Squid Advanced configurations manual ~ ServerComputing

Advanced Squid configuration manual
This post includes blocking https facebook, download size limiting, ftp access and some more advanced configuration for building a perfect squid proxy server. Hope you visited my previous post on Basic squid configuration. And hope this will help you alot..
Note:Add the following lines to /etc/squid/squid.conf

To allow FTP traffic through squid
Step1:First of all, Add the ftp port number to squid's SSL ports and Safe ports list (default ftp port: 21/tcp)
acl SSL_ports port 443 21
acl Safe_ports port 21 # ftp

Step2:Add an "ACL" (access control list) with your normal ACLs

#Add the below line as a new acl (add in /etc/squid/squid.conf )
acl ftp proto FTP
Step3:And finaly allow the above ftp acl
http_access allow ftp
#to access a ftp server use this way ftp://username:password@ipaddress:port (press enter)

Block WEBSITES (Block only Monday to Saturday 10:00 to 18:00)
Step1: First of all create two ACLs with your requirements(eg: to block facebook and orkut )
acl badsites dstdomain .facebook.com .orkut.com
acl officetime time MTWHFA 10:00-18:00
Step2: And deny the badsites ACL
http_reply_access deny badsites officetime
Note: The normal website blocking method using "http_reply_access deny badsites" option mentioned above will not work for https connections. so http://www.facebook.com will be blocked while https://www.facebook.com will work fine

Block https sites in squid (eg: block https://www.facebook.com)
Step1: Create a new acl with facebook.com (Dont forget to add a dot (".") before facebook.com)
acl badsites dstdomain .facebook.com
Step2: Deny the above domain to connect via ssl connection (https)
http_access deny CONNECT badsites

Limit maximum download file size
This example shows How to limit the maximum file size to 100MB. So users cannot download the files greater than 100MB
Add the below line to the bottom of squid.conf
reply_body_max_size 100 MB

Change visible hostname
Add the below line to the bottom of squid.conf
visible_hostname servercomputing

Change Listening port number
Edit the 62nd line of squid.conf as below(default will be 3128)
http_port 8080

Block Flash Videos (eg: Youtube.com)
Step1: Add a new ACL as below
acl flash rep_mime_type video/x-flv
Step2: And finaly deny the newly created mime type
http_reply_access deny flash
(Tip: can also block other mime types, eg: pdf,doc,php,etc)

Click Here for More Advanced Squid Configurations

Squid Related posts

LABELS: CentOS, extra-tips, FAQ, Fedora, How-To, linux, Redhat, Squid Proxy

7 comments:

Anonymous said...: thanks it works.....
i could block https facebook in my squid 3.1; December 17, 2011 at 4:44 PM
Hamidur.Shawon said...: WOW at last I got the solution. Thanks; May 28, 2012 at 2:18 PM
Author said...: Thanks Hamidur Shawon...; May 28, 2012 at 4:44 PM
Batzorig said...: mmm i can't block Https..
strange this solution still alive???; March 23, 2013 at 4:52 PM
Unknown said...: i tried as you have mentioned but i am not able to block https; July 14, 2014 at 4:26 PM
Unknown said...: i tried as you have mentioned but i am not able to block https; July 14, 2014 at 4:26 PM
Pratheep said...: Hai

i am using squid

squid -v
Squid Cache: Version 3.5.20
Service Name: squid

i am able to restrict the reply_body_max_size whenever browser accessing through http but when the browser trying to downloan from secur site https restrict rule not working. User able to download even larger file from internet.; August 2, 2019 at 12:30 PM

Squid Advanced configurations manual

7 comments:

Translate This

Smartphones & Tablets

DigitPAGE.COM

Trending Articles