Deny User Access to a Website Using Squid
There is often a requirement to block/deny user access to certain websites and this post shows how administrators can utilise Squid to achieve this:
Squid is a popular open source web proxy server and web caching software. It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other network lookups for groups of people sharing network resources and (which is of most interest to us for the purposes of this post) by aiding security via traffic filtering. It was originally inteneded for Unix/Linux but has been ported to a number of platforms.
Squid has powerful ACL (access control list). The primary use of the ACL system is to implement simple access control. This can be used to deny a user from accessing particular site.
In order to do this we have to edit the Squid configuration file.
e.g. # vi /etc/squid/squid.conf
Search for `Access Controls’ and append the following lines (in this example we are blocking access to ‘nastysite.com’):
acl badsite dstdomain .nastysite.com
http_access deny badsite
Save and close the file, and then restart Squid:
# /etc/init.d/squid restart
If required, you can specify more than one site to be blocked:
acl badsite dstdomain .nastysite.com .anothernastysite.com
http_access deny badsite
You can also use regex expressions to block access to more than one website. for example, if you would like to deny access for any sites where the URL contains the word “twitter”, use the following ACL lines:
acl badsitegroup url_regex -i twitter
http_access deny badsitegroup
More information on Squid commands can be found at: http://wiki.squid-cache.org/FrontPage
