Answer the question
In order to leave comments, you need to log in
How to properly configure Squid3 for whitelisting sites?
I am trying to reconfigure squid3 so that only whitelisted sites will run on student machines, what is the right way to do this?
== Global options:===============
== Listen ports: ================
http_port 10.0.0.2:8080 accel
http_port 10.0.0.2:3128
http_port 192.168.2.2:8080 accel
http_port 192.168.2.2:3128
#= for Frontends:
http_port 127.0.0.1:3128
== SSL Bump: ====================
http_port 192.168.2.2:4443 ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid3/squidCA.pem \
key=/etc/squid3/squidCA.pem \
connection-auth=off \
sslflags=NO_DEFAULT_CA
http_port 10.0.0.2:4443 ssl-bump \
generate-host-certificates=on \
dynamic_cert_mem_cache_size=4MB \
cert=/etc/squid3/squidCA.pem \
key=/etc/squid3/squidCA.pem \
connection-auth=off \
sslflags=NO_DEFAULT_CA
sslproxy_flags DONT_VERIFY_PEER
sslproxy_cert_error allow all
always_direct allow all
ssl_bump client-first all
ssl_bump none all
sslcrtd_program /usr/lib/squid3/ssl_crtd -s /etc/squid3/ssldb/certs -M 4MB
== Systems: =====================
pid_filename /var/run/squid.pid
hosts_file /etc/hosts
error_directory /usr/share/squid3/errors/templates
visible_hostname none
dns_nameservers 77.88.8.7
#== IPv6 bullshit: ===============
tcp_outgoing_address 192.168.2.2 all
dns_v4_first o
#== Logging: =====================
logfile_rotate 1
access_log stdio:/var/log/squid3/access.log squid
cache_store_log stdio:/var/log/squid3/store.log
cache_log /var/log/squid3/cache.log
logfile_daemon /usr/lib/squid3/log_file_daemon
#== Squid Cache: =================
cache_mem 512 MB
maximum_object_size 512 KB
maximum_object_size_in_memory 512 KB
memory_replacement_policy heap GDSF
#== Elite anonomising: ===========
request_header_access X-Forwarded-For deny all
request_header_access Via deny all
request_header_access Cache-Control deny all
follow_x_forwarded_for allow all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
forwarded_for on
== SquidGuard:===================
redirect_program /usr/bin/squidGuard -c /etc/squid3/squidGuard.conf
redirect_children 16
redirector_bypass on
== Squid ACL: ===============================================================
= White ports: ========
acl Allow-port port 20 21 25 80 110 143 443 456 993 995 1935 8000 8008 8080 8081
#= Mothods: ============
acl purge method PURGE
acl CONNECT method CONNECT
= Networks: ===========
acl localnet src 192.168.2.0/24
acl dhcpnet src 10.0.0.0/24
acl DanseGuardian src 127.0.0.1/32
= Users: ==============
acl System src "/etc/squid3/users/system.list"
acl Library-215 src "/etc/squid3/users/library-215.list"
acl Library-218 src "/etc/squid3/users/library-218.list"
acl Langlab src "/etc/squid3/users/students-402-3.list"
acl Class-1 src "/etc/squid3/users/students-109-1.list"
acl Class-2 src "/etc/squid3/users/students-111-1.list"
acl Class-3 src "/etc/squid3/users/students-112-1.list"
acl Class-4 src "/etc/squid3/users/students-116-1.list"
acl Class-5 src "/etc/squid3/users/students-26-2.list"
= Squid Lists: ========
acl System-List dstdomain "/etc/squid3/lists/system.list"
acl Access-List dstdomain "/etc/squid3/lists/access.list"
acl SSL-List dstdomain "/etc/squid3/lists/ssl.list"
acl Blocks-List dstdomain "/etc/squid3/lists/deny.list"
acl mism_cert dstdomain -i "/etc/squid3/lists/mism_ssl"
http_access allow DanseGuardian
http_access allow all
= SSL Proxy: ==============
sslproxy_cert_error allow mism_cert
sslproxy_cert_adapt setCommonName ssl::certDomainMismatch
= System & Staff access: ==
http_access allow System all
#http_access allow Staff Blocks-List
#http_access allow Staff all
http_access allow System System-List
#http_access allow Staff System-List
http_access allow Library-215 System-List
http_access allow Library-218 System-List
http_access allow Langlab System-List
http_access allow Class-1 System-List
http_access allow Class-2 System-List
http_access allow Class-3 System-List
http_access allow Class-4 System-List
http_access allow Class-5 System-List
= Black lists: ============
http_access allow Library-215 Blocks-List
http_access allow Library-218 Blocks-List
http_access allow Langlab Blocks-List
http_access allow Class-1 Blocks-List
http_access allow Class-2 Blocks-List
http_access allow Class-3 Blocks-List
http_access allow Class-4 Blocks-List
http_access allow Class-5 Blocks-List
= White lists: ============
http_access allow Library-215 Access-List
http_access allow Library-218 Access-List
http_access allow Langlab Access-List
http_access allow Class-1 Access-List
http_access allow Class-2 Access-List
http_access allow Class-3 Access-List
http_access allow Class-4 Access-List
http_access allow Class-5 Access-List
= White SSL lists: ========
http_access allow Library-215 SSL-List
http_access allow Library-218 SSL-List
http_access allow Langlab SSL-List
http_access allow Class-1 SSL-List
http_access allow Class-2 SSL-List
http_access allow Class-3 SSL-List
http_access allow Class-4 SSL-List
http_access allow Class-5 SSL-List
http_access allow all SSL-List
=== Port control: ===========
http_access allow Allow-port Library-215
http_access allow Allow-port Library-218
http_access allow Allow-port Langlab
http_access allow Allow-port Class-1
http_access allow Allow-port Class-2
http_access allow Allow-port Class-3
http_access allow Allow-port Class-4
http_access allow Allow-port Class-5
http_access allow Allow-port
Answer the question
In order to leave comments, you need to log in
You create a new file with a list of sites that you can go to, for example /etc/squid/acl/whitelist.acl
.google.com
.wikipedia.org
acl whitelist url_regex "/etc/squid/acl/whitelist.acl"
http_access allow whitelist
http_access deny all
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question