[squid-users] How to block websites by string or substring

Jens Kallup jkallup at web.de
Sun Nov 22 21:52:13 UTC 2015 

Hello,

how can i block websites by name or regex?
The block script does not block sites.
I want my own helper, so I can customize
some tasks.
When I start the script in a shell, the file called
"datei.txt" is append texted, if condition is set
to OK.
But squid gives some thing else what I am
oversee at the moment.

In the attachment are the config, the script,
and the mysql data for testing.

Thanks all helping hands.
Jens
-------------- next part --------------
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /sap/squid/passwd
auth_param basic children 4
auth_param basic utf8 on
auth_param basic realm Bitte geben Sie Ihren Benutzernamen und Passwort fuer die Internetberechtigung ein!
auth_param basic credentialsttl 60 minutes
auth_param basic casesensitive on

#cache_peer debian.fritz.box sibling 3128 0 max-conn=128 default connection-auth=off proxy-only

external_acl_type blockscript %LOGIN %DST /sap/squid/block.sh

acl mysql_block external blockscript
acl ncsa_users proxy_auth REQUIRED

acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

http_access allow mysql_block
http_access allow ncsa_users

http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports

http_access allow localnet
http_access allow localhost

http_access deny  all

http_port 3128 

cache_mgr jkallup at web.de
cache_mem 8 MB

cache_effective_user  squid
cache_effective_group squid

hierarchy_stoplist cgi-bin ?

error_default_language de
error_directory  /usr/share/squid3/errors/

deny_info ERR_ACCESS_DENIED acl

cache_dir ufs    /sap/var/spool/squid 64 16 128
cache_access_log /sap/squid/log/access.log
cache_log        /sap/squid/log/cache.log
cache_store_log  none
 
# Leave coredumps in the first cache dir
coredump_dir /sap/var/spool/squid

pid_filename /sap/squid/squid3.pid
 
# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:           1440    20%     10080
refresh_pattern ^gopher:        1440    0%      1440
refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
refresh_pattern .               0       20%     4320
 
logformat squid  %tl.%03tu %6tr %>a %un %Ss/%03>Hs %<st %rm %ru %Sh/%<A %mt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: block.sh
Type: application/x-shellscript
Size: 4005 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151122/3fe7e57e/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: squid.sql
Type: application/sql
Size: 1188 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20151122/3fe7e57e/attachment-0003.bin>

More information about the squid-users mailing list