ACL filtering for Squid webproxy

ACL filtering for Squid webproxy on FreeBSD 8.x
Last updated: 2010-04-17
Lars Sommer, lasg@lasg.dk

Without any plugins, I maintain a small text file of blocked domains and regex’ed URLs.

Install the Squid webproxy as described in another note.

In /usr/local/etc/squid/squid.conf, add:
acl denied_domains dstdomain “/usr/local/etc/squid/denied_domains.acl”
acl filetypes urlpath_regex -i “/usr/local/etc/squid/denied_filetypes.acl”
acl url_ads url_regex “/usr/local/etc/squid/denied_ads.acl”
http_access deny url_ads
http_access deny filetypes
http_access deny denied_domains
http_access allow localnet
http_access deny all

If inserting all this explicit in the end of the file e.g.,
then remember to comment out these earlier in the file:
http_access allow localnet
http_access deny all

Make the ACL files. Examples are:
cat denied_domains.acl
.evilsite.com
.tradedoubler.com

cat denied_filetypes.acl
\.(exe)$
\.(dll)$

cat denied_ads.acl
/adv/.*\.gif$
/[Aa]ds/.*\.gif$
/[Aa]d[Pp]ix/
/[Aa]d[Ss]erver
/[Aa][Dd]/.*\.[GgJj][IiPp][FfGg]$
/[Bb]annerads/
/adbanner.*\.[GgJj][IiPp][FfGg]$
/images/ad/
/reklame/
/RealMedia/ads/.*
^http://www\.submit-it.*
^http://www\.eads.*
^http://ads\.
^http://ad\.
^http://ads02\.
^http://adaver.*\.
^http://adforce\.
adbot\.com
/ads/.*\.gif.*
_ad\..*cgi

Reload squid configuration:
squid -k reconfigure

I got a large +7000 line domain block file from MISSING

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>