LinuxQuestions.org - [SOLVED] Squid not blocking sites

- Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)

- - Squid not blocking sites (https://www.linuxquestions.org/questions/linux-server-73/squid-not-blocking-sites-4175441564/)

Squid not blocking sites

I've been trying a couple of days to make squid block several websites but I can not. Therefore I thought you guys might be of some help as far as this is concerned.

Here's my configuration file:

Code:

cache_mem 4 MB

cache_dir ufs /var/spool/squid/ 4 16 256

redirect_rewrites_host_header off

cache_replacement_policy lru

acl all src 0.0.0.0/0.0.0.0

acl Safe_ports port 80          # http

acl CONNECT method CONNECT

acl badsites dstdomain "/etc/squid/squid-block.acl"



# authentication

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

acl passauth proxy_auth REQUIRED

acl ncsa_users proxy_auth REQUIRED



http_access allow passauth

http_access deny all badsites



#maximum_object_size 150000 KB

store_avg_object_size 50 KB



cache_effective_user squid

cache_effective_group squid



log_icp_queries off

buffered_logs off



cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

store_dir_select_algorithm least-load

forwarded_for on



# what not to cache:

acl QUERY urlpath_regex cgi-bin \?

acl url_htm    url_regex \.htm$

acl url_html    url_regex \.html$

acl url_pdf    url_regex \.pdf$

acl url_xls    url_regex \.xls$

acl SSL_ports port 443 563

no_cache deny QUERY

no_cache deny url_xls

no_cache deny url_pdf

no_cache deny url_html

no_cache deny url_htm

no_cache deny SSL_ports



http_port 9999

and here's what I've got in the squid-block.acl:

Code:

root@us:/etc/squid# cat squid-block.acl 

.pornhub.com

.google.com

sex

I've also tried a lot of mutations of the configs above, nevertheless, I'm still reaching sites in the squid-block.acl file. I have no idea what I am doing wrong. Can anyone help please?

Peter.

Quote:

Originally Posted by pestka (Post 4849883)

I've been trying a couple of days to make squid block several websites but I can not. Therefore I thought you guys might be of some help as far as this is concerned. Here's my configuration file:

Code:

cache_mem 4 MB

cache_dir ufs /var/spool/squid/ 4 16 256

redirect_rewrites_host_header off

cache_replacement_policy lru

acl all src 0.0.0.0/0.0.0.0

acl Safe_ports port 80          # http

acl CONNECT method CONNECT

acl badsites dstdomain "/etc/squid/squid-block.acl"



# authentication

auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd

acl passauth proxy_auth REQUIRED

acl ncsa_users proxy_auth REQUIRED



http_access allow passauth

http_access deny all badsites

change the above line to read as below...remove the 'all'

http_access deny badsites



#maximum_object_size 150000 KB

store_avg_object_size 50 KB



cache_effective_user squid

cache_effective_group squid



log_icp_queries off

buffered_logs off



cache_access_log /var/log/squid/access.log

cache_log /var/log/squid/cache.log

cache_store_log /var/log/squid/store.log

store_dir_select_algorithm least-load

forwarded_for on



# what not to cache:

acl QUERY urlpath_regex cgi-bin \?

acl url_htm    url_regex \.htm$

acl url_html    url_regex \.html$

acl url_pdf    url_regex \.pdf$

acl url_xls    url_regex \.xls$

acl SSL_ports port 443 563

no_cache deny QUERY

no_cache deny url_xls

no_cache deny url_pdf

no_cache deny url_html

no_cache deny url_htm

no_cache deny SSL_ports



http_port 9999

and here's what I've got in the squid-block.acl:

Code:

root@us:/etc/squid# cat squid-block.acl 

.pornhub.com

.google.com

sex

I've also tried a lot of mutations of the configs above, nevertheless, I'm still reaching sites in the squid-block.acl file. I have no idea what I am doing wrong. Can anyone help please?

Peter.

You're close. I've bolded the line you need to change above...the squid website has more info on ACL's
http://wiki.squid-cache.org/SquidFaq...CL_ban_list.3F

Hello TB0ne,

That's right. I just applied that and all works fine.
Just one thing to mention, I had to put the configuration lines in the following order:

http_access deny all badsites
http_access allow passauth

It does not work the other way around, as probably it allows all authenticated and does not read the rest of the http_access filter.

Nevertheless all is fine now. Thank you a lot!