LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 12-15-2012, 10:43 AM   #1
pestka
Member
 
Registered: Dec 2012
Location: Southampton, UK
Posts: 36

Rep: Reputation: Disabled
Post Squid not blocking sites


I've been trying a couple of days to make squid block several websites but I can not. Therefore I thought you guys might be of some help as far as this is concerned.

Here's my configuration file:

Code:
cache_mem 4 MB
cache_dir ufs /var/spool/squid/ 4 16 256
redirect_rewrites_host_header off
cache_replacement_policy lru
acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 80          # http
acl CONNECT method CONNECT
acl badsites dstdomain "/etc/squid/squid-block.acl"

# authentication
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
acl passauth proxy_auth REQUIRED
acl ncsa_users proxy_auth REQUIRED

http_access allow passauth
http_access deny all badsites

#maximum_object_size 150000 KB
store_avg_object_size 50 KB

cache_effective_user squid
cache_effective_group squid

log_icp_queries off
buffered_logs off

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
store_dir_select_algorithm least-load
forwarded_for on

# what not to cache:
acl QUERY urlpath_regex cgi-bin \?
acl url_htm     url_regex \.htm$
acl url_html    url_regex \.html$
acl url_pdf     url_regex \.pdf$
acl url_xls     url_regex \.xls$
acl SSL_ports port 443 563
no_cache deny QUERY
no_cache deny url_xls
no_cache deny url_pdf
no_cache deny url_html
no_cache deny url_htm
no_cache deny SSL_ports

http_port 9999
and here's what I've got in the squid-block.acl:

Code:
root@us:/etc/squid# cat squid-block.acl 
.pornhub.com
.google.com
sex
I've also tried a lot of mutations of the configs above, nevertheless, I'm still reaching sites in the squid-block.acl file. I have no idea what I am doing wrong. Can anyone help please?

Peter.
 
Old 12-15-2012, 03:09 PM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by pestka View Post
I've been trying a couple of days to make squid block several websites but I can not. Therefore I thought you guys might be of some help as far as this is concerned. Here's my configuration file:
Code:
cache_mem 4 MB
cache_dir ufs /var/spool/squid/ 4 16 256
redirect_rewrites_host_header off
cache_replacement_policy lru
acl all src 0.0.0.0/0.0.0.0
acl Safe_ports port 80          # http
acl CONNECT method CONNECT
acl badsites dstdomain "/etc/squid/squid-block.acl"

# authentication
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/squid_passwd
acl passauth proxy_auth REQUIRED
acl ncsa_users proxy_auth REQUIRED

http_access allow passauth
http_access deny all badsites
change the above line to read as below...remove the 'all'
http_access deny badsites

#maximum_object_size 150000 KB
store_avg_object_size 50 KB

cache_effective_user squid
cache_effective_group squid

log_icp_queries off
buffered_logs off

cache_access_log /var/log/squid/access.log
cache_log /var/log/squid/cache.log
cache_store_log /var/log/squid/store.log
store_dir_select_algorithm least-load
forwarded_for on

# what not to cache:
acl QUERY urlpath_regex cgi-bin \?
acl url_htm     url_regex \.htm$
acl url_html    url_regex \.html$
acl url_pdf     url_regex \.pdf$
acl url_xls     url_regex \.xls$
acl SSL_ports port 443 563
no_cache deny QUERY
no_cache deny url_xls
no_cache deny url_pdf
no_cache deny url_html
no_cache deny url_htm
no_cache deny SSL_ports

http_port 9999
and here's what I've got in the squid-block.acl:
Code:
root@us:/etc/squid# cat squid-block.acl 
.pornhub.com
.google.com
sex
I've also tried a lot of mutations of the configs above, nevertheless, I'm still reaching sites in the squid-block.acl file. I have no idea what I am doing wrong. Can anyone help please?

Peter.
You're close. I've bolded the line you need to change above...the squid website has more info on ACL's
http://wiki.squid-cache.org/SquidFaq...CL_ban_list.3F
 
1 members found this post helpful.
Old 12-17-2012, 04:09 AM   #3
pestka
Member
 
Registered: Dec 2012
Location: Southampton, UK
Posts: 36

Original Poster
Rep: Reputation: Disabled
Hello TB0ne,

That's right. I just applied that and all works fine.
Just one thing to mention, I had to put the configuration lines in the following order:

http_access deny all badsites
http_access allow passauth

It does not work the other way around, as probably it allows all authenticated and does not read the rest of the http_access filter.

Nevertheless all is fine now. Thank you a lot!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Squid+DansGuardian not working properly. squid blocking sites that should be linuxlover.chaitanya Linux - Server 13 11-10-2014 10:34 AM
Squid Blocking Sites hkothari Linux - Server 3 09-11-2009 05:37 AM
squid 2.6 not blocking sites even i entered ACL to block sites mohantorvalds Linux - Server 1 01-08-2009 04:17 AM
squid url_regex is not blocking the sites nsampath Linux - Server 3 03-29-2007 05:04 AM
Squid Error while blocking sites winxandlinx Linux - Networking 15 06-29-2006 08:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 07:36 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration