About Linux FAQ

Browse More FAQs:

Squid proxy How to filter or block a particular port

Posted by Vivek on Monday April 9, 07 @12:41 pm

Q. I am using Debian stable Linux version and squid proxy server for our small software company. I need to block a port number 1234. How to filter a particular port?

A. You can easily filter any port with squid ACL (Access Control List).

ACL is used for defining an access List. When using "file" the file should contain one item per line By default, regular expressions are CASE-SENSITIVE. To make them case-insensitive, use the -i option.

Procedure to block a port

First open /etc/squid/squid.conf file
# vi /etc/squid/squid.conf
Locate your ACL section and add configuration directive as follows:
acl block_port port 1234
http_access deny block_port
http_access allow all

If you just want to skip a particular IP (192.168.1.5) try as follows:
acl block_port port 1234
acl no_block_port_ip src 192.168.1.5
http_access deny block_port !no_block_port_ip
http_access allow all

Close and save the file.

Restart squid proxy server:
# /etc/init.d/squid restart

Subscribe to our free e-mail newsletter or RSS feed to get all updates. You can Email this page to a friend.

Related Linux / UNIX FAQ:

Discussion on This FAQ

  1. Anees Says:
    May 28th, 2007 at 6:57 am

    i want to block to some site not ports how i block tham plz help me.Thanks

  2. nixcraft Says:
    May 28th, 2007 at 2:48 pm

    Anees,

    See this Squid deny users accessing a website FAQ

  3. Partha Bhattacharya Says:
    August 5th, 2007 at 9:21 am

    Opened ACL.But could not understand where to write the configuration changes as u have stated.Plz help its urgent.

  4. Yagnes Says:
    February 19th, 2008 at 6:53 am

    Hi,

    I tried your given the instruction port blocking for yahoo messanger, gtalk but its not working that rule..

    acl porttest port 5050 5222 5223
    acl block_port port 5050 5222 5223
    acl test src 172.27.162.43
    http_access deny block_port test
    http_access allow all

    Please help me how to port level blocking partiucalar src ip’s

    Its possible to deny particular port ??

    Thanks
    Yagnes
    s.yagnes@gmail.com

  5. Yagnes Says:
    February 19th, 2008 at 7:00 am

    Hi,

    I tried your given the instruction port blocking for yahoo messanger, gtalk but its not working that rule..

    acl block_port port 5050 5222 5223
    acl test src 172.27.162.43
    http_access deny block_port test
    http_access allow all

    Please help me how to port level blocking partiucalar src ip’s

    Its possible to deny particular port ??

    Thanks
    Yagnes
    s.yagnes@gmail.com

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Please do not use the comment form to ask for help / question. Ask your question on the excellent Linux tech support forum. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

~ Last updated on: April 15, 2007

Copyright © 2006-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Sitemap - Powered by Open source software.