In this tutorial we will use Squid proxy server to block websites listed in file. Here,we will list the website in a file called “restricted-sites.squid”.
In our last post we have already setup the squid transparent proxy. The How to guide will help to install and configure the latest Squid Server.
Advantage of using file listed with restricted websites
(1) We can easily manage and search the website in a file
(2) We can write many website name in the file.Because of this,our squid configuration file looks clean and easy to understand
(As a System Administrator,always try to keep Server configuration file clean and understandable)
Precautions while configuring the Squid server
(1) Always write configuration to its related section. For eg. If you are writing acl ,it should not be written in other section.
(2) The configuration parameters are case sensitive
Squid Proxy Server configuration to block websites listed in a file
Follow the given below steps in Squid Server to block websites which are listed in file.
Step 1: Create a file /etc/squid/restricted-sites.squid. And write website name in the file which you want to block.
For example,I have given website name sharad.me . Like wise you can write as many different website name you want to restrict.
vi /etc/squid/restricted-sites.squid sharad.me www.sharad.me http://sharad.me
Step 2: Be careful while writing this configuration. Write the configuration which is specific to particular section.
Edit /etc/squid/squid.conf file and write two configuration settings.
In acl section , write a new line
acl blocksites dstdomain "/etc/squid/restricted-sites.squid"
In http_access deny section,write new line
http_access deny blocksites
If you are doing this first time, the below screenshot is recommended for you.
Closely see,how the acl section and https_access section has the above given configuration written.
Step 3: Now restart the squid service
/etc/init.d/squid restart
Max says
Is it possible to block SEVERAL pages on site and ONLY them?
ari says
Can you block prefixes like the letter k?
hicham says
hi i have problem i’m using proxy for block facebook and some site but the users used hola vpn for unblock my proxy can u gave the solution pls
Sharad Chhetri says
Hi Hicham,
I am not using this setup anymore, so difficult to accurately test and give answer. Yet check this url once http://squid-web-proxy-cache.1019090.n4.nabble.com/Block-VPN-access-like-hola-org-ultrasurf-td4677303.html
Regards
Sharad
Piyush says
I have reverse problems …
1. clients cannot reach the proxy server. i have specified the correct ip address and correct port (3128 default).
2. clients cannot access any website, even though i have allowed that specific client IP address via
acl allowed src 192.168.0.18/32
http_access allow allowed
sharad chhetri says
Hi Piyush,
Check the squid log. You may find the error, if there is no hit from client side logged, then packets are not reaching to squid.
Regards
Sharad
john says
How to block https sites like facebook.com
sharad chhetri says
Hello John,
Try this
Regards
Sharad
shuuyaAmt says
Hii Sharad, your blog was very useful in my experiments but I’do like to try blocking sites using (like how we do in PHP using preg_match function) their letters in a domain like
.example*.com or .*example.com (I am just wondering if it can be done in this way). So any thoughts about it Sharad.
Sharad Chhetri says
The regex which you are using should work.
Regards
Sharad
Venkat Reddy Sangam says
Hi Sharad,
Your blog is very use full, I like your blog
I have one requirement in my environment
Setup for “squid proxy” with TLS,Please share me if you have any documentation
Anton says
Thanks for this. Worked well.
Need a help with extension to this. After blocking sites as mentioned, how can I allow certain IP’s to access the restricted sites?
sharad chhetri says
Thank You Anton,
You have to use Squid ACL here.
For reference, this is the official URL http://wiki.squid-cache.org/SquidFaq/SquidAcl
Regards
Sharad