HowTo Block Internet Explorer Browser With Squid Proxy Server on a Linux/Unix Server

I want to block Internet Explorer (MS-IE) browser on a squid proxy server running on a Linux or Unix-like systems. How can I block IE on a squid proxy server version 3.x?

You need to setup an acl on a squid proxy server to block Microsoft Internet Explorer or any other browser of your choice. This tutorials explains how to block Internet Explorer browsers with Squid proxy running on a Ubuntu Linux and CentOS Linux version 6.x server. This is also useful to fix an known vulnerability coming from a specific version of browser. Please note the following acl based on user-agents and it can be spoofed easily.

Warning: Please note that third-party browser add-ons or bots can alter the user-agent string on the client side itself. So the following may not work at all.

Syntax to block squid using User-Agent header

The acl syntax is as follows tn match on User-Agent header:

acl acl_name_here browser User_Agent_Here

Step 1: Edit squid.conf

Type the following command:

sudo vi /etc/squid/squid.conf

Step 2: Enable User-agent log in squid.conf

Make sure access_log set to combined (default is squid):

access_log daemon:/var/log/squid3/access.log combined

Step 3: Update/append acl

Local acl section and append the following configuration directives to your squid.conf file:

## block all version of MSIE ## 
acl block_browser browser MSIE
http_access deny block_browser

It is also possible to block specific version or other browsers too:

acl block_bad_browser browser MSIE.9
acl block_bad_browser browser MSIE.10
acl block_bad_browser browser Firefox
acl block_bad_browser browser Chrome/38
http_access deny block_bad_browser

You can also use the following syntax which is very fast:

acl aclname req_header header-name [-i] regex

Save and close the file.

Step 4: Reload squid server

To reload Squid Proxy Server without restarting squid daemon, enter:

sudo /usr/sbin/squid -k reconfigure

Step 5: Test it

Here is a sample screen showing blocked browser:

Fig.01: Firefox is blocked using Squid 3.x

References

Squid configuration directive acl documentation.

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

Your support makes a big difference:

I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft takes a lot of my time and hard work to produce. If everyone who reads nixCraft, who likes it, helps fund it, my future would be more secure. You can donate as little as $1 to support nixCraft:

2 comment

shouldn’t this read:
acl block_browser browser MSIE
http_access deny block_browser

Not:
acl block_browser browser MSIE
http_access deny block_browse

You left off the final “R”. I’m not trying to nit pick but I assume that the block_browser label should match on each line.
You also did the same thing for block_bad_browser in your second code segment.

Vivek Gite says:
May 4, 2015 at 6:17 am
Thanks for the heads up!

Daniel says:
May 3, 2015 at 11:25 pm
shouldn’t this read:
acl block_browser browser MSIE
http_access deny block_browser
Not:
acl block_browser browser MSIE
http_access deny block_browse
You left off the final “R”. I’m not trying to nit pick but I assume that the block_browser label should match on each line.
You also did the same thing for block_bad_browser in your second code segment.
1. Vivek Gite says:
  May 4, 2015 at 6:17 am
  Thanks for the heads up!

Have a question? Post it on our forum!