How to block with keywords and extensions in SQUID - Part 2
To add acl rule by keywords and extensions in SQUID
In this article we going to see about configuring acl rule by keywords and extensions.
To install and configure the squid visit the following link,
https://www.linuxhelp.com/how-to-install-and-configure-squid-part-1/
To Configure by keywords
Create a keyword_block.txt file with a list of keywords to block (or) allow in /etc/squid/
[root@linuxhelp user1]# vim /etc/squid/keyword_block.txt
Open the squid configuration file.
[root@linuxhelp user1]# vim /etc/squid/squid.conf
Enter the acl rule to block by keywords as shown below,
acl test src 192.168.5.219 192.168.5.63 acl keyword_block url_regex " /etc/squid/keyword_block.txt" http_access deny test keyword_block http_access allow test
Explanations
1st line - Enter the source acl name as “ test” and entered the IP addresses/network address .
2nd line - Enter the acl name as “ keyword_block” and the path of the keyword list file.
3rd line - Enter the “ deny” option along with acl name test and keyword_block, so that any link which carries the keywords mentioned in the file will be denied for the IP’ s which comes under the acl name “ test” .
4th line - Enter “ allow test “ so that all other domains except the keywords in the file can be accessed.
Save the configuration file after entering the rule and reload the squid service
[root@linuxhelp user1]# service squid reload
Try to access the domain with the given keywords in the file, the following error appears.
Any link containing the keyword ‘ tube’ will be denied by the squid proxy server as we have mentioned it in the rule.
Now, the acl rule for keyword block is successfully executed.
To Configure by extension
Create a block list in ext_block.txt" file. Here we are adding the extensions mp3, mp4 and zip.
[root@linuxhelp user1]# vim /etc/squid/ext_block.txt
Open the squid configuration file.
[root@linuxhelp user1]# vim /etc/squid/squid.conf
Enter the acl rule to block by extension
acl test src 192.168.5.219 192.168.5.63 acl ext_block url_regex " /etc/squid/ext_block .txt" http_access deny test ext_block http_access allow test
Explaination
1st line - Enter the source acl name as “ test” and IP addresses.
2nd line - Enter the acl name as “ ext_block” and path of the extension list file.
3rd line - Enter the “ deny” option along with acl name test and ext_block so that in any webpages downloading the extensions like .mp3,.mp4,.zip will be denied for the IP’ s which comes under the acl name “ test” .
4th line - Enter “ allow test“ so that all other domains except the list in the file can be accessed and downloaded.
Save the file after entering the rule and reload the squid service.
[root@linuxhelp user1]# service squid reload
In the below example, you can see the squid proxy is refusing the connection of .mp3 file.
The webpage is refused because it is a download link of .zip file.
To configure the Squid visit,
https://www.linuxhelp.com/how-to-configure-acl-rule-by-timing-and-browser-in-squid/
To limit bandwidth in Squid visit,
https://www.linuxhelp.com/how-to-limit-bandwidth-squid/
systemctl reload squid.service