Sure thing, so you are a small or medium sized company and you notice that people surf Porn, or really anything they are not allowed to during work time, instead of working. Your boss tells you “STOP THEM” and you think, well I heard of proxies once…

Well here is a quick introduction to proxies and how to configure Squid to block Porn. However, the way this works, can be really used to block any website that way.

First of all, what is a proxy server? Well its a server that connects to a website for you and keeps the page you read. Ok, its not quite THAT simple but close. Basically your Browser connects to the proxy and sends the request for the page you want to view. The proxy then actually connects to the website and fetches the page you wanted and THEN sends it to you. Now this is already pretty neat for administrators since you can restrict that way what people can access, since you can proxy also FTP and even SSH. Now the cool feature is that a proxy server caches (keeps it for a while) the web-page you requested, or at least the images on that page. Why, you ask? The next person surfing the same page will get it much quicker since the images are already on your proxy so it doesn’t need to fetch everything again, just the text if it has changed or images that are different. This can, on companies with small internet lines, have a big impact since you actually don’t use so much bandwidth. Another good feature would be that you can block or inspect for specific text, each URL that is requested. You can, for example, prevent phishing sites, remote browser hacks etc.
Ok, now that we have a clearer image on what proxies do, it’s time to install and configure one. On our trusty Debian Server (in Fedora the command is yum install , we execute the following command:

shorty#apt-get install squid

Now if there are questions asked accept all the defaults. If you would configure your browser (see below for instructions) to use the proxy you would get a PERMISSION denied. because right now no-one is really allowed to use the proxy. So, we have to change that . to do so, edit the file : /etc/squid/squid.conf and look for this line: # INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS below that add the following lines:

acl porn url_regex "/etc/squid/domains"
acl our_networks src 10.1.2.0/24 10.1.3.0/24
http_access allow our_networks !porn
http_access allow localhost !porn


Change the IP ranges to reflect your home network or company network. Don’t worry about the PORN line , yet. just add it. Restart the Squid service with /etc/init.d/squid restart (or on Fedora: service squid restart) and now if you connect with your browser to the proxy you actually get the web-page you wanted. But it does not block anything yet because the porn.txt file is not there yet. So instead of collecting all kinds of porn URLs you can fetch a text file with a list of URLs from here for example. This is a big tarball (7.5MB) which you have to extract. It will create a bunch of subdirectories, which contain 2 files each, urls and domains. Domains contain just the domain names, which is what you want to block, urls contain specific other URLs where porn is found but it is not in the scope of the 20 minute tutorial. Copy the file porn/domains into /etc/squid/, restart squid one more time and try to access sex.com. You will get a denied Webpage. You can add new URLs to the file as you want, its plain text really. You should need a somewhat powerful server though since the reading of the file can be quite heavy. You can customize Squid very much , its a very powerful software and I highly recommend reading the documentation. This article was meant to get you started. Later on we discuss some heavy security that can be done with squid and a Squid config generator is in the works by me:). And if you want to block all the other files that are in that tarball, just follow the same instructions.

BROWSER CONFIGURATION:
Ok so you have your proxy but now you want everyone to use it? Well here is a quick guide to configure Firefox to use your proxy. a more detailed guide for more things might come later but this definitely gets you started.

Open Firefox and go to TOOLS / PREFERENCES (or OPTIONS). in the main window you will see the CONNECTION SETTINGS like shown here:

Click on it and then fill in the values as shown here, but make sure you use your Proxies IP address and at the bottom where it says NO PROXY FOR: make sure you add your own network range, not the one shown :

And tada now the browser uses the proxy all the time. In a later article i will show you neat tricks with Windows Active directory and forced proxy usage. Got anything to add, feel free to do so. Personally I still think squid is one of the great OpenSource Softwares, like Apache and of course OpenOffice and Linux itself.

//Flosse

Popularity: 12% [?]