192.168.2.0/24 # RFC1918 possible internal network
acl bad dstdomain "/etc/squid/block-sites.squid"
#acl blacklist_ip src 192.168.2.11
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# TAG: http_access
.
.
.
..
.
.
.
#Recommended minimum configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager
# Only allow purge requests from localhost
http_access allow purge localhost
http_access deny purge
# Deny requests to unknown ports
http_access deny !Safe_ports
# Deny CONNECT to other than SSL ports
http_access deny CONNECT !SSL_ports
#
# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
#http_access deny bad workhrs blacklist_ip
http_access deny bad
http_access allow localhost
http_access allow our_network
http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all

Hello,

Well it does not work just because the syntax in your config file is incorrect. You have to put a domainname in your acl rule and not a file containing domainname. See official online doc for more info: http://www.visolve.com/squid/squid30....php#dstdomain

Regards,

Oliv'

Then how to ban more no. of site if I can't user file name in ACL

My modified squid.conf as follows but not of use unable to stop website

.
.
.
.
.
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#acl workhrs time MTWHFA 11:00-16:00
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
#acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src 127.0.0.1/255.255.255.255 # RFC1918 possible internal network
acl our_network src 192.168.2.0/24 # RFC1918 possible internal network
acl bad dstdomain www.facebook.com
#acl blacklist_ip src 192.168.2.11
#
acl SSL_ports port 443 # https
acl SSL_ports port 563 # snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl CONNECT method CONNECT
# TAG: http_access
# Allowing or Denying access based on defined access lists
#
.
.
.
.
#Recommended minimum configuration:
acl all src all
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32
#acl workhrs time MTWHFA 11:00-16:00
#
# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
.
.
.
.
#http_access allow localnet
#http_access deny bad workhrs blacklist_ip
http_access deny bad
http_access allow localhost
http_access allow our_network
http_access allow localnet

# And finally deny all other access to this proxy
http_access deny all

# TAG: http_access2
.
.
.
.
#Default:
debug_options ALL,1 33,2 28,9

From my point of view, the easiest way to do what you want is to use squidguard which an addon to squid. Have a look at this url http://www.squidguard.org/index.html for more info.

Oliv'

acl bad dstdomain www.facebook.com

in this line you are configuring an ACL which uses a stricted matching of www.facebook.com.
any url that have a minimun change in the domain name will be allowed (www3.facebook.com, es.facebook.com)

You can try this acl instead

acl bad dstdom_regex facebook.com

salu2
damade