Wednesday, July 9, 2008

How to deny users access to certain sites at specific times

right, now you've got Squid up and running and its saving your company oodles of bandwidth as it serves cached websites to your users. other great features of squid is its use of Access lists (ACL's). Here is a way that you can restrict your users access to specific sites during specific times, lets say for this example that you do not want your users to access youtube, facebook and myspace between 8:30 am and 5:00pm but you didn't mind if they accessed those sites before 8:30am and after 5:00pm one way of accomplishing this is the following.
create a file in your /etc/squid/ directory called band_sites
you can do this by typing vi /etc/squid/band_sites
then in the empty file put a list of sites you want to ban your users from visiting
like so

save the file by typing :wq
change the ownership of the file so that the squid group can access the file
chown root.squid /etc/squid/band_sites
and then change the permissions to the file
chmod 640 /etc//squid/band_sites

edit your squid configuration file and then add the following ACL's.
It is important that you put these ACL's at the top
of the file, before your http_access allow our_networks
since ACL's are applied from top to bottom.
vi /etc/squid/squid.conf
acl work_time time 8:30-17:30
acl band_sites dstdom_regex -i "/etc/squid/band_sites"
http_access deny band_sites work_time

save your config file
and then reload squid by typing
/etc/init.d/squid reload


No comments: