Home » Linux » How To » How to create Access Control List (ACL) in the Squid proxy

How to create Access Control List (ACL) in the Squid proxy

Access Control using squid proxy:

Access control in a proxy server can mean user account access,but also website or url,ip address or DNS blocking or restriction. We can easily established the access control server in our local network. At that time server is act as a gateway. At first squid proxy is installed into our Linux debian server. The default squid setup only allow localhost access. To enable access for a private network range look for the “insert your own rules hare” sentence in squid.conf file. Which is in the /etc/squid/ directory.

NOW SEE HOW TO CREATE ACL CONFIGURATION IN THE squid.conf FILE:

if we deny internet access to a specific computer which ip address is 192.168.1.4 then we are adding two line:

acl bad_user src 192.168.1.4
http access deny bad_user

if we deny large number of users whose ip addresses are 192.168.1.4,192.168.1.5,192.168.1.6 etc. Then we add the following lines into the squid.conf file.

acl bad_user src 192.168.1.4
acl bad_user src 192.168.1.5
acl bad_user src 192.168.1.6
http access deny bad_user

OR
create a file into a squid directory the file consist of blocking ip
at first create a file into the /etc/squid/bad_hosts.squid

#now type the ip list inside the file which ips that i block in the network to restrict the internet access:

192.168.1.4
192.168.1.5
192.168.1.6

now edit the squid.conf file:
acl bad_hosts src "/etc/squid/bad_hosts"
http access deny bad_hosts

Now If we block the website on our network then we edit the squid config file and adding two lines:

Firstly create a file under squid directory :

vi /etc/squid/block_sites.squid
#this file consit of the website lists which i have been blocked
abc.com
youtube.com

Secondly edit the squid.conf file and added following lines:

acl block_sites dstdomain "/etc/squid/block_sites.squid"
http access deny block_sites

TIME BASE ACL:
If you want to provide the internet connectivity to your clients in your organisation for specific time and specific day so you have to configure time base acl in squid:

Edit the squid.conf file and adding the following lines:

acl work_hours time MWF 9:00 - 15.00
http access allow work_hours
acl work_hours2 time MWF 18.00 - 22.00
http access deny work_hours2

Check Also

Install kernel 4.12 in centos 7

How to Install Kernel 4.12 in CentOS 7

Back in May, Linus Torvalds released Linux kernel 4.11, which was codenamed Fearless Coyote. It came …

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: