In squid, the is a squid.conf, which should be resided, in your configuration directory. In my example, my network server running fc 7, using squid from repository, so the configuration is in, /etc/squid
In the squid.conf, comes 2 directive, the acl, and http_access. Just below the acl to your own network,
which should be
acl something src "a list of ip"
From this line, there is 2 way to blog a site
First Way
Add the following:
acl evilsite dstdomain somesite
acl deny evilsite
This is not a bad idea, except, for all the site, you want to block, you will have to add one by one.
Make a messy configuration file, more messy.
another way is to create a file with a list of bad ip.
Second Way
first as root create a text file, which I just put it in the same directory as squid.conf. And fill it with the ip you want to block, separated with a newline.
Which in my example, in my squid configuration directory
touch restricted-site.squidThis will create a empty text file
echo "http://evilsite" >>restricted-site.squidThis will add the a line in restricted-site.squid
do it again, by change http://evilsite. with another site.
then create a new acl in your squid.conf
acl badlist dstdomain "yourlistfileNow this way, you can just add a site, to the restricted file, with messing with the already messy, squid.conf
http_access deny badlist
p.s This is tested on a server I manage, which runs fedora. Not my laptop which runs ubuntu
No comments:
Post a Comment