Re: [squid-users] Blocking specific URL address

From: Henrik Nordstrom <[email protected]>
Date: Tue, 19 Nov 2002 10:43:57 +0100

Technology Listserves wrote:
>
> Good Afternoon -
>
> Could someone please help me to understand how to block specific URL addresses? I was looking on the FAQ list on squid-cache.org, and it says you can obtain blacklists. However, I am not sure how to implement them in Squid.
>
> As an example, how could I configure Squid to block www.mp3.com?

For blocking domains you should use the dstdomain acl type.

I do not know why many people insist on recommending the url_regex
type.. suboptimal in very many ways and generally NOT what you want

Example dstdomain based filter:

# Block banned sites listed in banned_sites.txt
acl banned_sites dstdomain "/usr/local/squid/etc/banned_sites.txt"
http_access deny banned_sites

And list the sites you want to ban in the file
squid/etc/banned_sites.txt.
  To block a specific host use www.mp3.com
  To block a whole domain use .mp3.com (this differs from squidguard)

This is mostly equivalent to the "domainlist" type filters in
squidguard.

Using url_regex is equivalent to using "expressionlist" type filters in
Squidguard, and the same notes as documented for squidguard
expressionlist applies to Squid url_regex lists.. writing url_regex
lists requires careful thought to not match considerably more than
intented (for example the trivial pattern mp3.com matches
http://www.example.com/jump3dcommand/ which is probably not what is
intended)

The two are in fact very similar in capabilities, mainly different in
configuration syntax.

Squid does not have a direct equivalence of the squidgurad "urllist"
filter type, but this can be emulated using url_regex with a small
preprocessor who translates the URLs into regex patterns by adding a ^
and replacing every . by \.
(there is some other characters who need to be escaped in a regex, but
these are rarely used in URLs), but keep in mind that url_regex is a
relatively slow acl, just as the "expressionlist" SquidGuard filter is..

Regards
Henrik
Received on Thu Nov 21 2002 - 11:06:34 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:11:30 MST