Linux – Squid: how to block websites for a particular IP address

blockingiplinuxPROXYsquid

How to block websites for particular IPs by squid?

Please give solution with example or configuration file.

Best Answer

Example :

I blocked Facebook & orkut to all user but now i want to open only facebook to particular user or IP

Option 1 : Specify site with in configuration file,

acl special_clients src "/etc/squid/special_client_ips.txt"

acl facebook dstdomain .facebook.com

acl orkut dstdomain .orkut.com

Under http access

http_access allow facebook special_clients

http_access deny facebook

http_access deny orkut

http_access allow all

Option 2 : Stick both client IP s and destination domains into lists,

acl special_clients src "/etc/squid/special_client_ips.txt"

acl bad_domains dstdomain "/etc/squid/bad_domains.txt"

Under http access

http_access allow bad_domains special_clients

http_access deny bad_domains

http_access allow all

I get it from net, It work very well
Thanks cstamas

Related Solutions

How to block utorrent by using Squid proxy (fedora 10 or RHEL5)

Configure your firewall to default deny for all office traffic unless specifically allowed.

Require all Web traffic to route through your proxy.

If your users are unable to access the Internet directly, it will be substantially more difficult for them to use advanced protocols like BitTorrent.

While using SQUID acls will be substantially more limited in scope and be easily circumvented, you could use something like:

acl extensiondeny url_regex -i "/etc/squid/extensiondeny"
acl download method GET
http_access deny extensiondeny download
http_access deny extensiondeny

Within "/etc/squid/extensiondeny":

\.torrent$

For more information see:

http://www.squid-cache.org/Doc/config/acl/

Best way to bypass Squid for certain sites

If you want to AVOID completely squid, adding exceptions to the transparent proxy iptables redirect rule is way.

You can, however, create an acl in squid for the always_direct directive. From the squid docs:

acl local-servers dstdomain my.domain.net
always_direct allow local-servers

It doesn't work in all cases, sometimes just avoiding the proxy completely will do.

EDIT: If you use something like shorewall you can create lists that make the exception for the redirect rule easier to manage, but it may be too overkill.

Best Answer

Related Solutions

How to block utorrent by using Squid proxy (fedora 10 or RHEL5)

Best way to bypass Squid for certain sites

Related Topic