Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
create a text file , denied_sites is as good a name as any.
file should have sites to be blocked without leeding www , IE google.com.
add a line similar to following with the acl entrie in file
acl closedsites url_regex "fullpath/denied_sites"
then add
http_access deny our_networks closedsites
BEFORE the default allow all , as squid reads the http_access rules in order.
the our_networks would also need to be defined as an ACL similar to
acl our_networks src 100.11.9.0/16
then do a squid -k reconfigure
should then work.
can also use a redirector , which would be a lot faster if you are going to be blocking a lot of sites as squid loads all these into mem , which slows down startup.
Squid was designed with the capability to call external programs for authentication , it also allows you to call a redirector (most based on squidguard , some on dansguardian.)
If a redirector is specified squid applies all it's ACL's and if the request passes it then sends it to the redirector.
the redirectors are mostly used to apply an additional set of ACL's normally to block access to undesireable sites from a corporate or educational viewpoint(porn, warez, phishing sites , dating , racism, violence ,etc)
Normally used to check against a list of blacklists and if the request matches a deny rule the browser is redirected to a site that denies the access (in our case a site giving the username , source hostname , and reason site was blocked, as well as the company internet usage policy)
A CGI script normally does this quite well.
If it matches an allow rule the request is passed.
At the end there is a default allow or deny rule , this applies if no other rule is matched.
It works like squid , IE the first matching policy applies.
There are free blacklists that you can download (notably squidGuard has one of the better ones) however they are not always updated timeously so due to the dynamic nature of the internet they tend to go out of date rather quickly , this can lead to unneccesary virus exposure on your network , and sites being allowed erroneously , or blocked when they are harmless.
As in our situation this was not acceptable , we decided to use the ufdbGuard redirector (software is free , and extremely fast)
And buy the blacklist subscription from them , and I must say they are extremely good , the lists are updated daily , and 99.9% of the sites are correctly categorized.
However the free lists are definitely better than no lists , so if your budget does not allow the paid option the squidGuard list is very good , and you can still use faster ufdbGuard redirector engine as it is free.
If you are working for a educational institution then DansGuardian is free , and it incorporates some very nice additional functionality (is free for libraries , schools , personal use , but not free for corporate use , licence fees are quite reasonable though)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.