Squid Deny Users Accessing a Website

How do I deny a user accessing particular website? For example deny access to a website called foo.com.

Squid cache is a popular open source web proxy server and web cache software.

It has a wide variety of uses, from speeding up a web server by caching repeated requests, to caching web, DNS and other network lookups for a group of people sharing network resources, to aiding security by filtering traffic.

Squid has powerful ACL (access control list). The primary use of the acl system is to implement simple access control.

How to deny a user from accessing particular site?

To block site called foo.com you need to add following two lines to your squid configuration file.
# vi /etc/squid/squid.conf

Search for `Access Controls’ and append following two lines:
acl blocksites dstdomain .foo.com
http_access deny blocksites

Save and close the file. Restart Squid:
# /etc/init.d/squid restart

Let us say you would like to deny access for anyone who browses to a URL with the word “bar” in it. Append following ACL:
acl blockregexurl url_regex -i bar
http_access deny blockregexurl

Save and close the file.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 27 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
27 comments… add one
  • Maroon Jan 22, 2007 @ 8:46

    it’s out of subject! but related to SQuid.

    I need to know what is the best filesystem compatilbe with storeio? to get the best perfomance ever…

    one more questions about refresh_pattern anyone explain more to me about it…

    any help would be highly appreciated

    this squid is for caching onlu purpose and I’m looking to fine-tune it to get the best caching server ever.. thank you

    • arnab Mar 11, 2011 @ 15:20

      website blocking configuration is not working in squid…. plz help me

  • Tek Bahadur Limbu Feb 19, 2007 @ 8:40

    If you would like to experiment on Squid, the best file storage system for Squid would be COSS in my opinion. I am currently using ufs, aufs, diskd and coss in my squid servers. You have to compile Squid with the following options to enable all the storage systems: –enable-storeio=coss,ufs diskd null aufs

    Please see the great Squid FAQ at: http://wiki.squid-cache.org/SquidFaq/

    The default refresh-pattern should be good enough for almost any system:

    refresh_pattern ^ftp: 1440 20% 10080
    refresh_pattern ^gopher: 1440 0% 1440
    refresh_pattern . 0 20% 4320

    However if your needs are very specific, please see the default squid.conf for further details.

    Have a nice day !!

  • elvis Mar 2, 2007 @ 8:45

    i setup squid on a win2003 server os.fine i got it working but my challenge now is getting it to do web filtering to restrict access to certain sites. my research on this brought me to this site and i have tried the methods described here with no success.pls can any one help me out with this? u could send ur reply to my email: uwa45@yahoo.com. if neccessary a squid conf file wld be appreciated so that i can cross check with what i did.
    Thanks for all ur help and support.

  • size limitetion for attachment Jul 14, 2007 @ 7:50

    I setup the squid in linux intigration of windows. we are useing more then 20 users every thinking is working fine, but i think due to trafic squid is working only a day after it is dead. i want to improve the stability (mean i want to do fine fuining)

    and i what restrict the users while attching file size to 1M maximem.

    pls do the needful

  • kulpreet Aug 2, 2007 @ 7:48

    Qiestion: How to configure sarg and squidGuard for squid servers to improve performance ?

  • Jv Jan 29, 2008 @ 12:34

    What r the solution for many no. of sites/domain blocking using above method?

  • Nandkishor Apr 10, 2008 @ 9:47

    I have setup the transperant squid proxy to block some downloading & some urls.
    How to block or deny the online listening musics & videows. Like for url youtube.com

    Any Idea.


  • sreekumar May 16, 2008 @ 12:04

    how can i block a website in a particlar syatem or IP through squid

  • jonayed Jul 26, 2008 @ 10:03

    Hi all,
    I using squid as firewall. I want to block teamviewer which uses port 80 i guess.but i have to keep the 80 port open for browsing purpose. i am not that good at linux.
    Can any one please help.

    Thanks in advance

  • vijay Oct 22, 2008 @ 10:36

    Hi Vivek,
    I have configure squid in my office using your earlier artical of making transperent proxy. I want to block some site, for that I have use this artical but its not working. Please help.


  • Arunraj Dec 30, 2008 @ 5:31

    Hi friend,
    Can u help me to “cache a particular website and store it in local system and if the client user send a request for that particular site, the proxy first check it in local cache,if not available means pass the request to internet” this is my requirement how to configure this by using squid proxy.

  • Mahesh Sharma Aug 28, 2009 @ 6:42

    please solved my problem
    thirty pc’s in a room i have installed redhat linux 5 but i want to make a pc’s server
    and i need that i am blocking some sites which not shown front web page which we want to block
    any sites.
    and i have a broadband connection and i want that with my computer’s ip address can be supplied
    which we want to result is that my internet and my local area connection both are working together and
    i no need for obtain my ip addresses

  • Gregor Bruhin Dec 17, 2009 @ 7:22

    To block teamviewer you can add something like this to your squid config:

    acl teamviewer url_regex din\.aspx$ dout\.aspx$
    http_access deny teamviewer

  • Rohit Jan 1, 2010 @ 10:57

    I want Access a Web site of a specific IP address.
    how do this????????????

  • Jacob Jan 18, 2010 @ 22:15

    I need to setup so that I can have certain machines blocked from some websites and certain machine allowed to access. For example
    machine 1 can access msnbc.com
    machine 2 can not access msnbc.com

    Can you advise what the easiest way to set this up is?


  • Teklay Feb 4, 2010 @ 9:26

    i tried to block for a specific site and i get that working. but is there a means to block based on source address and destination ipaddress or domain name just in one acl definition?. this kind of acl is very common in Cisco routers.
    for eg. i want to deny a web traffic that originates from a specific ip address and its destination address is say http://www.google.com.
    can any body tell me how to proceede?

  • Yared Aug 20, 2010 @ 8:15

    by default youtube.com is blocked in Dansguardian, how can i allow youtube.com to be accessed in Squid Guard?


  • Arek Oct 1, 2010 @ 8:38

    Does not work. There is even no section called `Access Controls’

  • kosala Oct 22, 2010 @ 7:15


    i need to release the website block for the holidays.

    So how can i define a specific day from squid proxy conf.

    thanks in advance

    • dlcomm Dec 18, 2010 @ 9:44

      On method is to create a cron job. You can have cron jobs to append to the .conf file or simply backup and replace it.

  • Agent_99 May 10, 2011 @ 5:35

    Does anyone knows how to block proxy browsing (anonymous Browsing via squid proxy server) ???

  • Sony AK May 13, 2011 @ 4:05

    what about URL like this? http://www.google.com/accounts can?

  • DFR Sep 15, 2011 @ 19:42

    Can someone help me here? I was trying to block some website using squid, it works… it blocked the sites i listed to be blocked, but it also blocked a system we are using it open the web site but the system does not work, it uses java.

  • Ambicapathy Oct 3, 2011 @ 15:09

    Can someone help me in blocking miniclip.com games sites. I tried different ways and none was working. Still users are able to access the site.

    Please help me with this.

  • Deepak Agrawal Oct 17, 2011 @ 10:05

    How to deny a particular user from accessing particular site?

    • Isurinda Jayawardana Nov 5, 2011 @ 5:03

      You can use netbios name of that user’s computer and block sites

      here is a sample config

      === squid.conf ===
      acl BLOCK_USER_FROM_NETBIOS srcdomain “/etc/squid/BLOCK_USER_FROM_NETBIOS”
      acl BLOCKED_URLS_FOR_SPECIFIC_USER dstdomain “/etc/squid/BLOCKED_URLS”
      Create a file : BLOCK_USER_FROM_NETBIOS in /etc/squid/ ( I suppose your squid configuration directory is /etc/squid)
      add your user’s computer name there. as an example, lets say computer name is “deepak” and your local domain name is “example.org” suppose your computer is a domain member of example.org. so the netbios name will be “deepak.example.org” , add that to your BLOCK_USER_FROM_NETBIOS file.

      after that create a file /etc/squid/BLOCKED_URLS
      and add urls you need to block. suppose you need to block facebook.com, add a line like this .facebook.com

      reload your configurations
      #squid -k reconfigure
      or restart the service.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum