How to configure Squid Proxy Server to block a file format in FreeBSD
To configure Squid Proxy Server to block a file format in FreeBSD
Squid is an open source featured web proxy cache server. It is used for blocking the websites and file formats. In this tutorial, we will see the method to configure Squid Proxy Server to block a file format in FreeBSD.
To configure Squid Proxy Server
Before configuring the Squid Proxy Server, check the status of Squid by using the following command.
root@linuxhelp1:~ # service squid status
squid is running as pid 1426.
My squid server ip address : 192.168.7.211
My client machine ip address: 192.168.7.216
Once it is done, move to squid configuration directory by using the following command.
root@linuxhelp1:~ # cd /usr/local/etc/squid/
root@linuxhelp1:/usr/local/etc/squid # ls -l
total 380
-rw-r--r-- 1 root wheel 692 Jan 12 19:09 cachemgr.conf
-rw-r--r-- 1 root wheel 692 Jan 12 19:09 cachemgr.conf.sample
-rw-r--r-- 1 root wheel 1817 Jan 12 19:09 errorpage.css
-rw-r--r-- 1 root wheel 1817 Jan 12 19:09 errorpage.css.sample
drwxr-xr-x 48 root wheel 4608 Feb 8 17:25 errors
drwxr-xr-x 3 root wheel 512 Feb 8 17:25 icons
-rw-r--r-- 1 root wheel 30844 Jan 12 19:09 mib.txt
-rw-r--r-- 1 root wheel 12077 Jan 12 19:09 mime.conf
-rw-r--r-- 1 root wheel 12077 Jan 12 19:09 mime.conf.sample
-rw-r--r-- 1 root wheel 2592 Feb 10 15:54 squid.conf
-rw-r--r-- 1 root wheel 291312 Jan 12 19:09 squid.conf.documented
-rw-r--r-- 1 root wheel 2315 Jan 12 19:09 squid.conf.sample
Use the nano command to open the squid.conf file. Add the rule for extension block as the following image.
And openthe by using nano command. And add the rule for extension block like the following image.
Before that create a file for the format you want to block. Like .mp3, .mp4, .flv and etc.
Once it is done, open the squid.conf file to add the rule with block list file path as follows.
root@linuxhelp1:/usr/local/etc/squid # nano squid.conf GNU nano 2.7.3 File: squid.conf # # Deny requests to certain unsafe ports http_access deny !Safe_ports # Deny CONNECT to other than secure SSL ports http_access deny CONNECT !SSL_ports # Only allow cachemgr access from localhost http_access allow localhost manager http_access deny manager # We strongly recommend the following be uncommented to protect innocent # web applications running on the proxy server who think the only # one who can access services on " localhost" is a local user #http_access deny to_localhost # # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS # acl test src 192.168.7.216 acl block dstdomain " /root/Desktop/domainblock.txt" acl extblock urlpath_regex -i " /root/Desktop/extblock.txt" http_access deny test block http_access deny test extblock http_access allow test root@linuxhelp1:/usr/local/etc/squid #
Once it is done, reload the Squid by using the following command.
root@linuxhelp1:/usr/local/etc/squid # service squid reload
Performing sanity check on squid configuration.
Configuration for squid passes.
Once it is done, open the client machine and verify the proxy settings.
Linux
FreeBSD
NetBSD
BSDI
OSF and Digital Unix
IRIX
SunOS/Solaris
NeXTStep
SCO Unix
AIX
HP-UX
OS/2
However, Squid does not yet perform well on Windows/NT.
Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests.
Squid supports SSL, extensive access controls, and full request logging. By using the lightweight Internet Cache Protocol, Squid caches can be arranged in a hierarchy or mesh for additional bandwidth savings.