Configuring squid to block websites based on categories

From Notes_Wiki

Home > CentOS > CentOS 6.x > Squid proxy server configuration > Configuring squid to block websites based on categories

To configure squid to block websites based on categories use:

  1. yum -y install squid
  2. Download blacklist from http://www.squidguard.org/blacklists.html Use MESD blacklists if you are not sure about which one to use.
  3. Extract blacklists in /etc/squid/blacklists folder using something similar to "cd /etc/squid; tar xzf blacklists.tgz"
  4. Verify that squid is working before integrating blacklists. It is recommended to set 
    shutdown_lifetime 0 sec
    so that new changes can be applied quickly. Do not proceed without verifying that proxy is working properly.
  5. For categories that need to be blocked use following command for their domains file: 
    sed -i 's/^\([^\.]\)/\.\1/' domains
    In this example it is assumed that porn domains need to be blocked. The solution should work for other categories in the similar manner by replacing porn with name of other category available in downloaded blacklist.
  6. Edit squid.conf and locate 'INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS' 
    #Disabling porn
    

    acl porn_mesd dstdomain "/etc/squid/blacklists/porn/domains"
    

    http_access deny porn_mesd
  7. Now to unblock wrongly categorized domains use: 
    #To unblock domains which are micategorized as porn in blacklists
    

    acl not_porn dstdomain "/etc/squid/not_porn.txt"
    

    http_access allow not_porn
    Remember to create and populate /etc/squid/not_porn.txt file
    Note that these lines should be before 'http_access deny porn_mesd' line. Also intentionally not_porn.txt is kept outside blacklists folder. The file is not kept inside the folder and also downloaded file is not modified directly. This way a new blacklist folder can be downloaded without affecting current exceptions.
  8. If some porn website is not captured properly in downloaded list then additional sites can be blocked using: 
    #Block sites not covered in mesd blacklists
    

    acl porn_manual dstdomain "/etc/squid/porn.txt"
    

    http_access deny porn_manual
    Remember to create and populate /etc/squid/porn.txt file



Home > CentOS > CentOS 6.x > Squid proxy server configuration > Configuring squid to block websites based on categories

Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Configuring_squid_to_block_websites_based_on_categories&oldid=6468"