Sunday, December 28, 2014

filtering websites using squid, web proxy

1- install squid
root@proxy:/# apt-get install squid

2- lan ip address is and and we want to block website and so change some configuration in /etc/squid/squid.conf to the following conetent

acl all src
acl manager proto cache_object
acl localhost src
acl to_localhost dst
acl SSL_ports port 443 563 # https, snews
acl SSL_ports port 873 # rsync
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl Safe_ports port 631 # cups
acl Safe_ports port 873 # rsync
acl Safe_ports port 901 # SWAT
acl purge method PURGE
acl localnet src
acl localnet src

acl blockedDomain dstdomain
acl blockedDomain dstdomain
http_access deny blockedDomain

http_access allow localnet
http_access allow manager localhost
http_access deny manager
http_access allow purge localhost
http_access deny purge
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost

- restart squid service
root@proxy:/# service squid restart

3- on route block all forwarding traffic to port 80 and 443, and we only allow the proxy to access the internet, so client will have to choice they must use our proxy to access to the internet

4- client http proxy setting and denied when access

No comments:

Post a Comment