Squid Advanced configurations manual

Advanced Squid configuration manual
              This post includes blocking https facebook, download size limiting, ftp access and  some more advanced configuration for building a perfect squid proxy server. Hope you visited my previous post on  Basic squid configuration. And hope this will help you alot..
Note:Add the following lines to /etc/squid/squid.conf

To allow FTP traffic through squid
Step1:First of all, Add the ftp port number to squid's SSL ports and Safe ports list (default ftp port: 21/tcp)
acl SSL_ports port 443 21
acl Safe_ports port 21          # ftp
Step2:Add an "ACL" (access control list) with your normal ACLs
#Add the below line as a new acl   (add in /etc/squid/squid.conf )
acl ftp proto FTP
Step3:And finaly allow the above ftp acl
http_access allow ftp
#to access a ftp server use this way     ftp://username:password@ipaddress:port     (press enter)

Block WEBSITES (Block only Monday to Saturday 10:00 to 18:00)
Step1: First of all create two ACLs with your requirements(eg: to block facebook and orkut )
acl badsites dstdomain .facebook.com .orkut.com
acl officetime time MTWHFA 10:00-18:00
Step2: And deny the badsites ACL
http_reply_access deny badsites officetime
Note: The normal website blocking method using "http_reply_access deny badsites" option mentioned above will not work for https connections. so http://www.facebook.com will be blocked while https://www.facebook.com will work fine

Block https sites in squid (eg: block  https://www.facebook.com)
Step1: Create a new acl with facebook.com (Dont forget to add a dot (".") before facebook.com)
acl badsites dstdomain .facebook.com
Step2: Deny the above domain to connect via ssl connection (https)
http_access deny CONNECT badsites

Limit maximum download file size
This example shows How to limit the maximum file size to 100MB. So users cannot download the files greater than 100MB
Add the below line to the bottom of squid.conf
reply_body_max_size 100 MB

Change visible hostname
Add the below line to the bottom of squid.conf
visible_hostname servercomputing

Change Listening port number
Edit the 62nd line of squid.conf as below(default will be 3128)
http_port 8080

Block Flash Videos (eg: Youtube.com)
Step1: Add a new ACL as below
acl flash rep_mime_type video/x-flv
Step2: And finaly deny the newly created mime type
http_reply_access deny flash
(Tip: can also block other mime types, eg: pdf,doc,php,etc)

Click Here for More Advanced Squid Configurations

Was this helpfull ?


Anonymous said...

thanks it works.....
i could block https facebook in my squid 3.1

Hamidur.Shawon said...

WOW at last I got the solution. Thanks

Author said...

Thanks Hamidur Shawon...

Batzorig said...

mmm i can't block Https..
strange this solution still alive???

sangay tenzin said...

i tried as you have mentioned but i am not able to block https

sangay tenzin said...

i tried as you have mentioned but i am not able to block https

Related Posts Plugin for WordPress, Blogger...

Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Coupons