How to configure Squid - Part 3
Configuring ACL rule by timing and browser
Squid is used for speeding up a web server by caching repeated requests, DNS, computer network lookups and security by filtering traffic. In this article we going to see about configuring acl rule by timing and browser.
To install and configure squid visit,
https://www.linuxhelp.com/how-to-install-and-configure-squid-part-1/
To block with keywords and extensions in squid visit,
https://www.linuxhelp.com/how-to-block-keywords-and-extensions-in-squid-2/
To Configuration by timing
Create a text file with a list of timing which you want to block (or) allow. Here, we are blocking internet access for timings 11:15-11:30am, 4:15-4:30pm, 6pm-9am.
[root@linuxhelp user1]# vim /etc/squid/down_time.txt
The timing must be always from lower value to higher value.
Open the squid configuration file.
[root@linuxhelp user1]# vim /etc/squid/squid.conf
And add the following lines into it.
acl test src 192.168.5.219 192.168.5.63 acl downtime time " /etc/squid/down_time.txt" http_access deny test downtime http_access allow test
Explanation:
- Mentioned the source acl name as “ test” and entered the IP addresses/network address (Ex : 192.168.5.0/24).
- Mentioned the acl name as “ downtime” and the downtime list file path.
- Mentioned the “ deny” option along with acl name test and downtime.
- “ allow test “ , so that the internet access will be enabled except the timings in the file.
Save the configuration file after entering the rule.
Now reload the squid service.
[root@linuxhelp user1]# service squid reload
Open the browser and try to access internet during the blocklist timing, the access denied error appears as shown below.
To Configuration by browser
Now, lets try to block the internet access by browser. Here we are going to block the connection for the “ firefox” .
Open the squid configuration file, by using the following command.
[root@linuxhelp user1]# vim /etc/squid/squid.conf
Add the following lines into it.
acl test src 192.168.5.219 192.168.5.63 acl browserblock browser firefox http_access deny test browserblock http_access allow test
Explanation
- Mentioned the source acl name as “ test” and entered the IP addresses.
- Mentioned the acl name as “ browserblock ” , the User-Agent header of the Mozilla Firefox browser.
- Mentioned the “ deny” option along with acl name test and browserblock.
- Mentioned “ allow test “ so that except firefox all other browser will be allowed to access internet.
Save the file and reload the squid service as shown below.
[root@linuxhelp user1]# service squid reload
Now open the firefox browser and try to access any site. The access denied error occurs.
Open other browser and try to access, you can able to access.
To limit bandwidth in squid visit,
https://www.linuxhelp.com/how-to-limit-bandwidth-squid/
Send ICP queries to all appropriate siblings
Wait for all replies to arrive with a configurable timeout (the default is two seconds).
Begin fetching the object upon receipt of the first HIT reply, or
Fetch the object from the first parent which replied with MISS (subject to weighting values), or
Fetch the object from the source
The current Squid Developers to-do list is available for your reading enjoyment.
Prospective developers should review the resources available at the Squid developers corner