Squid

Blocking torrents and other extentions:

Configure your firewall to default deny for all office traffic unless specifically allowed.

Require all Web traffic to route through your proxy.

If your users are unable to access the Internet directly, it will be substantially more difficult for them to use advanced protocols like BitTorrent.

While using SQUID acls will be substantially more limited in scope and be easily circumvented, you could use something like:

acl extensiondeny url_regex -i "/etc/squid/extensiondeny"

acl download method GET

http_access deny extensiondeny download

http_access deny extensiondeny

Within "/etc/squid/extensiondeny":

\.torrent$

Disable caching for a certain domain

acl someserver dstdomain .someserver.com

no_cache deny someserver

Disable caching overall

acl all src 0.0.0.0/0

cache deny all

Export access.log into a time-readable format

perl -pe 's/(\d+)/localtime($1)/e' /var/log/squid/access.log > /tmp/myfile

Check the authentication type

vi /etc/squid/squid.conf

search for auth_param

Flush Cache

-First of all stop Squid and then....

-> /path/to/squid/caches/swap.state

-Now restart Squid and your done!

-Note that you should repeat the above for every directory defined in the cache_dir option within

squid.conf.

Otherwise use squid -z to recreate cache directories

Test Squid from your PC

-On the local machine:

-ssh -L 3128:localhost:3128 root@

-Log in

-Then on the local machine in Firefox:

-Change the connection settings to:

localhost:3128 - for all services

Squid proxy - Technical Support - SYNAQ Wiki http://wiki.synaq.com//display/Technical/Squid+proxy

1 of 3 09/11/2008 10:18 AM

-And off you go connecting to the internet via the other Linux machine.

-This "host" machine can be ANY machine that has internet connectivity and with squid installed.

Check squid on server

-telnet localhost 3128

-Trying 127.0.0.1...

-Connected to localhost.localdomain (127.0.0.1).

-Escape character is '^]'.

-get http://www.google.co.za HTTP/1.0

-enter twice

Bypass Squid for a domain eg yahoo.com

-add the following to

-vi /etc/squid/squid.conf (copied from server213.dsl.storm.co.za)

-acl yahoo dstdomain *.yahoo.com

-always_direct allow yahoo

-no_cache deny yahoo

Block windowsupdates:

acl LAN src 192.168.0.0/24

acl windowsupdate dstdomain .windowsupdate.com

http_access deny LAN windowsupdate

Block certain site(s)

1 - make an ACL for the subnet/range you want to block the URL from...

2 - make an ACL for the URLs you wish to block...

3 - create an "http_access deny" rule using those two ACLs...

for example: (put deny rule before any allow rules)

acl banned_clients src 192.168.12.12-192.168.12.65

acl sucky_urls dstdomain .microsoft.com .sco.com .doubleclick.com

http_access deny banned_clients sucky_urls

Blockmultiple sites:

acl bad_url dstdomain "/etc/squid/bad-sites.squid" (under safe ports etc)

http_access deny bad_url (under http_access etc)

Edit /etc/squid/bad-sites.squid and list like so:

.fanfiction.net

.meebo.com

.playboy.com

.myspace.com

Blocking certain times

(check Regenesys for comparison)

acl our_networks src 192.168.0.0/24

acl facebook dstdomain .facebook.com

acl morning time 6:00-12:00

acl afternoon time 13:00-17:00

acl evening time 18:00-24:00

http_access deny morning facebook our_networks

http_access deny afternoon facebook our_networks

http_access deny evening facebook our_networks

http_access allow our_networks

Squid error report localtime (see ticket 12640)

Edit each template in /etc/squid/errors/* and add to the bottom of each file:

Allow MSN through Squid

acl msn url_regex -i gateway.messenger.hotmail.com

http_access allow msn

Pointing blocked sites to a text file

cd /etc/squid

touch badsites.txt

In squid.conf create acl

acl badsites url_regex -i "/etc/squid/blockedsites.txt"

Then http_access

http_access deny badsites