RE: [squid-users] [Newbie] Easy way to expressly limit destinatio n URLs?

Yes this is possible. Not even too tough.

The following instructions assume that your children's computer has a static
IP and that you are blocking that IP from directly accessing the internet
(kids are crafty, and can figure out proxy settings in a heartbeat,
including finding alternate proxies). Of course this means they will likely
be able to figure out how to acquire a new IP address, but you can only do
so much.

In the squid.conf look for the "acl" section and add:

acl kidsComp src 1.2.3.4/32
acl allowedDomains dstdomain "/path/to/domain/file"

Obviously change the IP and file path to suit.

Next find the "http_access" section and prepend:

http_access allow allowedDomains
http_access deny kidsComp

This will allow all computers using Squid to go to sites listed in the file,
and deny the children's computer from any other access. Any other computers
accessing Squid will be allowed access. Just watch out so you don't make an
open proxy.

The file (/path/to/domain/file) should have one domain per line, and every
domain should start with a period (e.g. .disney.org).

Chris

-----Original Message-----
From: Todd Krein [mailto:Todd.Krein@digeo.com]
Sent: Monday, November 29, 2004 8:36 AM
To: squid-users@squid-cache.org
Subject: [squid-users] [Newbie] Easy way to expressly limit destination
URLs?

[Sorry if this is a rehash... Didn't find an answer in the FAQ]
Problem: I want to limit by children's web-surfing to only sites that I have
pre-screened (i.e. PBSkids.org, Disney.org). All others should be blocked.

I've run Linux systems long enough (>6 years) to know that the learning
curve is steep for stuff as complex as Squid, so I want to ensure that it'll
work before I invest the hours...

Can I easily set up a Squid proxy for my girls' computer so that, only for
that one machine, only URLs that I've explicitly added to an ACL will work?
Is there an easy way to manage that ACL? (i.e. my wife needs to be able to
use a GUI to add a web site.)

[If you could respond to me personally as well as the mailing list, I'd
appreciate it.]
Thanks very much in advance....

============================================
Todd Krein
Director of Hardware Engineering   Digeo, Inc.
529 Bryant St.                                650 838 5572
Palo Alto, CA                                650 838 5598(Fax)
94301                                            todd@digeo.com
 
Received on Mon Nov 29 2004 - 12:30:38 MST