Configuring Squid can be challenging at times but here is a simple and easy example of how to block sites. Let’s start!
Let’s first go ahead and outline what we would like to accomplish. This Squid proxy will be located in a home where children use Netflix and Hulu. We’ll define one requirement: the kids should not be able to access Netflix or Hulu after 9PM on school nights (Sunday through Thursday).
Let’s create a minimal config for Squid. Make /etc/squid/squid.conf look like this:
# Service Configuration
http_port 10.211.55.4:3128
# ACLs
## Deny access to Netflix and Hulu after 9PM if it's a school night
acl kids_subnet src 10.1.2.0/24
acl school_night_after_9 time SMTWH 21:00-24:00
acl media_sites dstdomain "/etc/squid/media_sites.txt"
http_access deny school_night_after_9 media_sites kids_subnet
As you can see in the configuration above, we’ve set the listening port and our first ACL. The ACL blocks access to a list of sites (listed in /etc/squid/media_sites.txt) for all users sourcing from a device in the 10.1.2.0/24 subnet (which is where the kids’ tablets are located). In our /etc/squid/media_sites.txt, we’ll add Netflix and Hulu:
.hulu.com
.netflix.com
Go ahead and check your configuration and then restart the service:
squid -k reconfigure
systemctl restart squid
Now, to test this, we’ll put our test machine on the 10.1.2.0/24 subnet and try to access Netflix at two different times of the day:
Looks like our config works!