HowTo Block Internet Explorer Browser With Squid Proxy Server on a Linux/Unix Server

I want to block Internet Explorer (MS-IE) browser on a squid proxy server running on a Linux or Unix-like systems. How can I block IE on a squid proxy server version 3.x?

You need to setup an acl on a squid proxy server to block Microsoft Internet Explorer or any other browser of your choice. This tutorials explains how to block [donotprint][/donotprint] Internet Explorer browsers with Squid proxy running on a Ubuntu Linux and CentOS Linux version 6.x server. This is also useful to fix an known vulnerability coming from a specific version of browser. Please note the following acl based on user-agents and it can be spoofed easily.

Syntax to block squid using User-Agent header

The acl syntax is as follows tn match on User-Agent header:

acl acl_name_here browser User_Agent_Here

Step 1: Edit squid.conf

Type the following command:

sudo vi /etc/squid/squid.conf

Step 2: Enable User-agent log in squid.conf

Make sure access_log set to combined (default is squid):

access_log daemon:/var/log/squid3/access.log combined

Step 3: Update/append acl

Local acl section and append the following configuration directives to your squid.conf file:

## block all version of MSIE ## 
acl block_browser browser MSIE
http_access deny block_browser

It is also possible to block specific version or other browsers too:

acl block_bad_browser browser MSIE.9
acl block_bad_browser browser MSIE.10
acl block_bad_browser browser Firefox
acl block_bad_browser browser Chrome/38
http_access deny block_bad_browser

You can also use the following syntax which is very fast:

acl aclname req_header header-name [-i] regex

Save and close the file.

Step 4: Reload squid server

To reload Squid Proxy Server without restarting squid daemon, enter:

sudo /usr/sbin/squid -k reconfigure

Step 5: Test it

Here is a sample screen showing blocked browser:

Fig.01: Firefox is blocked using Squid 3.x

References

Squid configuration directive acl documentation.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

2 comment

shouldn’t this read:
acl block_browser browser MSIE
http_access deny block_browser

Not:
acl block_browser browser MSIE
http_access deny block_browse

You left off the final “R”. I’m not trying to nit pick but I assume that the block_browser label should match on each line.
You also did the same thing for block_bad_browser in your second code segment.

Vivek Gite says:
May 4, 2015 at 6:17 am
Thanks for the heads up!

Daniel says:
May 3, 2015 at 11:25 pm
shouldn’t this read:
acl block_browser browser MSIE
http_access deny block_browser
Not:
acl block_browser browser MSIE
http_access deny block_browse
You left off the final “R”. I’m not trying to nit pick but I assume that the block_browser label should match on each line.
You also did the same thing for block_bad_browser in your second code segment.
1. Vivek Gite says:
  May 4, 2015 at 6:17 am
  Thanks for the heads up!

Still, have a question? Get help on our forum!

Adblock detected 😱