[SOLVED] Block https Facebook in Squid proxy server


FREQUENTLY ASKED QUESTIONS (Linux)
Q: How to block Facebook in squid proxy? (any secure https sites)


Here the post will show you how to block complete "http" and "https" facebook access in office times in your squid proxy server. Create an acl with facebook domain (dstdomain) and deny both http and https access.

Add the Configurations to squid.conf
[root@server ~#]vi /etc/squid/squid.conf

#1: Create an acl for proxy clients.
acl accountant src 192.168.10.50/32


#2: Create an acl for facebook domain  (any required sites)
acl fb dstdomain .facebook.com

#3: Create an acl office time for Mon-Sat, 10:00 to 17:00 (24hrs)
acl officetime time MTWHFA 10:00-17:00

#4: Deny access to "http" facebook to accountant only in office times
http_reply_access deny  fb accountant officetime

#5: The below line will deny access to "https" secured facebook to the proxy user "accountant" in office times. Squid proxy will deny access to "https" facebook to accountant only in office times. 
http_access deny CONNECT fb accountant officetime
#(save the squid.conf configuration file)

#6: And finaly reload squid service to take effect changes
[root@server ~#]service squid reload

Tips: The way to include multiple sites in one ACL
acl badsites dstdomain .facebook.com .twitter.com .blogger.com

Note: Tested in squid-3.1       (tested using squid-3.1.16-1.fc15.x86_64   in CentOS 6)
Post ur comments....

Check Squid Related Posts:

45 comments:

Anonymous said...

Hi, does the line:

#3: Create an acl office time for Mon-Sat, 10:00 to 17:00 (24hrs)
acl officetime time MTWHFA 10:00-17:00

Use the system time?

Thanks.
Leo

Author said...

@Leo,
Yes, the ACL use the system time in Squid server.

Unknown said...

hope this working. i want to try it, thanks for sharing :)

Poon said...

it's work on squid 3.1.10
Thanks for sharing too:)

Author said...

@rizaal,
always place the facebook deny ACLs above of all other browse allowing ACL
like below
http_reply_access deny fb accountant
http_reply_access allow lan

Author said...

@Poon, Thanks..

Anonymous said...

Thanks , its working in my fedora squid 3.1

Unknown said...

im new on squid operation. may i know how to create an acl with facebook domain?

Author said...

@Unknown, As mentioned in this post, add the fillowing
3 lines to squid.conf (most simplest solution)
acl fb dstdomain .facebook.com
http_access deny CONNECT fb
http_reply_access deny fb

Done, now restart the squid daemon
#service squid restart

rajasekaran said...

service squid reload
2012/04/24 05:45:20| aclParseAclList: ACL name 'CONNECT' not found.
FATAL: Bungled squid.conf line 65: http_access deny CONNECT fb accountant officetime
Squid Cache (Version 3.1.4): Terminated abnormally.
CPU Usage: 0.013 seconds = 0.004 user + 0.009 sys
Maximum Resident Size: 21968 KB
Page faults with physical i/o: 0

Author said...

@rajasekaran, thanks for feedback.
Add the below "CONNECT" acl to your squid.conf file
acl CONNECT method CONNECT

#then try restarting squid

Aneesh said...

What if the user/client uses an anonymous proxy like kproxy.com? There are 1000's of free proxies available. What can we do?

Csaba said...

Is this working in tranparent mode?
I have ipcop v2 with squid 3.1.19 and can not block https facebook.

acl szamtec-termek src 10.205.206.150
acl facebook dstdomain .facebook.com
http_reply_access deny facebook szamtec-termek
http_access deny CONNECT facebook szamtec-termek

What could be wrong?

wanshishi said...

It doesnt work for squid 2.6 :( any ideas?

Unknown said...

Thumbs up guys your doing a really good job.
Unblock Facebook

Unknown said...

Am using CentOS 5.6 and squid 2.6, what shouls i do in order to setup a transparent proxy?

Auronrev said...

Thanks, very nice info!! ;)

But, I've a little problem. When squid blocks any https site, squid page error isn't shown, it's shown an explorer error. Http blocked page works fine, it shows squid error page. Any idea to solve this?

Next Gen Robotic Car said...

I have tested it on squid 3.2.7 and its not working ...

Driv3n 817 said...

Does this work by blocking all https sites except those IP Address that I place in the bypass proxy server list?

blocker25 said...

is not working on my transparent setup!

Unknown said...

Me only works when the page is closed https and try to open in time OfficeTime. If you are released and remain with the window open, entering the OfficeTime it does not block. This only happens to me? I am redirected to the https port 3128 by iptables. I'm using Squid 3.1.19 on ubuntu. I appreciate the help.


  Sorry my english. I am Brazilian and I'm using google translate. rs

Knev said...

Hi

Which version of squid, blocks https?

Thanks
knev
Tech blog

Sensei Grant said...

On Squid 2.7
Just after safe ports and just before http access.

I have am blocking specific https sites with the following




acl stop_https_sites dstdomain .facebook.com
acl stop_https_sites dstdomain .myspace.com
acl stop_https_sites dstdomain .google.com
acl stop_https_sites dstdomain .tagged.com
acl stop_https_sites dstdomain .badoo.com
acl stop_https_sites dstdomain .flickr.com
acl stop_https_sites dstdomain .twitter.com
acl stop_https_sites dstdomain .halowaypoint.com

http_access deny CONNECT stop_https_sites

Unknown said...

create script
vi facebookblock.sh

add this to the script

# Facebook Block------
for ip in `whois -h whois.radb.net '!gAS32934' | grep /`
do
iptables -A FORWARD -p all -d $ip -j REJECT
done
#End Facebook Block-----

save and run it.
It will update the latest IP blocks used by facebook.

Venky said...

using the file blocksite.acl, facebook is not getting blocked.

is this syntax is wrong ?

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl morning_hours time SMTWHFA 09:45-12:45
acl afternoon_hours time SMTWHFA 14:15-18:15
acl blocksite dstdomain "/etc/squid/blocksite.acl"
http_reply_access deny morning_hours blocksite Ittechsolution
http_access deny CONNECT morning_hours blocksite Ittechsolution
http_reply_access deny afternoon_hours blocksite Ittechsolution
http_access deny CONNECT afternoon_hours blocksite Ittechsolution

Unknown said...

the https site facebook is not blocked using squid proxy server. i had tried the above one http://www.facebook.com got blocked. but https://www.facebook.com also need to be blocked using squid proxy server. pls update with reply

Unknown said...

check Artica Proxy is a frontend GUI for squid, is open source project...

Unknown said...

Add this two access controll list

acl badport port 443
acl fb dstdomain .facebook.com
http_reply_access deny badport fb

Unknown said...

Hay Dear, Do you find to web proxy free,proxy web free,unblock web proxy,secure proxy,unblock website proxy. I suggest you to visit this site. There are a lot of web proxy . For details: unblock website proxy

Squidblacklist said...

Squidblacklist.org is the worlds leading publisher of native acl
blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as
many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more.

There is room for better blacklists, we intend to fill that gap.


It would be our pleasure to serve you.

Signed,

Benjamin E. Nichols
http://www.squidblacklist.org

Squidblacklist said...

Squidblacklist.org is the worlds leading publisher of native acl
blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as
many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more.

There is room for better blacklists, we intend to fill that gap.


It would be our pleasure to serve you.

Signed,

Benjamin E. Nichols
http://www.squidblacklist.org

Unknown said...

Simply, save this to your firewall

iptables -t filter -I FORWARD -s x.x.x.x/32 -m layer7 --l7proto youtube -j DROP

x.x.x.x=Static lease of your DHCP/IP

Unknown said...

iptables -t filter -I FORWARD -s x.x.x.x/32 -m layer7 --l7proto facebook -j DROP

suchi said...
This comment has been removed by the author.
joshdriod said...

yes, I have read your post and I must commend your writing skills and your take on this matter, it goes a long way and has made me really understand this topic, this is really nice. but get more details on how to block a facebook friend easily.

Charles Louis said...

In order to recover the Facebook account, it is advisable to go to the security settings there login your account after that scroll down to “recover all the external accounts” further click “edit.” If you are still looking for more information or help then ask for it from the Facebook support technicians.
Facebook Help Number UK

Jack Leach said...

It was a nice article. Thank you for your valuable information. visit us if you have further queries regarding on Bluehost iPhone email rejected by server

All in One Technician said...

Geek Squad Tech Support helps those customers who face technical issues in own gadgets anytime and unable to sort out at this place Geek Squad Support Team Aid your issues by manually or through the software on Remote. Call on (+1)855-554-9777 for technical issues in Gadgets. https://customer-phonenumber.com/geek-squad-support/

Email-Helpline-Number-UK said...
This comment has been removed by the author.
Email-Helpline-Number-UK said...

The users using the Facebook dating service are often seen complaining about it, if in case it stops working then to get that fixed the user should get the Facebook application updated also the user should check the Wi-Fi connection, the application notifications should be enabled, the device should be given a restart and the application should be removed from the device and should be reinstalled on it the experts are available for help at +44-800-368-9067 if that is needed.
Facebook Helpline Number UK.

Jogi Modi said...

I will definitely digg pirate bay proxy and personally suggest to my friends.

Unknown said...

Thankyou for sharing this useful information. 
Here's the guide to root android device android device.

Unknown said...

I have added below lines in Sqid.conf on AWS EC2 windows instance.

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#


acl block dstdomain .google.com .youtube.com
http_access deny CONNECT block
http_reply_access deny block
#http_access allow new


BUt not working as i expected. Its still not deny google or youtube.

baloch said...

I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. crackdoc.org I hope to have many more entries or so from you.
Very interesting blog.
JetBrains CLion Crack
PRTG Network Monitor Crack
CCleaner Pro Crack
AOMEI Partition Assistant Crack
Eset Smart Security Premium Crack

Bulletin Exclusive said...

You really have shared such amazing words, I also write on UNBLOCK “The Pirate Bay”

Related Posts Plugin for WordPress, Blogger...

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Coupons