[plug] Transparent proxy ACL with squid

Steve Baker steve at iinet.net.au
Thu May 11 16:43:21 WST 2006 


We block access to webmail between 8:30 and 16:30, using the following:

acl worktime time M T W H F 8:30-16:30
acl webmail dstdomain "/etc/squid/webmail.hosts"
...
http_access deny  webmail worktime

To deny access to these hosts all the time, leave out the 'worktime' acl 
line and the reference on the http_access line.

The webmail.hosts file contains a list of domains such as...
.gmail.com
.gmail.google.com
.hotmail.com
.hotmail.msn.com
.incredimail.com
.mail2web.com
etc...

I haven't tried any url_regex blocking, but the concept would be the 
same.  I assume you have a 'http_access allow local_lan' or similar line 
in there, that would come AFTER the http_access lines that deny access 
to unsavoury sites and before the "deny all" one.  Remember that  as 
soon as a http_access rule is matched, squid stops checking further rules.

Hopefully this gives you some clues.

Regards,
Steve


Kai Jones wrote:

>Hi everyone,
>
>I've talked the boss into letting me install a Linux boxen among the
>windows servers we have here, proxy/firewall is the first thing so I can
>get some better security happening on the network.
>
>Right now I'm working on my first bash at configurating a proxy server,
>the server (Compaq Proliant 800) with Fedora Core 5 (2.6.15-1.2054_FC5)
>and Squid 2.5 (squid-2.5.STABLE12-5.1), trying to get the ACL's working
>properley but so far not having much luck. Reading through
>http://www.squid-cache.org/Doc/FAQ/FAQ-10.html#ss10.4 is going ok but
>I'm looking for a way I can reference text files in /etc/squid, one file
>for domain blocking and the other for keyword blocking.
>
>I've set my browser to go through the proxy and that works fine but the
>ACL's aren't working.
>
>So far I have:
>
>acl urlBlock dstdomain urlBlock.txt
>acl keywordBlock url_regex keywordBlock.txt
>http_access deny urlBlock
>http_access deny keywordBlock
>http_access deny all
>
>urlBlock.txt and keywordBlock.txt are stored in /etc/squid as is
>squid.conf
>
>I've also tried
>
>acl ebay dstdomain www.ebay.com.au
>acl ebay2 dstdomain www.ebay.com
>acl ebay1 url_regex ebay
>http_access deny ebay
>http_access deny ebay1
>http_access deny ebay2
>http_access deny all
>
>Any ideas are appreciated
>
>Thanks
>Kai
>_______________________________________________
>PLUG discussion list: plug at plug.org.au
>http://www.plug.org.au/mailman/listinfo/plug
>Committee e-mail: committee at plug.linux.org.au
>
>  
>

More information about the plug mailing list