Filtering home Internet access with Squid
Client Maintenance
The next step is to modify the ACL
(Access Control List) settings in squid.conf. To assign different filter rules to different users – for example, stricter rules for children – you first need to tell Squid what criteria to apply to incoming requests.
Listing 2 adds client IP addresses for Mom (Marion), Dad (Archie), a son (Simon), and a daughter (Tanja). At the same time, the listing tells Squid to accept requests from the local network.
Listing 2
ACL Settings
# Individual client definitions acl marion src 192.168.1.1/32 acl archie src 192.168.1.2/32 acl simon src 192.168.1.3/32 acl tanja src 192.168.1.4/32 01 # Allow Squid to accept requests from the local network 02 acl localhost src 192.168.1.0/24 03 acl to_localhost dst 192.168.1.0/24
Time-Based and Manual Blocks
In my experience, it is often hard to keep the kids off the computer, especially if they have Internet access. Squid lets you block online access at certain times of the day. Listing 3 gives an example that defines a time slot for older kids between 1:00pm and 9:00pm Monday through Friday, while restricting access for the younger kids to 1:00pm and 7:00pm.
Listing 3
Time Slots
acl big_kids time MTWHF 13:00-21:00 acl small_kids time MTWHF 13:00-19:00 http_access deny simon ! big_kids http_access deny tanja ! small_kids
Because Simon is older, he is allowed to surf later than his little sister, Tanja; this is set in the http_access lines, which are read as follows: "The client called Simon is not allowed to surf the Internet, except at the times defined in the ACL big_kids." Both kids are allowed unrestricted Internet access on weekends, and no restrictions apply to the parents.
Sometimes it makes sense to completely block Internet access for a client. Just add the contents of Listing 4 to the configuration file. The /usr/share/squid/blocked_clients file itself only contains the IP addresses and netmasks of the clients you want to block (Listing 5).
Listing 4
Blocking Access
acl blocked_clients src "/usr/share/squid/blocked_clients" http_access deny blocked_clients
Listing 5
blocked_clients
192.168.1.3/32 192.168.1.4/32
A simple shell command is all it takes to add clients to the list. The command
echo 192.168.1.3/32 >> && /usr/share/squid/blocked_clients && /etc/init.d/squid reload
puts Simon on the block list. Typing
sed /^192.168.1.3\\/32$/d -i && /usr/share/squid/blocked_clients && /etc/init.d/squid reload
removes the entry.
Ads and Cookies
In addition to simple website blocking, Squid offers more advanced features: In combination with the free Privoxy [3] tool, it will filter banners and similar elements while you surf the web. To enable Privoxy, just add the lines from Listing 6.
Listing 6
Enable Privoxy
« Previous 1 2 3 4 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
News
-
Mageia 8 is Now Available with Linux 5.10 LTS
The latest release of Mageia includes improved graphics support for both AMD and NVIDIA GPUs.
-
GNOME 40 Beta has been Released
Anyone looking to test the beta for the upcoming GNOME 40 release can now do so.
-
OpenMandriva Lx 4.2 has Arrived
The latest stable version of OpenMandriva has been released and offers the newest KDE desktop and ARM support.
-
Thunderbird 78 is being ported to Ubuntu 20.04
The Ubuntu developers have made the decision to port the latest release of Thunderbird to the LTS version of the platform.
-
Elementary OS is Bringing Multi-Touch Gestures to the OS
User-friendly Linux distribution, elementary OS, is working to make using the fan-favorite platform even better for laptops.
-
Decade-Old Sudo Flaw Discovered
A vulnerability has been discovered in the Linux sudo command that’s been hiding in plain sight.
-
Another New Linux Laptop has Arrived
Slimbook has released a monster of a Linux gaming laptop.
-
Mozilla VPN Now Available for Linux
The promised subscription-based VPN service from Mozilla is now available for the Linux platform.
-
Wayland and New App Menu Coming to KDE
The 2021 roadmap for the KDE desktop environment includes some exciting features and improvements.
-
Deepin 20.1 has Arrived
Debian-based Deepin 20.1 has been released with some interesting new features.