-   Linux - Server (
-   -   Preventing a browser from connecting to a site (

sholah 12-28-2006 03:54 PM

Preventing a browser from connecting to a site
How do i use squid to prevent computers on my network from browsing or connecting to certain websites?

Anyone please!!!!


timdsmith 12-28-2006 04:01 PM

Create a squid-block.acl file and save it in the same directory with squid.conf.
add these two line to squid.conf:

acl badURL url_regex -i "/path/to/squid-block.acl"
http_access deny badURL

add a line like this for whatever web site you want to block to squid-block.acl

sholah 01-09-2007 01:52 PM

blocking websites/pages with squid
the method doesnt seem to work.i intend to block this site ( with squid.

any one?


willia01 01-09-2007 03:21 PM

create a text file , denied_sites is as good a name as any.
file should have sites to be blocked without leeding www , IE
add a line similar to following with the acl entrie in file
acl closedsites url_regex "fullpath/denied_sites"

then add
http_access deny our_networks closedsites

BEFORE the default allow all , as squid reads the http_access rules in order.

the our_networks would also need to be defined as an ACL similar to
acl our_networks src

then do a squid -k reconfigure
should then work.

can also use a redirector , which would be a lot faster if you are going to be blocking a lot of sites as squid loads all these into mem , which slows down startup.

sholah 02-02-2007 03:50 PM

hi willia01,

can u tell me more about the redirector and how it works?


willia01 02-03-2007 04:08 PM

Squid was designed with the capability to call external programs for authentication , it also allows you to call a redirector (most based on squidguard , some on dansguardian.)
If a redirector is specified squid applies all it's ACL's and if the request passes it then sends it to the redirector.
the redirectors are mostly used to apply an additional set of ACL's normally to block access to undesireable sites from a corporate or educational viewpoint(porn, warez, phishing sites , dating , racism, violence ,etc)
Normally used to check against a list of blacklists and if the request matches a deny rule the browser is redirected to a site that denies the access (in our case a site giving the username , source hostname , and reason site was blocked, as well as the company internet usage policy)
A CGI script normally does this quite well.

If it matches an allow rule the request is passed.
At the end there is a default allow or deny rule , this applies if no other rule is matched.
It works like squid , IE the first matching policy applies.

There are free blacklists that you can download (notably squidGuard has one of the better ones) however they are not always updated timeously so due to the dynamic nature of the internet they tend to go out of date rather quickly , this can lead to unneccesary virus exposure on your network , and sites being allowed erroneously , or blocked when they are harmless.

As in our situation this was not acceptable , we decided to use the ufdbGuard redirector (software is free , and extremely fast)
And buy the blacklist subscription from them , and I must say they are extremely good , the lists are updated daily , and 99.9% of the sites are correctly categorized.

However the free lists are definitely better than no lists , so if your budget does not allow the paid option the squidGuard list is very good , and you can still use faster ufdbGuard redirector engine as it is free.

If you are working for a educational institution then DansGuardian is free , and it incorporates some very nice additional functionality (is free for libraries , schools , personal use , but not free for corporate use , licence fees are quite reasonable though)

All times are GMT -5. The time now is 05:26 AM.