Tutorial News Comments FAQ Related Articles

How to configure Squid - Part 3

{{postValue.id}}

Configuring ACL rule by timing and browser

Squid is used for speeding up a web server by caching repeated requests, DNS, computer network lookups and security by filtering traffic. In this article we going to see about configuring acl rule by timing and browser.

To install and configure squid visit,
https://www.linuxhelp.com/how-to-install-and-configure-squid-part-1/

To block with keywords and extensions in squid visit,
https://www.linuxhelp.com/how-to-block-keywords-and-extensions-in-squid-2/

To Configuration by timing

Create a text file with a list of timing which you want to block (or) allow. Here, we are blocking internet access for timings 11:15-11:30am, 4:15-4:30pm, 6pm-9am.

[root@linuxhelp user1]# vim /etc/squid/down_time.txt

list of timing

The timing must be always from lower value to higher value.

Open the squid configuration file.

[root@linuxhelp user1]# vim /etc/squid/squid.conf

And add the following lines into it.

acl test src 192.168.5.219 192.168.5.63    
acl downtime  time  " /etc/squid/down_time.txt" 
http_access deny test downtime  
http_access  allow test

Explanation:

  • Mentioned the source acl name as “ test” and entered the IP addresses/network address (Ex : 192.168.5.0/24).
  • Mentioned the acl name as “ downtime” and the downtime list file path.
  • Mentioned the “ deny” option along with acl name test and downtime.
  • “ allow test “ , so that the internet access will be enabled except the timings in the file.

Deny request

Save the configuration file after entering the rule.

Now reload the squid service.

[root@linuxhelp user1]# service squid reload


Open the browser and try to access internet during the blocklist timing, the access denied error appears as shown below.


Error page

To Configuration by browser

Now, lets try to block the internet access by browser. Here we are going to block the connection for the “ firefox” .
Open the squid configuration file, by using the following command.

[root@linuxhelp user1]# vim /etc/squid/squid.conf

Add the following lines into it.

acl test src 192.168.5.219 192.168.5.63    
acl browserblock  browser  firefox
http_access deny test browserblock  
http_access  allow test


Explanation

  • Mentioned the source acl name as “ test” and entered the IP addresses.
  • Mentioned the acl name as “ browserblock ” , the User-Agent header of the Mozilla Firefox browser.
  • Mentioned the “ deny” option along with acl name test and browserblock.
  • Mentioned “ allow test “ so that except firefox all other browser will be allowed to access internet.

Editing page

Save the file and reload the squid service as shown below.

[root@linuxhelp user1]# service squid reload

Now open the firefox browser and try to access any site. The access denied error occurs.
output page

Open other browser and try to access, you can able to access.

Browser

webpage

To limit bandwidth in squid visit,

https://www.linuxhelp.com/how-to-limit-bandwidth-squid/

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 5 )

Q

how to install SARG on Ubuntu

A

For the installation of SARG on ubuntu, follow the as below "https://www.linuxhelp.com/how-to-install-sarg-on-ubuntu-16-04/"

Q

How to blocking domain using squid on windows?

A

For the purpose of blocking domain using sqiod on windows,use the following link to get the tutuorial as "https://www.linuxhelp.com/how-to-block-domain-using-squid-in-windows-7/"

Q

What does the "squid.conf" file will do in "Squid"?

A

The squid.conf file defines the configuration for squid. the configuration includes (but not limited to) HTTP port number, the ICP request port number, incoming and outgoing requests, information about firewall access, and various timeout information.

Q

What is the Squid cache resolution algorithm?

A

The squid cache resolution algorithm are given below,
Send ICP queries to all appropriate siblings
Wait for all replies to arrive with a configurable timeout (the default is two seconds).
Begin fetching the object upon receipt of the first HIT reply, or
Fetch the object from the first parent which replied with MISS (subject to weighting values), or
Fetch the object from the source

Q

What features are Squid developers have currently working on?

A

There are several open issues for the caching project namely more automatic load balancing and (both configured and dynamic) selection of parents, routing, multicast cache-to-cache communication, and better recognition of URLs that are not worth caching.

The current Squid Developers to-do list is available for your reading enjoyment.

Prospective developers should review the resources available at the Squid developers corner

Back To Top!