Squid: Restrict access to websites
If you have followed my guidelines on how to install Squid, you might have noticed that the assumption was, that your home-user base would not abuse the net.
You add a ten-year old on school-holidays and YouTube to the mix and you will realise that spending 2GB on Youtube in a few hours is nothing …. eeek.
I needed a quick fix, without denying the young padawan access to the internet. After some research, I found that I could implement access-controls on a source-IP basis via Squid resulting in the following page:
The implementation is really simple and sufficient for my means – read the details after the jump.
- Edit the Squid.conf (on the Synology it will be in /opt/etc/squid/squid.conf)
- In the ACL settings as the last line, add the following section: acl nonblockedip src 172.16.0.3 172.16.0.5. Specify the IP’s which should have access to the restricted sites (why should you deny yourself access to You Tube???)
- Below it, add the ACL for the blocked sites: acl blocksites dstdomain “/opt/etc/squid/restricted-sites.squid”. Note that you have to specify the correct location of the restricted-sites.squid-file, which is a simple text file containing a list of domain-names to be blocked (one domain per line).
- Add the following before all http_access entries: http_access deny blocksites !nonblockedip all. This will in essence block all websites for all IP-addresses other than the ones listed in the nonblockedip-ACL list.
- You might want to adjust Squid’s boring default error pages. In this case I modified the access-denied page located at /opt/share/squid/errors/English/ERR_ACCESS_DENIED to look the way you see it above.