Author
FREQUENTLY ASKED QUESTIONS (Linux)
Q: How to block Facebook in squid proxy? (any secure https sites)
Here the post will show you how to block complete "http" and "https" facebook access in office times in your squid proxy server. Create an acl with facebook domain (dstdomain) and deny both http and https access.
Add the Configurations to squid.conf
[root@server ~#]vi /etc/squid/squid.conf
#1: Create an acl for proxy clients.
acl accountant src 192.168.10.50/32
#2: Create an acl for facebook domain (any required sites)
acl fb dstdomain .facebook.com
#3: Create an acl office time for Mon-Sat, 10:00 to 17:00 (24hrs)
acl officetime time MTWHFA 10:00-17:00
#4: Deny access to "http" facebook to accountant only in office times
http_reply_access deny
fb accountant officetime
#5: The below line will deny access to "https" secured facebook to the proxy user "accountant" in office times. Squid proxy will deny access to "https" facebook to accountant only in office times.
http_access deny CONNECT fb accountant officetime
http_access deny CONNECT fb accountant officetime
#(save the squid.conf configuration file)
#6: And finaly reload squid service to take effect changes
[root@server ~#]service squid reload
Tips: The way to include multiple sites in one ACL
acl badsites dstdomain .facebook.com .twitter.com .blogger.com
Note: Tested in squid-3.1 (tested using squid-3.1.16-1.fc15.x86_64 in CentOS 6)
Post ur comments....
Check Squid Related Posts:
Tips: The way to include multiple sites in one ACL
acl badsites dstdomain .facebook.com .twitter.com .blogger.com
Note: Tested in squid-3.1 (tested using squid-3.1.16-1.fc15.x86_64 in CentOS 6)
Post ur comments....
Check Squid Related Posts:
LABELS: 
45 comments:
Hi, does the line:
#3: Create an acl office time for Mon-Sat, 10:00 to 17:00 (24hrs)
acl officetime time MTWHFA 10:00-17:00
Use the system time?
Thanks.
Leo
@Leo,
Yes, the ACL use the system time in Squid server.
hope this working. i want to try it, thanks for sharing :)
it's work on squid 3.1.10
Thanks for sharing too:)
@rizaal,
always place the facebook deny ACLs above of all other browse allowing ACL
like below
http_reply_access deny fb accountant
http_reply_access allow lan
@Poon, Thanks..
Thanks , its working in my fedora squid 3.1
im new on squid operation. may i know how to create an acl with facebook domain?
@Unknown, As mentioned in this post, add the fillowing
3 lines to squid.conf (most simplest solution)
acl fb dstdomain .facebook.com
http_access deny CONNECT fb
http_reply_access deny fb
Done, now restart the squid daemon
#service squid restart
service squid reload
2012/04/24 05:45:20| aclParseAclList: ACL name 'CONNECT' not found.
FATAL: Bungled squid.conf line 65: http_access deny CONNECT fb accountant officetime
Squid Cache (Version 3.1.4): Terminated abnormally.
CPU Usage: 0.013 seconds = 0.004 user + 0.009 sys
Maximum Resident Size: 21968 KB
Page faults with physical i/o: 0
@rajasekaran, thanks for feedback.
Add the below "CONNECT" acl to your squid.conf file
acl CONNECT method CONNECT
#then try restarting squid
What if the user/client uses an anonymous proxy like kproxy.com? There are 1000's of free proxies available. What can we do?
Is this working in tranparent mode?
I have ipcop v2 with squid 3.1.19 and can not block https facebook.
acl szamtec-termek src 10.205.206.150
acl facebook dstdomain .facebook.com
http_reply_access deny facebook szamtec-termek
http_access deny CONNECT facebook szamtec-termek
What could be wrong?
It doesnt work for squid 2.6 :( any ideas?
Thumbs up guys your doing a really good job.
Unblock Facebook
Am using CentOS 5.6 and squid 2.6, what shouls i do in order to setup a transparent proxy?
Thanks, very nice info!! ;)
But, I've a little problem. When squid blocks any https site, squid page error isn't shown, it's shown an explorer error. Http blocked page works fine, it shows squid error page. Any idea to solve this?
I have tested it on squid 3.2.7 and its not working ...
Does this work by blocking all https sites except those IP Address that I place in the bypass proxy server list?
is not working on my transparent setup!
Me only works when the page is closed https and try to open in time OfficeTime. If you are released and remain with the window open, entering the OfficeTime it does not block. This only happens to me? I am redirected to the https port 3128 by iptables. I'm using Squid 3.1.19 on ubuntu. I appreciate the help.
Sorry my english. I am Brazilian and I'm using google translate. rs
Hi
Which version of squid, blocks https?
Thanks
knev
Tech blog
On Squid 2.7
Just after safe ports and just before http access.
I have am blocking specific https sites with the following
acl stop_https_sites dstdomain .facebook.com
acl stop_https_sites dstdomain .myspace.com
acl stop_https_sites dstdomain .google.com
acl stop_https_sites dstdomain .tagged.com
acl stop_https_sites dstdomain .badoo.com
acl stop_https_sites dstdomain .flickr.com
acl stop_https_sites dstdomain .twitter.com
acl stop_https_sites dstdomain .halowaypoint.com
http_access deny CONNECT stop_https_sites
create script
vi facebookblock.sh
add this to the script
# Facebook Block------
for ip in `whois -h whois.radb.net '!gAS32934' | grep /`
do
iptables -A FORWARD -p all -d $ip -j REJECT
done
#End Facebook Block-----
save and run it.
It will update the latest IP blocks used by facebook.
using the file blocksite.acl, facebook is not getting blocked.
is this syntax is wrong ?
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
acl morning_hours time SMTWHFA 09:45-12:45
acl afternoon_hours time SMTWHFA 14:15-18:15
acl blocksite dstdomain "/etc/squid/blocksite.acl"
http_reply_access deny morning_hours blocksite Ittechsolution
http_access deny CONNECT morning_hours blocksite Ittechsolution
http_reply_access deny afternoon_hours blocksite Ittechsolution
http_access deny CONNECT afternoon_hours blocksite Ittechsolution
the https site facebook is not blocked using squid proxy server. i had tried the above one http://www.facebook.com got blocked. but https://www.facebook.com also need to be blocked using squid proxy server. pls update with reply
check Artica Proxy is a frontend GUI for squid, is open source project...
Add this two access controll list
acl badport port 443
acl fb dstdomain .facebook.com
http_reply_access deny badport fb
Hay Dear, Do you find to web proxy free,proxy web free,unblock web proxy,secure proxy,unblock website proxy. I suggest you to visit this site. There are a lot of web proxy . For details: unblock website proxy
Squidblacklist.org is the worlds leading publisher of native acl
blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as
many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more.
There is room for better blacklists, we intend to fill that gap.
It would be our pleasure to serve you.
Signed,
Benjamin E. Nichols
http://www.squidblacklist.org
Squidblacklist.org is the worlds leading publisher of native acl
blacklists tailored specifically for Squid proxy, and alternative formats for all major third party plugins as well as
many other filtering platforms. Including SquidGuard, DansGuardian, and ufDBGuard, as well as pfSense and more.
There is room for better blacklists, we intend to fill that gap.
It would be our pleasure to serve you.
Signed,
Benjamin E. Nichols
http://www.squidblacklist.org
Simply, save this to your firewall
iptables -t filter -I FORWARD -s x.x.x.x/32 -m layer7 --l7proto youtube -j DROP
x.x.x.x=Static lease of your DHCP/IP
iptables -t filter -I FORWARD -s x.x.x.x/32 -m layer7 --l7proto facebook -j DROP
yes, I have read your post and I must commend your writing skills and your take on this matter, it goes a long way and has made me really understand this topic, this is really nice. but get more details on how to block a facebook friend easily.
In order to recover the Facebook account, it is advisable to go to the security settings there login your account after that scroll down to “recover all the external accounts” further click “edit.” If you are still looking for more information or help then ask for it from the Facebook support technicians.
Facebook Help Number UK
It was a nice article. Thank you for your valuable information. visit us if you have further queries regarding on Bluehost iPhone email rejected by server
Geek Squad Tech Support helps those customers who face technical issues in own gadgets anytime and unable to sort out at this place Geek Squad Support Team Aid your issues by manually or through the software on Remote. Call on (+1)855-554-9777 for technical issues in Gadgets. https://customer-phonenumber.com/geek-squad-support/
The users using the Facebook dating service are often seen complaining about it, if in case it stops working then to get that fixed the user should get the Facebook application updated also the user should check the Wi-Fi connection, the application notifications should be enabled, the device should be given a restart and the application should be removed from the device and should be reinstalled on it the experts are available for help at +44-800-368-9067 if that is needed.
Facebook Helpline Number UK.
I will definitely digg pirate bay proxy and personally suggest to my friends.
Thankyou for sharing this useful information.
Here's the guide to root android device android device.
I have added below lines in Sqid.conf on AWS EC2 windows instance.
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
acl block dstdomain .google.com .youtube.com
http_access deny CONNECT block
http_reply_access deny block
#http_access allow new
BUt not working as i expected. Its still not deny google or youtube.
I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. crackdoc.org I hope to have many more entries or so from you.
Very interesting blog.
JetBrains CLion Crack
PRTG Network Monitor Crack
CCleaner Pro Crack
AOMEI Partition Assistant Crack
Eset Smart Security Premium Crack
You really have shared such amazing words, I also write on UNBLOCK “The Pirate Bay”
Post a Comment