Home > Apple, Internet, Linux, Open Source, Security, Software > Deny User Access to a Website Using Squid

Deny User Access to a Website Using Squid

August 31st, 2008 Leave a comment Go to comments

There is often a requirement to block/deny user access to certain websites and this post shows how administrators can utilise Squid to achieve this:

Squid is a popular open source web proxy server and web caching software. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other network lookups for groups of people sharing network resources and (which is of most interest to us for the purposes of this post) by aiding security via traffic filtering. It was originally inteneded for Unix/Linux but has been ported to a number of platforms.

Squid has powerful ACL (access control list). The primary use of the ACL system is to implement simple access control. This can be used to deny a user from accessing particular site.

In order to do this we have to edit the Squid configuration file.

e.g. # vi /etc/squid/squid.conf

Search for `Access Controls’ and append the following lines (in this example we are blocking access to ‘nastysite.com’):
acl badsite dstdomain .nastysite.com
http_access deny badsite

Save and close the file, and then restart Squid:
# /etc/init.d/squid restart

 If required, you can specify more than one site to be blocked:
acl badsite dstdomain .nastysite.com  .anothernastysite.com
http_access deny badsite

You can also use regex expressions to block access to more than one website. for example,  if you would like to deny access for any sites where the URL contains the word “twitter”, use the following ACL lines:
acl badsitegroup url_regex -i twitter
http_access deny badsitegroup

More information on Squid commands can be found at: http://wiki.squid-cache.org/FrontPage

 

Categories: Apple, Internet, Linux, Open Source, Security, Software Tags: ,
  1. Manikant Verma
    October 23rd, 2008 at 00:39 | #1
    Reply | Quote

    i am using fedora and i want access internet via squid. But my
    problem is that i want allow full internet to a perticular IP
    and for other IP restricted via whitelist.
    But i am not able to do this.
    Please suggest me how i can??

  2. Dave W
    October 24th, 2008 at 10:10 | #2
    Reply | Quote

    Manikant – you should be able to set up IP based acces levels in Squid through Access control Lists – the following link should give you some ideas:

    http://linux.ittoolbox.com/groups/technical-functional/redhat-l/about-squid-2250791

  3. Andrew Belford
    November 26th, 2008 at 12:10 | #3
    Reply | Quote

    I am having problems trying to block a specific user from accessing internet via squid but allow the rest

    How can I apply a rule for denying user access on squid.conf

    Please help

  4. Dave W
    November 26th, 2008 at 14:18 | #4
    Reply | Quote

    Well – acl and src IP could be used:

    http://linux.ittoolbox.com/groups/technical-functional/redhat-l/about-squid-2250791

    As mentioned on that page, you might want to look at hooking into LDAP/active Directory etc rather than specifying use IP addresses though.

  1. No trackbacks yet.