ACL filtering for Squid webproxy on FreeBSD 8.x

Last updated: 2010-04-17
Lars Sommer, lasg@lasg.dk

Without any plugins, I maintain a small text file of blocked domains and regex’ed URLs.

Install the Squid webproxy as described in another note.

In /usr/local/etc/squid/squid.conf, add:
acl denied_domains dstdomain “/usr/local/etc/squid/denied_domains.acl”
acl filetypes urlpath_regex -i “/usr/local/etc/squid/denied_filetypes.acl”
acl url_ads url_regex “/usr/local/etc/squid/denied_ads.acl”
http_access deny url_ads
http_access deny filetypes
http_access deny denied_domains
http_access allow localnet
http_access deny all

If inserting all this explicit in the end of the file e.g.,
then remember to comment out these earlier in the file:
http_access allow localnet
http_access deny all

Make the ACL files. Examples are:
cat denied_domains.acl
.evilsite.com
.tradedoubler.com

cat denied_filetypes.acl
.(exe)$
.(dll)$

cat denied_ads.acl
/adv/..gif$ /[Aa]ds/..gif$
/[Aa]d[Pp]ix/
/[Aa]d[Ss]erver
/[Aa][Dd]/..[GgJj][IiPp][FfGg]$ /[Bb]annerads/ /adbanner..[GgJj][IiPp][FfGg]$
/images/ad/
/reklame/
/RealMedia/ads/.*
^http://www.submit-it.*
^http://www.eads.*
^http://ads.
^http://ad.
^http://ads02.
^http://adaver.. ^http://adforce. adbot.com /ads/..gif.*
_ad..*cgi

Reload squid configuration:
squid -k reconfigure

I got a large +7000 line domain block file from MISSING

Skriv et svar

Din e-mailadresse vil ikke blive publiceret. Krævede felter er markeret med *