Configuring a Whitelist
Open the squid configuration file, which on Linux should be in the following location:
/etc/squid/squid.conf
Squid whitelists are created using the acl whitelist directive.
To setup a small whitelist of sites, you can add them directly to the Squid conf file. To do this, add the following directives to the Squid conf file:
acl whitelist dstdomain .example.com .google.com .bing.com http_access allow whitelist
Note: Make sure you add this http_access line before the http_access line that allows proxy authenticated connections (this is the one that you would have added to configure proxy authentication). Otherwise the whitelist will not work.
In this example three domains are whitelisted. The whitelist includes all subdomains of these sites as well.
Save the configuration file. We are now ready to start Squid. If Squid is already running, reload the configuration file using the following command:
squid -k reconfigure
If squid is not already running, start it using the following command:
service squid start
Open a browser on a client machine. If you browse to one of the sites in the whitelist, Squid should not ask for a username and password. If you browse to any other site, Squid should ask you for a username and password.
Although this works, an easier to maintain solution would be to create a file of whitelisted sites. To do this, change the acl whitelist directive as follows:
acl whitelist dstdomain "/etc/squid/sites.whitelist.txt"
Next create a file called /etc/squid/sites.whitelist.txt and add in a list of sites to be whitelisted. For example:
.example.com .google.com .bing.com
Save the configuration file.
We are now ready to start Squid. If Squid is already running, reload the configuration file by running the following command as the root user:
squid -k reconfigure
If squid is not already running, start it by running the following command as the root user:
/etc/init.d/squid start
No comments:
Post a Comment