← Return to the Proxy Server page
Using Squid to make a Black List Proxy
To block undesired web sites you will do these things:
- Define the hosts permitted to use the cache
- Define the filter lists (black-lists and also white-list of exceptions to the rules)
- Apply the filter lists
- Define the error message files that appear when a given filter is triggered
Define the black-list
Place your black-list rules in a location of your choosing (e.g., /etc/squid/), define them, then apply them something like the following. If you intend to use my sample files, you can just copy-and-paste the following into your squid.conf file, in the spot marked by the comment “INSERT YOUR OWN RULE(S) HERE”.
#______[ Black List ]_____________________________________________________ acl advdom dstdomain "/etc/squid/ad.domains" acl adv0exp url_regex -i "/etc/squid/ad0.exp" acl adv1exp url_regex -i "/etc/squid/ad1.exp" acl baddom dstdomain "/etc/squid/bad.domains" acl baddom dstdomain "/etc/squid/proxy.domains" acl badexp url_regex -i "/etc/squid/bad.exp" acl violentdom dstdomain "/etc/ffilter/violent.domains" acl hardblock url_regex -i "/etc/squid/hardblock.exp" acl drugdomains dstdomain "/etc/ffilter/drug.domains" acl gambledom dstdomain "/etc/ffilter/gambling.domains" acl offensive dstdomain "/etc/ffilter/offensive.domains" acl offendexp url_regex -i "/etc/ffilter/offensive.exp" acl deceptive dstdomain "/etc/ffilter/deceptive.domains" acl illegal dstdomain "/etc/ffilter/illegal.domains" # If you have children who have their own computers and for whom # you want extra protection, then try this idea: acl children src "/etc/ffilter/kids.IPs" acl curfewOK dstdomain "/etc/ffilter/curfew_ok.domains" # # On week-days the kids need to stop using the Internet at 10pm, # but on Friday and Saturday we let them go until midnight: # acl curfew time SMTWH 22:00-23:59 acl curfew time SMTWHF 00:00-7:00 #______[ White List ]_____________________________________________________ acl safedom dstdomain "/etc/ffilter/safe.domains" acl safeexp url_regex -i "/etc/ffilter/safe.exp" acl christdom dstdomain "/etc/ffilter/christian.domains" acl christexp url_regex -i "/etc/ffilter/christian.exp" acl schooldom dstdomain "/etc/ffilter/school.domains" acl employdom dstdomain "/etc/ffilter/employ.domains" #______[ Rules ]__________________________________________________________ # 0. 'hardblock' regex and IP matches # http_access deny hardblock # 1. Children's curfew # http_access allow curfewOK http_access deny children curfew #http_access deny children gamedom # Now block the stage zero regex blocks that are to come before safe regex # holes; this is to allow certain parts of a regex to be blocked while the # safe.exp match (for example) lets through the rest. For example, we might # have a "safe site" that has ads we want to block. # http_access deny adv0exp http_access deny bad0exp http_access deny offendexp # Let through safe domains, but not regex # http_access allow christdom http_access allow safedom http_access allow schooldom http_access allow employdom # 3. Block bad domains, but not regex # Thus, the domain files should only contain domains which are TOTALLY bad. # If a domain is only mostly bad, it should go in the regex file instead so # that white-list rules can be applied. # Put another way, any domain in a domain blacklist NEVER gets through, even if # a white-list contains a regex pattern match. # http_access deny baddom http_access deny violentIPs http_access deny violentdom http_access deny drugdomains http_access deny gambledom http_access deny deceptive http_access deny offensive http_access deny illegal http_access deny p2p # Ads and spam are last because I'd first want to tell people if the domain # were bad for some other reason, and only as a last resort block it merely # because it was spam. # http_access deny advdom http_access deny spamdom # 4. Let through safe regex # http_access allow christexp http_access allow safeexp # 5. Block bad regex # http_access deny badexp http_access deny violentexp http_access deny drugexp http_access deny gambleexp http_access deny deceptexp # Ads and spam expressions are the last to be blocked. # http_access deny adv1exp # 6. Everything else is permitted for those hosts that are allowed. # http_access allow AllowedHosts http_access deny all
Finish this.