#  vi  /etc/squid/squid.conf

Look for ACCESS_CONTROL section.

Look for the line at about line no. 635 , which looks like this:                             {line no. may change}.

http_access allow localhost

http_access deny all

In between the two lines define your settings.

To allow/deny particular ip series :

acl   xyz   src   192.168.7.0/24    192.168.6.0/24

http_access allow xyz

http_access deny xyz

To deny access to URL containing a particular word :

acl   blockurl   url_regex  -i   [word1]   [word2]   [word3]   [….]

http_access deny blockurl

#  service  squid  start {service named should be ON to start squid}.

To block files using squid content filtering acl.

Add following lines to your squid ACL section :

acl blockfiles urlpath_regex “/etc/squid/blocks.files.acl”

{You want display custom error message when a file is blocked} :

# Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles

Create custom error message HTML file called ERR_BLOCKED_FILES in /etc/squid/error/ directory OR /usr/share/squid/errors/English directory.

#  vi  ERR_BLOCKED_FILES

[HTML]
[HEAD]
[TITLE]ERROR: Blocked file content[/TITLE]
[/HEAD]
[BODY]
[H1]File is blocked due to new IT policy[/H1]
[p]Please contact help desk for more information:[/p]
Phone: 123456789 (ext 44)

Email: helpdesk@yourcorp.com

:wq [press enter]

Note : Do not include HTML close tags [/HTML] [/BODY] as it will be closed by squid.

Now create /etc/squid/blocks.files.acl file :

#  vi  /etc/squid/blocks.files.acl

\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$

:wq [press enter]

#  service  squid  reload

To limit the no. of simultaneous web connections from a client.

In the ACCESS CONTROL section append the following :

acl    department    src    192.168.4.0/24

acl    limitusercon    maxconn    3 {maximum 3 simultaneous web access from same client}.

http_access deny department limitusercon

#  service  squid  reload


——Squid – LDAP Authentication——- :

Configure the LDAP server.

Test whether squid can contact LDAP server or not, type the following :

# /usr/lib/squid/squid_ldap_auth  -b  “dc=abc,dc=com”  -f  “uid=%s”     -h  [IP of LDAP server]

Provide [username][one blankspace][password]

After hitting “enter”, if it is able to contact the LDAP server, it gives OK, otherwise ERR.

If it gives OK then edit “squid.conf”

#  vi  /etc/squid/squid.conf

At about line no. 273 edit the following :

auth_param  basic  program  /usr/lib/squid/squid_ldap_auth  -b  “dc=abc,dc=com”  -f  “uid=%s”     -h  [IP of LDAP server]

Apply ACL :

At about line no. 635, you will find :

http_access  allow  localhost

http_access  deny  all

Above these two lines add the following :

acl  [acl name]  proxy_auth  REQUIRED

http_access  allow  [acl name]

save and exit.

#  service  squid  start