Re: [squid-users] Squid Blocking non-listed websites

From: Amos Jeffries <squid3@dont-contact.us>
Date: Sun, 03 Feb 2008 17:20:42 +1300

Go Wow wrote:
> so what according to you should be my edited squid.conf? and thanks
> for those great inputs.

That depends on which of my points (which you have now elided) you want
to use.

My version of that would look like:

# Unacceptable users netblocks
http_access deny !home_network
http_access deny lpo_network

# cache-management
http_access allow manager localhost
http_access deny manager

# Unacceptable port usage
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

# Whitelist for the following blocks.
acl GoodSites dstdomain "okay-sites.txt" # gmail google.com etc.
acl GoodSites_reg uri_regex -i "okay-words.txt"
http_access allow GoodSites
http_access allow GoodSites_reg

# Unacceptable websites
acl BadSites dstdomain "bad-sites.txt" # porn.com etc.
acl BadSites_reg uri_regex -i "bad-words.txt" # 'excrement' etc.
http_access deny BadSites
http_access deny BadSites_reg

# Acceptable users
http_access allow home_network

# global safety-net.
http_access deny all

Ideally the files and *_reg lists would be empty or missing, but thats a
decision only you can make.

Amos

-- 
Please use Squid 2.6STABLE17+ or 3.0STABLE1+
There are serious security advisories out on all earlier releases.
Received on Sat Feb 02 2008 - 21:20:38 MST

This archive was generated by hypermail pre-2.1.9 : Sat Mar 01 2008 - 12:00:04 MST