GIT – FREQUENTLY ASKED QUESTIONS (Linux)
Q: How to block Facebook in squid proxy? (any secure https sites)
Here the post will show you how to blockcomplete “http” and “https” facebook access in office times in your squid proxy server. Create an acl with facebook domain (dstdomain) and deny both http and https access.
Add the Configurations to squid.conf
[[email protected] ~#]vi /etc/squid/squid.conf
#1: Create an acl for proxy clients.
acl accountant src 192.168.10.50/32
#2: Create an acl for facebook domain (any required sites)
acl fb dstdomain .facebook.com
#3: Create an acl office time for Mon-Sat, 10:00 to 17:00 (24hrs)
acl officetime time MTWHFA 10:00-17:00
#4: Deny access to “http” facebook to accountant only in office times
http_reply_access deny fb accountant officetime
#5: The below line will deny access to “https” secured facebook to the proxy user “accountant” in office times. Squid proxy will deny access to “https” facebook to accountant only in office times.
http_access deny CONNECT fb accountant officetime
#(save the squid.conf configuration file)
#6: And finaly reload squid service to take effect changes
[[email protected] ~#]service squid reload
Tips: The way to include multiple sites in one ACL
acl badsites dstdomain .facebook.com .twitter.com .blogger.com
Note: Tested in squid-3.1 (tested using squid-3.1.16-1.fc15.x86_64 in CentOS 6)