Home » Linux » How To » How to create Access Control List (ACL) in the Squid proxy

How to create Access Control List (ACL) in the Squid proxy

Access Control using squid proxy:

Access control in a proxy server can mean user account access,but also website or url,ip address or DNS blocking or restriction. We can easily established the access control server in our local network. At that time server is act as a gateway. At first squid proxy is installed into our Linux debian server. The default squid setup only allow localhost access. To enable access for a private network range look for the “insert your own rules hare” sentence in squid.conf file. Which is in the /etc/squid/ directory.


if we deny internet access to a specific computer which ip address is then we are adding two line:

acl bad_user src
http access deny bad_user

if we deny large number of users whose ip addresses are,, etc. Then we add the following lines into the squid.conf file.

acl bad_user src
acl bad_user src
acl bad_user src
http access deny bad_user

create a file into a squid directory the file consist of blocking ip
at first create a file into the /etc/squid/bad_hosts.squid

#now type the ip list inside the file which ips that i block in the network to restrict the internet access:

now edit the squid.conf file:
acl bad_hosts src "/etc/squid/bad_hosts"
http access deny bad_hosts

Now If we block the website on our network then we edit the squid config file and adding two lines:

Firstly create a file under squid directory :

vi /etc/squid/block_sites.squid
#this file consit of the website lists which i have been blocked

Secondly edit the squid.conf file and added following lines:

acl block_sites dstdomain "/etc/squid/block_sites.squid"
http access deny block_sites

If you want to provide the internet connectivity to your clients in your organisation for specific time and specific day so you have to configure time base acl in squid:

Edit the squid.conf file and adding the following lines:

acl work_hours time MWF 9:00 - 15.00
http access allow work_hours
acl work_hours2 time MWF 18.00 - 22.00
http access deny work_hours2

Check Also

Password less SSH authentication

Password less SSH authentication is one of the best security practices to avoid any password …

Leave a Reply

Your email address will not be published. Required fields are marked *