We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

How to block porn site and downloading of mp3 and exe file from internet i am using squid proxy

aloknet21
aloknet21 asked
on
Medium Priority
3,522 Views
Last Modified: 2012-06-21
How to block porn site and downloading of mp3 and exe file from internet? I am using squid proxy
in RHEL 5 with user auth and ip based too.
Comment
Watch Question

To deploy the web-site blocking mechanism in Squid, add the following entries to your Squid configuration file (in my system, its called squid.conf and its located in the /etc/squid directory):

acl bad url_regex "/etc/squid/squid-block.acl" http_access deny bad
The file /etc/squid/squid-block.acl contains web sites or words you want to block. You can name the file whatever you like. If a site has the URL or word listed in squid-block.acl file, it wont be accesible to your users. The entries below are found in squid-block.acl file used by my clients:

.oracle.com .playboy.com.br sex ...
With the squid-block.acl file in action, internet users cannot access the following sites:

Sites that have addresses ending with .oracle.com
Sites that have addresses ending with .playboy.com.br
Sites containing the word sex in its pages
You should beware that by blocking sites containing the word sex, you will also block sites such as Middlesex University, Sussex University, etc. To resolve this problem, you can put those sites in a special file called squid-noblock.acl:

Cheers
Block MP3 and .EXE

First open squid.conf file /etc/squid/squid.conf:

# vi /etc/squid/squid.conf

Now add following lines to your squid ACL section:

acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"

You want display custom error message when a file is blocked:
# Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles

Save and close the file.

Create custom error message HTML file called ERR_BLOCKED_FILES in /etc/squid/error/ directory or /usr/share/squid/errors/English directory.
# vi ERR_BLOCKED_FILES

Append following content:

<HTML>
<HEAD>
<TITLE>ERROR: Blocked file content</TITLE>
</HEAD>
<BODY>
<H1>File is blocked due to new IT policy</H1>
<p>Please contact helpdesk for more information:</p>
Phone: 555-12435 (ext 44)<br>
Email: helpdesk@yourcorp.com<br>
Caution: Do not include HTML close tags </HTML> </BODY> as it will be closed by squid.
Now create /etc/squid/blocks.files.acl file:
# vi /etc/squid/blocks.files.acl

Append following text:
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$

Save and close the file. Restart Squid:
# /etc/init.d/squid restart

Author

Commented:
After doing this squid service does not restart. i have attached conf file
Where have u attached it??

anyways try this: Its more detailed
Restricting access to specific URLs
 
Squid is also capable of reading files containing lists of web sites and/or domains for use in ACLs. In this example we create to lists in files named /etc/squid/allowed-sites.acl and /etc/squid/restricted-sites.acl
 
# File: /etc/squid/allowed-sites.acl
www.gnu.org
mysite.com
 
# File: /etc/squid/restricted-sites.acl
www.restricted.com
illegal.com
These can then be used to always block the restricted sites and permit the allowed sites during working hours. This can be illustrated by expanding our previous example slightly.
 
#
# Add this to the bottom of the ACL section of squid.conf
#
acl home_network src 192.168.1.0/24
acl business_hours time M T W H F 9:00-17:00
acl GoodSites dstdomain "/etc/allowed-sites.acl"
acl BadSites  dstdomain "/etc/restricted-sites.acl"
 
#
# Add this at the top of the http_access section of squid.conf
#
http_access deny BadSites
http_access allow home_network business_hours GoodSites

Open in new window

Author

Commented:
my acl lines in squid.....

2398 #Recommended minimum configuration:
2399 acl all src 0.0.0.0/0.0.0.0
2400 acl ncsa_users proxy_auth REQUIRED
2401 acl alok src 10.50.3.89 10.50.3.90 10.50.0.214 10.50.3.41
2402 acl abhi max_user_ip -s 1
2403 acl restrict dstdomain .yahoo.com .orkut.com .gmail.com .aol.com .rediffmai     l.com .msn.com .naukri.com .timesjobs.com .monsterindia.com .freshers.com .     in.com .wayn.com .hi5.com .facebook.com .ibibo.com .myspace.com
2404 acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
2405 acl bad url_regex "/etc/squid/squid-block.acl"
2406 acl manager proto cache_object
2407 acl localhost src 127.0.0.1/255.255.255.255
2408 acl to_localhost dst 127.0.0.0/8
2409 acl SSL_ports port 443
2410 acl Safe_ports port 80          # http
2411 acl Safe_ports port 21          # ftp
2412 acl Safe_ports port 443         # https
2413 acl Safe_ports port 70          # gopher
2414 acl Safe_ports port 210         # wais
2415 acl Safe_ports port 1025-65535  # unregistered ports
2416 acl Safe_ports port 280         # http-mgmt
2417 acl Safe_ports port 488         # gss-http
2418 acl Safe_ports port 591         # filemaker
2419 acl Safe_ports port 777         # multiling http
2420 acl CONNECT method CONNECT
2421



my http access lines in squid ....

2536 # And finally deny all other access to this proxy
2537 http_access allow localhost
2538 http_access allow alok
2539 http_access deny abhi
2540 http_access deny restrict
2541 http_access deny blockfiles
2542 http_access deny bad
2543 deny_info ERR_BLOCKED_FILES blockfiles
2544 http_access allow ncsa_users
2545 http_access deny all

please suggest are these lines right???



Author

Commented:
squid is working fine with all restrict rules but error notification part is not working.

if we comment that line then proxy work..

# deny_info ERR_BLOCKED_FILES blockfiles

otherwise proxy does not start.

Suggest@@

Author

Commented:
now my squid is working fine with all rules .

Thanks for ur help.


Great...

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
i have got the right solution after consulting this site
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.