Wednesday, November 30, 2011

Common squid requirements - Part 1


In this segment, we would be accomplishing the following:

  1. block specific website
  2. block multiple website
  3. block specific ip
  4. block multiple ip
  5. block specific mac
  6. block multiple mac
  7. set maximum  download size
  8. set time/date limit for browsing
  9. Setting up mandatory authentication before internet access
We assume that our network is 192.168.10.0/24.

1. Blocking a Specific Website

Although a website can be blocked using different parameters, the best way to block a website using squid is the 'url_regex' parameter. url_regex checks link inserted in the browser for matching syntax. For example, if we tell squid to block any website that has the word “jumble” in it, then any website, like jumbleA.com, jumbleB.com, jumbleC.com would be blocked.

root@firefly:~# vim squid.conf

#### Declaring the acl #####
acl our_network src 192.168.10.0/24
acl bad_site url_regex .jumble.com
#### for example, anything.jumble.com, anything2.jumble.com, anything3.jumble.com ####

#### Applying the acl ####
#### the sequence of the allow/deny is important ####

http_access deny bad_site
### denies bad_site to everyone

http_access allow our_network
### everyone in our_network is allowed anywhere

http_access deny all

root@firefly:~# service squid restart


2. Blocking a Multiple Websites

The theory of blocking multiple websites is the same. We would be using url_regex to get the task done. However, the declaration of the ACL is quite different. First, we would be creating a file to list all the sites that needs to be blocked, and then tell squid to check that file for matching.

root@firefly:~# vim /etc/squid/bad_site_file

#### a list of sites to be #### Declaring the acl #####blocked ####
\.mp3$ ##mp3 files blocked
\.flv$ ##flv files blocked
.jumble.com
.badsite1.com
.badsite2.com
.AreYouKiddingMe.net

root@firefly:~# vim squid.conf

#### Declaring the acl #####
acl our_network src 192.168.10.0/24
acl bad_site url_regex “/etc/squid/bad_site_file”

#### Applying the acl ####
#### the sequence of the allow/deny is important ####

http_access deny bad_site
### denies bad_site to everyone

http_access allow our_network
### Allow our LAN
http_access deny all

root@firefly:~# service squid restart

3. Blocking a Specific IP

Even if a single IP can be blocked using an ACL, we would be adding the IP directly in the file squid.conf.


root@firefly:~# vim squid.conf

#### the sequence of the allow/deny is important ####
http_access deny 192.168.10.254/24
### this IP is blocked/denied

http_access allow our_network
### Allow our LAN

http_access deny all

root@firefly:~# service squid restart


4. Blocking Multiple IPs

We would be using the same trick that we used to block multiple websites. We would be creating a file with a list of all the IPs to be blocked.


root@firefly:~# vim /etc/squid/blocked_ip_file
#### a list of IPs to be blocked ####
192.168.10.150
192.168.10.152
192.168.10.253
192.168.10.254

root@firefly:~# vim squid.conf

#### Declaring the acl #####
acl our_network src 192.168.10.0/24
acl black_sheep src “/etc/squid/blocked_ip_file”

#### Applying the acl ####
#### the sequence of the allow/deny is important ####

http_access deny black_sheep
### denies all IP in the ACL

http_access allow our_network
### Allow our LAN

http_access deny all

EXAMPLE2: combining multiple ACLs
#### Applying the acl ####
#### the sequence of the allow/deny is important ####

http_access deny black_sheep bad_site
### denies access to all websites in bad_site_file to all IP in the blocked_ip_file

http_access allow our_network
### Allow our LAN

http_access deny all

root@firefly:~# service squid restart

 

5. Blocking Specific MAC

The process of blocking a MAC address is almost similar to the process of blocking IP addresses. Here is how it works -
root@firefly:~# vim squid.conf

#### Declaring the ACL ####
acl our_network src 192.168.10.0/24
acl bad_mac arp 48:5B:39:0C:CE:10

#### the sequence of the allow/deny is important ####
http_access deny bad_mac
### this MAC address is blocked/denied

http_access allow our_network
### Allow our LAN

http_access deny all

root@firefly:~# service squid restart


6. Blocking Multiple MAC Addresses

We would be using the same trick that we used to block multiple IPs. We would be creating a file with a list of all the IPs to be blocked.

root@firefly:~# vim /etc/squid/blocked_mac_file
#### a list of MAC addresses to be blocked ####
48:5B:39:0C:CE:10
00:1F:D0:63:A3:03

root@firefly:~# vim squid.conf

#### Declaring the acl #####
acl our_network src 192.168.10.0/24
acl bad_macs arp “/etc/squid/blocked_mac_file”

#### Applying the acl ####
#### the sequence of the allow/deny is important ####

http_access deny bad_macs
### denies all MAC addresses in the ACL

http_access allow our_network

### Allow our LAN
http_access deny all

root@firefly:~# service squid restart

0 comments:

Post a Comment