Squid content filtering: Block / download of music MP3, mpg, mpeg, exec files

by on January 6, 2007 · 83 comments· LAST UPDATED January 6, 2007

in , ,

Q. For security and to save bandwidth I would like to configure Squid proxy server such way that I do not want my users to download all of the following files:
MP3
MPEG
MPG
AVG
AVI
EXE

How do I configure squid content filtering?

A. You can use squid ACL (access control list) to block all these files easily.

How do I block music files using squid content filtering ACL?

First open squid.conf file /etc/squid/squid.conf:

# vi /etc/squid/squid.conf
Now add following lines to your squid ACL section:

acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
You want display custom error message when a file is blocked:
# Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles

Save and close the file.

Create custom error message HTML file called ERR_BLOCKED_FILES in /etc/squid/error/ directory or /usr/share/squid/errors/English directory.
# vi ERR_BLOCKED_FILES
Append following content:

<HTML>
<HEAD>
<TITLE>ERROR: Blocked file content</TITLE>
</HEAD>
<BODY>
<H1>File is blocked due to new IT policy</H1>
<p>Please contact helpdesk for more information:</p>
Phone: 555-12435 (ext 44)<br>
Email: helpdesk@yourcorp.com<br>

Caution: Do not include HTML close tags </HTML> </BODY> as it will be closed by squid.
Now create /etc/squid/blocks.files.acl file:
# vi /etc/squid/blocks.files.acl
Append following text:
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$

Save and close the file. Restart Squid:
# /etc/init.d/squid restart

Squid in action:

Squid content filtering howto
(Click to enlarge)

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 80 comments… read them below or add one }

1 AJ January 9, 2007 at 1:01 pm

I use squid but all my filterings is done via dansguardian. Bannerfilter is great to stop adverts. And web custome written based admin console keeps my non un*x admins happy

Reply

2 Bhavik March 7, 2007 at 3:18 pm

In Squid, i want to do the routing through users?
eg. user-a, user-b if user a can access internet then data transer through 246kbps line & if user-b access internet then it’s data transer through 1mbps line.
[note:- user-a & user-b can set any where, any pc in network]

Reply

3 Nandkishor April 3, 2007 at 10:24 am

Hi,
I do the following configuration in squid but it is not possible to block the downloads.
Plz give me the solution for this

Reply

4 Kubitsch April 11, 2007 at 2:50 pm

Hello, thanks, but it dosnt work for me…no effect.

david

Reply

5 Zahid Iqbal April 12, 2007 at 10:28 am

In squid how I can block files for a particular IP or user

Reply

6 John_Umesh December 22, 2010 at 9:20 am

First u create acl where u’ll mention IP address to block,
Then add rule to deny that acl.

This may help u

Umesh

Reply

7 Omer June 18, 2007 at 10:43 am

it worked for me , but it seems that still users are able to download files dont know how.
how i can totally block the download from users.
if u have downloading agent, then it by-pass and start download.
How can i make it strong so that no one can download any thing through any software.

Reply

8 saravanaprakash August 2, 2007 at 11:13 am

Hi ,
i was config my proxy successfully. But i can’t access my outlook. i think its prots are blocked.
Then how can i unlock my outlook ports…
If anybody konw the solution, Please Immediately send to me… my NAT server ip was given to the gateway of my proxy server and proxy server gateway was given to the users gateway.. Its correct or not ..
If u know any other way….. please share with me…

I want the correct solution immediately…

MY personal EMAIL ID is saravanaprakasht@yahoo.com

Reply

9 dasappan August 8, 2007 at 9:44 am

my office is blocked to down load mp3 files. Can you please help me how to down load mp3 files.

Your favourable reply will be highly appreciated.

Thanks in advance

Das

Reply

10 amin August 10, 2007 at 3:53 am

Dear Sir,

I have followed your step-by-step instruction to block download files.

i succesfully manage to block the files while clicking selected files. and i received error msg from squid.

Unfortunately i still manage to download that file by simply using “Save Link As..” menu as i right click the mouse.

it seem like users still manage to download prohibited file as configured in squid by using right click menu.

please advice.

regards

amin

Reply

11 slimetoner@yahoo.com November 11, 2007 at 11:25 am

Help!

What if i want to…
replace “Men at work” with “Aliens at party”

Is this possible ?
Can i do this in squid without using any addons ?

Reply

12 chzia November 14, 2007 at 10:24 am

This did not work at all. It is not blocking downloads. Yes one thing was possible that downloading by right clik and save target was stoped, rest all downloads are working. Not a good solution. Pls advise for another.

Reply

13 becci November 16, 2007 at 9:34 am

is there away to unblock bebo cuz are school is gay and has filtered ALL the proxy sites to date
thanks becci

Reply

14 sankar December 14, 2007 at 3:56 am

please help me

restric the download option in proxy linux server

Reply

15 regex_warrior February 29, 2008 at 6:57 pm

That won’t stop me from doing

GET http://www.example.com/foo.mp3?parameter=bogus

Reply

16 shankar March 4, 2008 at 2:15 pm

Hai friends pls help me in this

I our Company we have 200 system and one linux server i want to configure squid in a way that no body should download files in my network and 2 to 3 system i should give premision to download can any body help me plzzzzzzzzzz.

Reply

17 Cru3L April 29, 2008 at 12:57 am

Is it possible to block downloads from yahoo mail and other web based email in Squid? I can block downloads using the instructions above but it can only block direct download from a site.

Reply

18 ammaro May 13, 2008 at 11:55 am

our admin blocked all media files if anybody can help me break his policy,,,

Reply

19 Rico May 13, 2008 at 6:12 pm

The blocking file list can be simpler by adding “-i” to the blockfiles statement in squid.conf, that is:
acl blockfiles urlpath_regex -i “/etc/squid/blocks.files.acl”

# and in
# /etc/squid/blocks.files.acl
.exe$
.avi$
.mpg$
.mpeg$
.mp33$

Reply

20 Rico May 13, 2008 at 6:29 pm

shankar, you can do it like this:
in your squid.conf

acl special_grp src “/etc/squid/special_grp”
acl blocked_files url_regex -i “/etc/squid/blocked_files


http_access allow special_grp blocked_files
http_access deny !special_grp blocked_files


# make sure the above lines are above the line “http_access allow our_networks”

in your /etc/squid/special_grp enter the ips of the systems (one ip per line) that you allow to download and in your /etc/squid/block_files enter the following content
\.exe$
\.avi$
\.mpg$
\.mpeg$
\.mp3$

Then reload squid and you are all set.

Reply

21 ASP Consultant June 23, 2008 at 8:02 am

it’s done by easy step like
acl downloadfiles urlpath_regex -i “/etc/squid/downloadfiles.acl”

http_access deny downloadfiles

Reply

22 Rashid Shafique August 8, 2008 at 4:14 pm

i want me to download mp3 of my choice but it is blocked.it just saves the file as HTML document rather than mp3 format how i can get rid of it.i use the intrnet provided by LAN of my company.

Reply

23 Amani Makota August 27, 2008 at 8:31 am

Hi
This is my first time to enter in to this forum.

I want to block users to more than 5MB per day.How can I do so.
I am using Lunix Fedora

Regargs

Reply

24 venkat January 31, 2009 at 11:05 am

Hi everone,I had configure squid proxy server still it’s working but i need restrict to downloads for users can u help.already i am doing like.acl blickfile urlpath _ regix -i “/etc/squid/blocks.filies.acl”
http_access deny blockfiles
deny_info ERR_BLOCKED_FILES blockfiles acl
iam creating file block.files.acl under squid
mention all extention on that file like \.exe$
after restarting the sevice
but .exe file will downloaded . Can you help where exact problem found.

Thanks
venkat

Reply

25 Rico February 17, 2009 at 2:01 am

The method described in this post can be easily passed if user appends a single question mark or to supply some information that is not required, see it yourself:
http://example.com/file.exe?
or
http://example.com/file..exe?name=test

Reply

26 varun March 12, 2009 at 8:07 pm

Hello, I have hostel Boys downloard movies I dont want. how can i block all downloarding. we are providing wi-fi. if i block my server is that ok for all ??? please reply very urgent at varunmalik1985@hotmail.com

Reply

27 Khalil Mir April 17, 2009 at 4:21 am

Dear All,
I have done above procedure & it is working good, but there is a problem,
It also blocked symantec live update, Kindly help me for allow symantec live update with these reistrictions.
Thankx

Reply

28 kamal sen April 22, 2009 at 12:07 pm

sir I want to configure the squid proxy server file in such a way that it contains one public IP and two private IP (EX 192.168.0.1 172.16.0.1 ) and and block various sites (I.E orkut.com , blocl exe file download etc) but in some ip there is no rule ; please tell me how can i configure that proxy server .

Reply

29 V.Balaviswanathan May 4, 2009 at 1:17 pm

Please help me configure

Sir,in my company we have two gateways and need to give access only to few selected people in my office. and they need to configure through squid. Please help me… Can anyone help me. If so i would be thankful to them

Bala

Reply

30 ishtiaq May 29, 2009 at 12:10 pm

Is this possibe that if a network/IP not allowed in squid try to come through his/her browser ( by using the squid IP in the browser) then his/her browser should display a message ( you are not allowed to come throught this proxy or any other message)

Waiting .

Regards,
Ishtiaq Ahmed

Reply

31 Sheikh Amjad Zia June 16, 2009 at 2:13 pm

Hi
Dear
i am usind squid in linux for proxy server i want to block the downloading , music file of all types of extensions image file for user side please guide mein this regard. & also i want to block chatting all kinds of messangers.

Reply

32 SHEIKH AMJAD ZIA June 18, 2009 at 7:27 am

Dear
how are you i am facing a problem regarding blocking of unwanted sites in my network using squid please help me in this regards. i want to block all kinds of messangers, chat sites musical sites & all other voulger sites. i am waiting for your quick response.

Thanks

Amjad Shaikh

Reply

33 V.Balaviswanathan June 18, 2009 at 8:20 am

@ Amjad

Hi , you need to create the acl for that I wll give you the syntax for that

under acl tag write like this
acl block url_regex “/etc/squid/squid-block.acl”
and under http_access block
http_access allow manager should be changed to http_access allow all
http_access deny block
and create a seperate file squid-block.acl and list out those unwanted sites and then reload the squid.
Make sure that ur internet connection is made through proxy

Regarding messanger and chat sites you need to use iptables

Reply

34 ajeet July 1, 2009 at 8:30 am

how to block porn website using squid server

Reply

35 ajeet July 1, 2009 at 8:33 am

how to block websites

Reply

36 kiranjith September 1, 2009 at 9:33 am

Hi
could some one please guide me that how to integrate the squid with Active directory to filter/ schedule the access to web based on the usernames (From Active directory)

Reply

37 Kamran Rashid Khan October 28, 2009 at 5:58 am

Hi,
How can i blcok Gpass,Freegate & UltraSurf using Fedora 11 Squid Proxy.

Reply

38 rajen November 13, 2009 at 12:43 pm

we have got wi-fi by college but we are unable to download any videoes or we can’t even see pictures.so suggest us..

Reply

39 Usman Arif December 30, 2009 at 10:38 am

hi how r u .would u like to tell where we place this lines please
can u send code with example

http_access allow special_grp blocked_files
http_access deny !special_grp blocked_files

Reply

40 Usman Arif December 30, 2009 at 10:40 am

i block downloading on fedora 11.now i want to allow some ip to download and watch online movie
how can i make white class of these ip

plz inform with example

Reply

41 kushal rajpurohit December 31, 2009 at 9:50 am

Dear Sir,

I have followed your step-by-step instruction to block download files.

i succesfully manage to block the files while clicking selected files. and i received error msg from squid.

Unfortunately i still manage to download that file by simply using “Save Link As..” menu as i right click the mouse.

it seem like users still manage to download prohibited file as configured in squid by using right click menu.

please advice.

regards
kushal

Reply

42 rocaboy1uk January 27, 2010 at 11:15 am

Vivek,

Is this the route one would take to create a music download service? By that I mean, if a user has not paid for certain music, they can be restricted from downloading a particular track or album, however if they have paid they are granted access. Also, if it is a shared environment with access only to a DB such as MySQL and a scripting language such as PHP, how would this be possible?

Reply

43 nixCraft January 27, 2010 at 12:09 pm

rocaboy1uk: No

Reply

44 Sheikh Amjad Zia January 29, 2010 at 6:53 am

Dear
AOA
How are you, i hope that you are fine , on my MINUX Machine an error messgae is dispalyed when i start the machine please solve my problem on urgent bases the error message is as “Maximum Memory Performance is achieved with matched DIMMS. The Installed amountof memory in Channel A is not equal to the amount of press any key to continue”

i am waiting for your quick & positive reply.

Amjad Zia

Reply

45 Omer ijaz February 1, 2010 at 10:34 pm

Hello,
I want to allow all sites accpect my live video streaming websits i.e youtube ,matacafe
how i can able to do that plz spourt me

Regarding
omer

Reply

46 khalil February 4, 2010 at 1:19 pm

Dear Mr. Atul,
Can u help me , I want to access my apps server from internet (out side of my local area network). your help is highly thanfull.

khalil mir

Reply

47 Manish Chaudhary February 6, 2010 at 8:11 am

hiiiiiiiii sir i want to block all porn website that can be access by user

Regarding

Manish Chaudhary

Reply

48 Ramin February 9, 2010 at 7:45 am

how to deny that user cannot download with using dmaster.exe

Reply

49 Mian Rehan Ahmad February 24, 2010 at 10:57 am

its good thanks a lot

very nice

Reply

50 zaheer February 28, 2010 at 6:42 am

i want to block images and video through squid server
plz help me

Reply

51 arman April 5, 2010 at 6:15 am

any say to me
how to block dpwnloading in internet
any knows pleas help me

Reply

52 Manish Chaudhary April 9, 2010 at 11:51 am

hiiii sir
i have done user authentication and contain filtering in squid proxy server it is working good but io want to restrict all porn website only for student user not for HCl user so how can i configure user base contain filtering
Thanks and Regards
Manish Chaudhary

Reply

53 John_Umesh December 22, 2010 at 9:27 am

Manish,
U can simply add deny rule for restriction on IP base.
Select the user to restrict add an acl with all IP addresses, add deny rule for that Acl (name that ACL as Student_Access etc)

This may solve your problem.

Umesh

Reply

54 Manikandan May 12, 2010 at 10:03 am

This forum site is more more useful for beginners…

Reply

55 hadi July 24, 2010 at 1:11 am

thx sir its work

Reply

56 prem kumar July 30, 2010 at 1:59 pm

I want to block rediff.com and yahoo.com how can i do that

Reply

57 Nur Cholikul Anwar August 10, 2010 at 7:42 am

Tks for your nice post very hepfull

Anwar

Reply

58 Firro September 28, 2010 at 3:29 pm

How can I stop youtube videos from playing on the clients at my network without blocking the actual Website. Em using Squid Proxy server

Reply

59 Bishal November 16, 2010 at 6:15 am

Hello all,

I have different scenario. I have linux firewall and squid installed in different server.
How can forward all lan clients to squid box from linux router, since forwarding from cisco router make squid box see all client coming from linux gateway ip. I want to see individual ip logs in squid box. How is it possible?

cisco router
|
|
Squid box (172.160.10.2)—–|——-Linux router (172.16.103)
|
eth1
|
LAN CLients (192.168.9.0/24)

Reply

60 Henry March 18, 2011 at 3:42 am

Hi Friends,

I want to download a film form the internet but was block.
Is there any possible solution?

Reply

61 Ambicapathy April 15, 2011 at 10:40 pm

Hi I am new to this forum..Very useful for me where I blocked the contents using the above mentioned source codes. It works perfectly.

But I need to allow the users to download a particular exe file alone. Help me how to do that in the squid.

Help from anyone is highly appreciated.

Reply

62 Vicky June 15, 2011 at 7:44 am

hi vivek,
is it possible to customize squid to view download rates by the different IPs & manually terminating the downloads ?
objective is to prevent big downloads (like movies,softwares) and not to penalise users requiring a small download of eg 3MB.

Thanks,
vicky [at] linuxmail.org

Reply

63 Rathish Babu July 8, 2011 at 12:10 pm

dear,
I want to give internet access control in my office. Now am using Ubuntu server and squid 2.7. I want to give access some web sites only to particular IP and want to give no internet access to some IPs. How it possible?

Reply

64 muzzmail September 8, 2011 at 10:42 am

i am use windows Xp 2000 kindly help me?
how can i use download files becoz my office is block all downloading

Reply

65 Ambicapathy October 3, 2011 at 2:58 pm

Hi experts please help me in blocking online games website using squid proxy. I tried many things. but nothing worked. I want to block miniclip.com and other flash games websites.

Please help me with this.

Reply

66 ratnakarreddy January 9, 2012 at 11:10 am

Hi, all
I am using cent os 5.5 and my proxy server is squid server.

My problem is i want to allow one of my users in the company can access a website http://www.youtube.com and none of the remaining should not access..

client ip is 192.168.1.170
website http://www.youtube.com

only this 192.168.1.170 user should access this website

Regards
ratnakarreddy

Reply

67 Chetan January 24, 2012 at 8:35 am

Hi,

I have installed squid 3.0 in our network.
everything is fine except, i am not able to open PDF files in my browser and Not able to attach files from gmail and yahoo.
I have checked with upload size and download size. its correct.
I think problem is with flash player or something else.
Please provide me solution for the same.
Thank you

Reply

68 naveen May 5, 2012 at 5:18 am

when i trying in this process in rhel 6 squid service is not start.
squid service is failed.
plz help me

Reply

69 vinod June 7, 2012 at 8:59 am

sir i am using rhel 6
how to block downloading mp3 mp4 flv
sir pls help me

Reply

70 Trillion July 18, 2012 at 1:36 pm

@naveen

Please check the content of squid.out. This will tell you what is wrong with your squid.

Reply

71 Rirhandzu July 19, 2012 at 10:33 am

please help i have an internet cafe’, and i use windows 7, how can i use/install squid
on it, to block those files.

Reply

72 rodel banez August 23, 2012 at 3:30 am

Can somebody give me the code on how to disable images from displaying on the browser. I was able to do this a long time ago in my squid. but i can not remember anymore.. I hope to hear a responce from anyone.. thank you…

Reply

73 Rahul September 12, 2012 at 5:16 am

Hi,
I want to block a verious proxy sites in my network so somebody help how to block proxy sites?

Reply

74 Priyadarshy Bhaisare December 25, 2013 at 1:59 pm

For security and to save bandwidth I would like to configure Squid proxy server such way that I do not want my users to download all of the following files:
MP3
MPEG
MPG
AVG
AVI
EXE

Reply

75 IQ January 11, 2014 at 3:48 pm

Hi!
In squid how I can block domain of a website like fb?

Reply

76 IQ January 11, 2014 at 3:50 pm

In squid how can i do content filring?

Reply

77 Prashant March 11, 2014 at 2:51 pm

Is there a way in which DAP and Torrents can be blocked using a proxy server (squid)

Thanks

Reply

78 simplewallsoftware April 2, 2014 at 10:59 am

Torrent cant be blocked by squid.
I see Intrusion Prevention System like SNORT/SURICATA have capability to detect and block torrent traffic based on signitures.
Still torrent can make its own way.

The best practice is you can block LAN User/IP address completly for 15-20 minutes who found having torrent traffic.

Reply

79 Prashant March 11, 2014 at 2:55 pm

I am unable to access outlook through the proxy. Can you help.

Reply

80 jitendra karadia September 29, 2014 at 4:52 am

have installed squid 3.0 in our network.
everything is fine except, i am not able to open PDF files in my browser and Not able to attach files from gmail and yahoo.
I have checked with upload size and download size. its correct.
I think problem is with flash player or something else.
Please provide me solution for the same.

Reply

Leave a Comment

Tagged as:

Previous Faq:

Next Faq: