Blocking Sites at Certain Times with Squid

Configuring Squid can be challenging at times but here is a simple and easy example of how to block sites.  Let’s start!

Define the Problem

Let’s first go ahead and outline what we would like to accomplish.  This Squid proxy will be located in a home where children use Netflix and Hulu.  We’ll define one requirement: the kids should not be able to access Netflix or Hulu after 9PM on school nights (Sunday through Thursday).

Configuration

Let’s create a minimal config for Squid.  Make /etc/squid/squid.conf look like this:

# Service Configuration
http_port 10.211.55.4:3128
 
 
# ACLs
## Deny access to Netflix and Hulu after 9PM if it's a school night
acl kids_subnet src 10.1.2.0/24
acl school_night_after_9 time SMTWH 21:00-24:00
acl media_sites dstdomain "/etc/squid/media_sites.txt"
http_access deny school_night_after_9 media_sites kids_subnet

As you can see in the configuration above, we’ve set the listening port and our first ACL.  The ACL blocks access to a list of sites (listed in /etc/squid/media_sites.txt) for all users sourcing from a device in the 10.1.2.0/24 subnet (which is where the kids’ tablets are located).  In our /etc/squid/media_sites.txt, we’ll add Netflix and Hulu:

.hulu.com
.netflix.com

Go ahead and check your configuration and then restart the service:

squid -k reconfigure
systemctl restart squid

Testing our Configuration

Now, to test this, we’ll put our test machine on the 10.1.2.0/24 subnet and try to access Netflix at two different times of the day:

Looks like our config works!