Q. For security and to save bandwidth I would like to configure Squid proxy server such way that I do not want my users to download all of the following files:
MP3
MPEG
MPG
AVG
AVI
EXE
How do I configure squid content filtering?
A. You can use squid ACL (access control list) to block all these files easily.
How do I block music files using squid content filtering ACL?
First open squid.conf file /etc/squid/squid.conf:
# vi /etc/squid/squid.conf
Now add following lines to your squid ACL section:
acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
You want display custom error message when a file is blocked:
# Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
Save and close the file.
Create custom error message HTML file called ERR_BLOCKED_FILES in /etc/squid/error/ directory or /usr/share/squid/errors/English directory.
# vi ERR_BLOCKED_FILES
Append following content:
<HTML> <HEAD> <TITLE>ERROR: Blocked file content</TITLE> </HEAD> <BODY> <H1>File is blocked due to new IT policy</H1> <p>Please contact helpdesk for more information:</p> Phone: 555-12435 (ext 44)<br> Email: helpdesk@yourcorp.com<br>
Caution: Do not include HTML close tags </HTML> </BODY> as it will be closed by squid.
Now create /etc/squid/blocks.files.acl file:
# vi /etc/squid/blocks.files.acl
Append following text:
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
Save and close the file. Restart Squid:
# /etc/init.d/squid restart
Squid in action:

(Click to enlarge)
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- My 10 UNIX Command Line Mistakes
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
- Email FAQ to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: 01/6/07



{ 3 trackbacks }
{ 47 comments… read them below or add one }
I use squid but all my filterings is done via dansguardian. Bannerfilter is great to stop adverts. And web custome written based admin console keeps my non un*x admins happy
In Squid, i want to do the routing through users?
eg. user-a, user-b if user a can access internet then data transer through 246kbps line & if user-b access internet then it’s data transer through 1mbps line.
[note:- user-a & user-b can set any where, any pc in network]
Hi,
I do the following configuration in squid but it is not possible to block the downloads.
Plz give me the solution for this
Hello, thanks, but it dosnt work for me…no effect.
david
In squid how I can block files for a particular IP or user
it worked for me , but it seems that still users are able to download files dont know how.
how i can totally block the download from users.
if u have downloading agent, then it by-pass and start download.
How can i make it strong so that no one can download any thing through any software.
Hi ,
i was config my proxy successfully. But i can’t access my outlook. i think its prots are blocked.
Then how can i unlock my outlook ports…
If anybody konw the solution, Please Immediately send to me… my NAT server ip was given to the gateway of my proxy server and proxy server gateway was given to the users gateway.. Its correct or not ..
If u know any other way….. please share with me…
I want the correct solution immediately…
MY personal EMAIL ID is saravanaprakasht@yahoo.com
my office is blocked to down load mp3 files. Can you please help me how to down load mp3 files.
Your favourable reply will be highly appreciated.
Thanks in advance
Das
Dear Sir,
I have followed your step-by-step instruction to block download files.
i succesfully manage to block the files while clicking selected files. and i received error msg from squid.
Unfortunately i still manage to download that file by simply using “Save Link As..” menu as i right click the mouse.
it seem like users still manage to download prohibited file as configured in squid by using right click menu.
please advice.
regards
amin
Help!
What if i want to…
replace “Men at work” with “Aliens at party”
Is this possible ?
Can i do this in squid without using any addons ?
This did not work at all. It is not blocking downloads. Yes one thing was possible that downloading by right clik and save target was stoped, rest all downloads are working. Not a good solution. Pls advise for another.
is there away to unblock bebo cuz are school is gay and has filtered ALL the proxy sites to date
thanks becci
please help me
restric the download option in proxy linux server
That won’t stop me from doing
GET http://www.example.com/foo.mp3?parameter=bogus
Hai friends pls help me in this
I our Company we have 200 system and one linux server i want to configure squid in a way that no body should download files in my network and 2 to 3 system i should give premision to download can any body help me plzzzzzzzzzz.
Is it possible to block downloads from yahoo mail and other web based email in Squid? I can block downloads using the instructions above but it can only block direct download from a site.
our admin blocked all media files if anybody can help me break his policy,,,
The blocking file list can be simpler by adding “-i” to the blockfiles statement in squid.conf, that is:
acl blockfiles urlpath_regex -i “/etc/squid/blocks.files.acl”
# and in
# /etc/squid/blocks.files.acl
.exe$
.avi$
.mpg$
.mpeg$
.mp33$
shankar, you can do it like this:
in your squid.conf
…
acl special_grp src “/etc/squid/special_grp”
acl blocked_files url_regex -i “/etc/squid/blocked_files
…
http_access allow special_grp blocked_files
http_access deny !special_grp blocked_files
…
# make sure the above lines are above the line “http_access allow our_networks”
in your /etc/squid/special_grp enter the ips of the systems (one ip per line) that you allow to download and in your /etc/squid/block_files enter the following content
\.exe$
\.avi$
\.mpg$
\.mpeg$
\.mp3$
Then reload squid and you are all set.
it’s done by easy step like
acl downloadfiles urlpath_regex -i “/etc/squid/downloadfiles.acl”
http_access deny downloadfiles
i want me to download mp3 of my choice but it is blocked.it just saves the file as HTML document rather than mp3 format how i can get rid of it.i use the intrnet provided by LAN of my company.
Hi
This is my first time to enter in to this forum.
I want to block users to more than 5MB per day.How can I do so.
I am using Lunix Fedora
Regargs
Hi everone,I had configure squid proxy server still it’s working but i need restrict to downloads for users can u help.already i am doing like.acl blickfile urlpath _ regix -i “/etc/squid/blocks.filies.acl”
http_access deny blockfiles
deny_info ERR_BLOCKED_FILES blockfiles acl
iam creating file block.files.acl under squid
mention all extention on that file like \.exe$
after restarting the sevice
but .exe file will downloaded . Can you help where exact problem found.
Thanks
venkat
The method described in this post can be easily passed if user appends a single question mark or to supply some information that is not required, see it yourself:
http://example.com/file.exe?
or
http://example.com/file..exe?name=test
Hello, I have hostel Boys downloard movies I dont want. how can i block all downloarding. we are providing wi-fi. if i block my server is that ok for all ??? please reply very urgent at varunmalik1985@hotmail.com
Dear All,
I have done above procedure & it is working good, but there is a problem,
It also blocked symantec live update, Kindly help me for allow symantec live update with these reistrictions.
Thankx
sir I want to configure the squid proxy server file in such a way that it contains one public IP and two private IP (EX 192.168.0.1 172.16.0.1 ) and and block various sites (I.E orkut.com , blocl exe file download etc) but in some ip there is no rule ; please tell me how can i configure that proxy server .
Please help me configure
Sir,in my company we have two gateways and need to give access only to few selected people in my office. and they need to configure through squid. Please help me… Can anyone help me. If so i would be thankful to them
Bala
Is this possibe that if a network/IP not allowed in squid try to come through his/her browser ( by using the squid IP in the browser) then his/her browser should display a message ( you are not allowed to come throught this proxy or any other message)
Waiting .
Regards,
Ishtiaq Ahmed
Hi
Dear
i am usind squid in linux for proxy server i want to block the downloading , music file of all types of extensions image file for user side please guide mein this regard. & also i want to block chatting all kinds of messangers.
Dear
how are you i am facing a problem regarding blocking of unwanted sites in my network using squid please help me in this regards. i want to block all kinds of messangers, chat sites musical sites & all other voulger sites. i am waiting for your quick response.
Thanks
Amjad Shaikh
@ Amjad
Hi , you need to create the acl for that I wll give you the syntax for that
under acl tag write like this
acl block url_regex “/etc/squid/squid-block.acl”
and under http_access block
http_access allow manager should be changed to http_access allow all
http_access deny block
and create a seperate file squid-block.acl and list out those unwanted sites and then reload the squid.
Make sure that ur internet connection is made through proxy
Regarding messanger and chat sites you need to use iptables
how to block porn website using squid server
how to block websites
Hi
could some one please guide me that how to integrate the squid with Active directory to filter/ schedule the access to web based on the usernames (From Active directory)
Hi,
How can i blcok Gpass,Freegate & UltraSurf using Fedora 11 Squid Proxy.
we have got wi-fi by college but we are unable to download any videoes or we can’t even see pictures.so suggest us..
hi how r u .would u like to tell where we place this lines please
can u send code with example
http_access allow special_grp blocked_files
http_access deny !special_grp blocked_files
i block downloading on fedora 11.now i want to allow some ip to download and watch online movie
how can i make white class of these ip
plz inform with example
Dear Sir,
I have followed your step-by-step instruction to block download files.
i succesfully manage to block the files while clicking selected files. and i received error msg from squid.
Unfortunately i still manage to download that file by simply using “Save Link As..” menu as i right click the mouse.
it seem like users still manage to download prohibited file as configured in squid by using right click menu.
please advice.
regards
kushal
Vivek,
Is this the route one would take to create a music download service? By that I mean, if a user has not paid for certain music, they can be restricted from downloading a particular track or album, however if they have paid they are granted access. Also, if it is a shared environment with access only to a DB such as MySQL and a scripting language such as PHP, how would this be possible?
rocaboy1uk: No
Dear
AOA
How are you, i hope that you are fine , on my MINUX Machine an error messgae is dispalyed when i start the machine please solve my problem on urgent bases the error message is as “Maximum Memory Performance is achieved with matched DIMMS. The Installed amountof memory in Channel A is not equal to the amount of press any key to continue”
i am waiting for your quick & positive reply.
Amjad Zia
Hello,
I want to allow all sites accpect my live video streaming websits i.e youtube ,matacafe
how i can able to do that plz spourt me
Regarding
omer
Dear Mr. Atul,
Can u help me , I want to access my apps server from internet (out side of my local area network). your help is highly thanfull.
khalil mir
hiiiiiiiii sir i want to block all porn website that can be access by user
Regarding
Manish Chaudhary
how to deny that user cannot download with using dmaster.exe