Common squid requirements - Part 1
In
this segment, we would be accomplishing the following:
- block multiple website
- block specific ip
- block multiple ip
- block specific mac
- block multiple mac
- set maximum download size
- set time/date limit for browsing
- Setting up mandatory authentication before internet access
We
assume that our network is 192.168.10.0/24.
1. Blocking a Specific Website
Although a website can be blocked using different parameters, the best way to block a website using squid is the 'url_regex' parameter. url_regex checks link inserted in the browser for matching syntax. For example, if we tell squid to block any website that has the word “jumble” in it, then any website, like jumbleA.com, jumbleB.com, jumbleC.com would be blocked.
root@firefly:~# vim squid.conf
#### Declaring the acl #####
acl our_network src 192.168.10.0/24
acl bad_site url_regex .jumble.com
#### for example,
anything.jumble.com, anything2.jumble.com, anything3.jumble.com ####
#### Applying the acl ####
#### the sequence of the
allow/deny is important ####
http_access deny bad_site
### denies bad_site to everyone
http_access allow our_network
### everyone in our_network is
allowed anywhere
http_access deny all
root@firefly:~# service squid
restart
2. Blocking a Multiple Websites
The theory of blocking multiple websites is the same. We would be using url_regex to get the task done. However, the declaration of the ACL is quite different. First, we would be creating a file to list all the sites that needs to be blocked, and then tell squid to check that file for matching.
root@firefly:~# vim
/etc/squid/bad_site_file
#### a list of sites to be ####
Declaring the acl #####blocked ####
\.mp3$ ##mp3 files blocked
\.flv$ ##flv files blocked
.jumble.com
.badsite1.com
.badsite2.com
.AreYouKiddingMe.net
root@firefly:~# vim squid.conf
#### Declaring the acl #####
acl our_network src 192.168.10.0/24
acl bad_site url_regex
“/etc/squid/bad_site_file”
#### Applying the acl ####
#### the sequence of the
allow/deny is important ####
http_access deny bad_site
### denies bad_site to everyone
http_access allow our_network
### Allow our LAN
http_access deny all
root@firefly:~# service
squid restart
3. Blocking a Specific IP
Even if a single IP can be blocked using an ACL, we would be adding the IP directly in the file squid.conf.
root@firefly:~# vim squid.conf
#### the sequence of the
allow/deny is important ####
http_access deny 192.168.10.254/24
### this IP is blocked/denied
http_access allow our_network
### Allow our LAN
http_access deny all
root@firefly:~# service
squid restart
4. Blocking Multiple IPs
We would be using the same trick that we used to block multiple websites. We would be creating a file with a list of all the IPs to be blocked.
root@firefly:~# vim
/etc/squid/blocked_ip_file
#### a list of IPs to be blocked
####
192.168.10.150
192.168.10.152
192.168.10.253
192.168.10.254
root@firefly:~# vim squid.conf
#### Declaring the acl #####
acl our_network src 192.168.10.0/24
acl black_sheep src
“/etc/squid/blocked_ip_file”
#### Applying the acl ####
#### the sequence of the
allow/deny is important ####
http_access deny black_sheep
### denies all IP in the ACL
http_access allow our_network
### Allow our LAN
http_access deny all
#### Applying the acl ####
#### the sequence of the
allow/deny is important ####
http_access deny
black_sheep bad_site
### denies access to all websites
in bad_site_file to all IP in the blocked_ip_file
http_access allow our_network
### Allow our LAN
http_access deny all
root@firefly:~# service squid
restart
5. Blocking Specific MAC
The process of blocking a MAC address is almost similar to the process of blocking IP addresses. Here is how it works -
root@firefly:~# vim squid.conf
#### Declaring the ACL ####
acl
our_network src 192.168.10.0/24
#### the sequence of the
allow/deny is important ####
http_access deny bad_mac
### this MAC address is
blocked/denied
http_access allow our_network
### Allow our LAN
http_access deny all
root@firefly:~# service squid
restart
6. Blocking Multiple MAC Addresses
We would be using the same trick that we used to block multiple IPs. We would be creating a file with a list of all the IPs to be blocked.
root@firefly:~# vim
/etc/squid/blocked_mac_file
#### a list of MAC addresses to
be blocked ####
root@firefly:~# vim squid.conf
#### Declaring the acl #####
acl our_network src 192.168.10.0/24
acl bad_macs arp
“/etc/squid/blocked_mac_file”
#### Applying the acl ####
#### the sequence of the
allow/deny is important ####
http_access deny bad_macs
### denies all MAC addresses in
the ACL
http_access allow our_network
### Allow our LAN
http_access deny all
root@firefly:~# service squid
restart
Comments
Post a Comment