First we will create a list then allow or deny at the end
| Code: |
| # vi /etc/squid/squid.conf |
[go to acl and add/modify according to ur need]
| Code: |
acl GoodIP src 192.168.0.1 acl GoodIP src 192.168.0.15 acl BlockedIP src 192.168.0.2 acl BlockedIP src 192.168.0.3 acl LimitedURL url_regex -i bbc.com acl LimitedURL url_regex -i abc.com acl GoodURL url_regex -i 123abc.com acl GoodURL url_regex -i abc123.com acl badURL url_regex -i xyz.com acl badURL url_regex -i games acl badURL url_regex -i chat acl x-type req_mime_type -i ^application/octet-stream$ acl x-type req_mime_type -i application/octet-stream acl x-type req_mime_type -i ^application/x-mplayer2$ acl x-type req_mime_type -i application/x-mplayer2 acl x-type req_mime_type -i ^application/x-oleobject$ acl x-type req_mime_type -i application/x-oleobject acl x-type req_mime_type -i application/x-pncmd acl x-type req_mime_type -i ^video/x-ms-asf$ acl x-type2 rep_mime_type -i ^application/octet-stream$ acl x-type2 rep_mime_type -i application/octet-stream acl x-type2 rep_mime_type -i ^application/x-mplayer2$ acl x-type2 rep_mime_type -i application/x-mplayer2 acl x-type2 rep_mime_type -i ^application/x-oleobject$ acl x-type2 rep_mime_type -i application/x-oleobject acl x-type2 rep_mime_type -i application/x-pncmd acl x-type2 rep_mime_type -i ^video/x-ms-asf$ http_access allow GoodIP all http_access deny BlockedIP LimitedURL http_access deny badURL http_access deny x-type all http_reply_access deny x-type all http_access deny x-type1 all http_reply_access deny x-type1 all http_access deny x-type2 all http_reply_access deny x-type2 all acl extndeny url_regex -i "/etc/squid/extndeny" acl download method GET http_access deny extndeny download http_access deny extndeny |
save and close
Now lets create extndeny file ..this is the list of file extensions which we are blocking in SQUID. make a file and add these file extensions vi /etc/squid/extndeny --
| Code: |
| \.ez$ \.hqx$ \.cpt$ \.dot$ \.wrd$ \.bin$ \.dms$ \.lha$ \.lzh$ \.ace$ \.r00$ \.r01$ \.exe$ \.wp5$ \.wk$ \.wz$ \.vcd$ \.bz2$ \.deb$ \.dvi$ \.tar$ \.gtar$ \.tgz$ \.gz$ \.bat$ \.rpm$ \.spm$ \.zip$ \.mid$ \.midi$ \.kar$ \.mpga$ \.mp2$ \.mp3$ \.ra$ \.dl$ \.fli$ \.gl$ \.mpe$ \.mpeg$ \.mpg$ \.qt$ \.mov$ \.avi$ \.movie$ \.wav$ \.au$ \.asf$ \.af$ \.bin$ \.gz$ \.bz2$ \.asx$ \.afx$ \.asf$ \.asx$ \.au$ \.avi$ \.divx$ \.m3u$ \.mov$ \.mp2$ \.mp3$ \.mpeg$ \.mpg$ \.qt$ \.ra$ \.ram$ \.rm$ \.viv$ \.vivo$ \.vob$ \.vqf$ \.wav$ \.wma$ \.wmv$ \.vbs$ \.shs$ \.pif$ \.wpm$ \.wvx$ |
Now restart squid
| Code: |
| # service squid restart |
Always look in log files for errors
| Code: |
| /var/log/squid/access.log # have list of website visited by all users /var/log/squid/cache.log # Log of squid deamon / process |
No comments:
Post a Comment