Configuring Squid can be challenging at times but here is a simple and easy example of how to block sites. Let’s start!
Define the Problem
Let’s first go ahead and outline what we would like to accomplish. This Squid proxy will be located in a home where children use Netflix and Hulu. We’ll define one requirement: the kids should not be able to access Netflix or Hulu after 9PM on school nights (Sunday through Thursday).
Let’s create a minimal config for Squid. Make /etc/squid/squid.conf look like this:
# Service Configuration http_port 10.211.55.4:3128 # ACLs ## Deny access to Netflix and Hulu after 9PM if it's a school night acl kids_subnet src 10.1.2.0/24 acl school_night_after_9 time SMTWH 21:00-24:00 acl media_sites dstdomain "/etc/squid/media_sites.txt" http_access deny school_night_after_9 media_sites kids_subnet
As you can see in the configuration above, we’ve set the listening port and our first ACL. The ACL blocks access to a list of sites (listed in /etc/squid/media_sites.txt) for all users sourcing from a device in the 10.1.2.0/24 subnet (which is where the kids’ tablets are located). In our /etc/squid/media_sites.txt, we’ll add Netflix and Hulu:
Go ahead and check your configuration and then restart the service:
squid -k reconfigure systemctl restart squid
Testing our Configuration
Now, to test this, we’ll put our test machine on the 10.1.2.0/24 subnet and try to access Netflix at two different times of the day:
Looks like our config works!