How to Block a Website Using Squid Proxy Server 4.7 version on CentOS 7.6
To Blocking the websites using Squid Proxy Server
Procedure
Lets check the version of squid proxy server.
[root@linuxhelp ~]# squid -v
Squid Cache: Version 4.7-20190507-r2e17b0261
Service Name: squid
configure options: '--prefix=/usr' '--includedir=/usr/include' '--datadir=/usr/share' '--bindir=/usr/sbin' '--libexecdir=/usr/lib/squid' '--localstatedir=/var' '--sysconfdir=/etc/squid'
Go to the location of Squid configuration file.
[root@linuxhelp ~]# cd /etc/squid
List the contents in the squid.
[root@linuxhelp squid]# ll
total 360
-rw-r--r-- 1 root root 692 May 31 09:12 cachemgr.conf
-rw-r--r-- 1 root root 692 May 31 09:12 cachemgr.conf.default
-rw-r--r-- 1 root root 1800 May 31 09:10 errorpage.css
-rw-r--r-- 1 root root 1800 May 31 09:12 errorpage.css.default
-rw-r--r-- 1 root root 12077 May 31 09:12 mime.conf
-rw-r--r-- 1 root root 12077 May 31 09:12 mime.conf.default
-rw-r--r-- 1 root root 2553 May 31 09:12 squid.conf
-rw-r--r-- 1 root root 2553 May 31 09:12 squid.conf.default
-rw-r--r-- 1 root root 318265 May 31 09:12 squid.conf.documented
Configure the squid.conf file as follows.
[root@linuxhelp squid]# vim squid.conf
acl test src 192.168.7.102
acl block dstdomain
Create a file named block.txt to block the websites that are set in this file.
[root@linuxhelp squid]# vim block.txt
.facebook.com
.twitter.com
To know the exact location of the block.txt, execute the following command.
[root@linuxhelp squid]# pwd
/etc/squid
Open the squid configuration file and set the path in the dstdomain rule.
[root@linuxhelp squid]# vim squid.conf
acl test src 192.168.7.102
acl block dstdomain “/etc/squid/block.txt”
http_access deny test block
http_access allow test
Reload the squid proxy server.
[root@linuxhelp squid]# squid -s
WARNING: Cannot write log file: /var/logs/cache.log
/var/logs/cache.log: Permission denied
messages will be sent to 'stderr'.
Set the sticky bit and full permissions to get rid of the above warning.
[root@linuxhelp squid]# chmod -R 1777 /var/logs
Reload the squid proxy sevrer.
[root@linuxhelp squid]# squid -s
Check the ip address of the squid proxy server by running the following command.
[root@linuxhelp squid]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 00:0c:29:f9:d6:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.7.229/24 brd 192.168.7.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::348f:40bb:9186:7a4/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:1c:2f:d7 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:1c:2f:d7 brd ff:ff:ff:ff:ff:ff
Open the browser, click on open Menu: and select options.
can I replace this:
acl ??? src 192.168.110.0/24
acl block dstdomain “/etc/squid/block.txt”
http_access deny ??? block
http_access allow ???