How to create an Access Control List (ACL) in Squid Proxy

Access Control Using Squid Proxy:

Access control in a proxy server can mean not only access to a user account, but also to a website or URL, IP address, or DNS blocking or restriction. We can easily set up an access control server on our local network. At that time, the server acts as a gateway. Installed Squid proxy on Linux Debian server. Squid’s default settings only allow local access. To enable access for the private network range for the “insert your own rules hare” clause in the squid.conf file. Which is located in the / etc / squid / directory.

Now let’s see HOW TO CREATE ACL in squid.conf config file:

If we deny Internet access to a specific computer’s IP address, which is 192.168.1.4, then we add two lines:

acl bad_user src 192.168.1.4
http access deny bad_user

If we block a large number of users whose IP addresses are 192.168.1.4, 192.168.1.5, 192.168.1.6, etc. Then we will add the following lines to the squid.conf file.

acl bad_user src 192.168.1.4
acl bad_user src 192.168.1.5
acl bad_user src 192.168.1.6
http access deny bad_user

or create a file in the Squid directory which consists of blocking IPs first create a file in /etc/squid/bad_hosts.squid

#now type the ip list inside the file which ips that i block in the network to restrict the internet access:

192.168.1.4
192.168.1.5
192.168.1.6

Now you need to edit the squid.conf file:

acl bad_hosts src "/etc/squid/bad_hosts"
http access deny bad_hosts

Now, if we are not blocking our network, then we edit the Squid config file and add two lines:

First, create a file in the Squid directory:

VI /etc/squid/block_sites.squid
# Этот файл состоит из списков веб-сайтов, которые мы заблокировали
abc.com
youtube.com

Second, edit the squid.conf file and add the following lines:

acl block_sites dstdomain "/etc/squid/block_sites.squid"
http access deny block_sites

ACL time base:

If you want to provide Internet connectivity to your clients in your organization for a specific time and a specific day, then you must configure the base time in the Squid ACL:

Modify squid.conf file and add the following lines:

acl work_hours time MWF 9:00 - 15.00
http access allow work_hours
acl work_hours2 time MWF 18.00 - 22.00
http access deny work_hours2

Sidebar