Squid Advanced configurations manual

Advanced Squid configuration manual
              This post includes blocking https facebook, download size limiting, ftp access and  some more advanced configuration for building a perfect squid proxy server. Hope you visited my previous post on  Basic squid configuration. And hope this will help you alot..
Note:Add the following lines to /etc/squid/squid.conf

To allow FTP traffic through squid
Step1:First of all, Add the ftp port number to squid's SSL ports and Safe ports list (default ftp port: 21/tcp)
acl SSL_ports port 443 21
acl Safe_ports port 21          # ftp
Step2:Add an "ACL" (access control list) with your normal ACLs
#Add the below line as a new acl   (add in /etc/squid/squid.conf )
acl ftp proto FTP
Step3:And finaly allow the above ftp acl
http_access allow ftp
#to access a ftp server use this way     ftp://username:password@ipaddress:port     (press enter)


Block WEBSITES (Block only Monday to Saturday 10:00 to 18:00)
Step1: First of all create two ACLs with your requirements(eg: to block facebook and orkut )
acl badsites dstdomain .facebook.com .orkut.com
acl officetime time MTWHFA 10:00-18:00
Step2: And deny the badsites ACL
http_reply_access deny badsites officetime
Note: The normal website blocking method using "http_reply_access deny badsites" option mentioned above will not work for https connections. so http://www.facebook.com will be blocked while https://www.facebook.com will work fine


Block https sites in squid (eg: block  https://www.facebook.com)
Step1: Create a new acl with facebook.com (Dont forget to add a dot (".") before facebook.com)
acl badsites dstdomain .facebook.com
Step2: Deny the above domain to connect via ssl connection (https)
http_access deny CONNECT badsites


Limit maximum download file size
This example shows How to limit the maximum file size to 100MB. So users cannot download the files greater than 100MB
Add the below line to the bottom of squid.conf
reply_body_max_size 100 MB


Change visible hostname
Add the below line to the bottom of squid.conf
visible_hostname servercomputing


Change Listening port number
Edit the 62nd line of squid.conf as below(default will be 3128)
http_port 8080


Block Flash Videos (eg: Youtube.com)
Step1: Add a new ACL as below
acl flash rep_mime_type video/x-flv
Step2: And finaly deny the newly created mime type
http_reply_access deny flash
(Tip: can also block other mime types, eg: pdf,doc,php,etc)


Click Here for More Advanced Squid Configurations

7 comments:

Anonymous said...

thanks it works.....
i could block https facebook in my squid 3.1

Hamidur.Shawon said...

WOW at last I got the solution. Thanks

Author said...

Thanks Hamidur Shawon...

Batzorig said...

mmm i can't block Https..
strange this solution still alive???

Unknown said...

i tried as you have mentioned but i am not able to block https

Unknown said...

i tried as you have mentioned but i am not able to block https

Pratheep said...

Hai

i am using squid

squid -v
Squid Cache: Version 3.5.20
Service Name: squid

i am able to restrict the reply_body_max_size whenever browser accessing through http but when the browser trying to downloan from secur site https restrict rule not working. User able to download even larger file from internet.

Related Posts Plugin for WordPress, Blogger...

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | Bluehost Coupons