Category Archives: squid

being a dictator syadmin: blocking sites using squid

Sometime, it’s hard to be a sysadmin, because sometime we have to do evil thing. A good example is, blocking sites, that, have legal use, but some one high above, want it so.

In squid, the is a squid.conf, which should be resided, in your configuration directory. In my example, my network server running fc 7, using squid from repository, so the configuration is in, /etc/squid

In the squid.conf, comes 2 directive, the acl, and http_access. Just below the acl to your own network,
which should be
acl something src “a list of ip”

From this line, there is 2 way to blog a site
First Way
Add the following:

acl evilsite dstdomain somesite
acl deny evilsite

This is not a bad idea, except, for all the site, you want to block, you will have to add one by one.
Make a messy configuration file, more messy.
another way is to create a file with a list of bad ip.

Second Way
first as root create a text file, which I just put it in the same directory as squid.conf. And fill it with the ip you want to block, separated with a newline.
Which in my example, in my squid configuration directory

touch restricted-site.squid

This will create a empty text file

echo “http://evilsite” >>restricted-site.squid

This will add the a line in restricted-site.squid
do it again, by change http://evilsite. with another site.

then create a new acl in your squid.conf

acl badlist dstdomain “yourlistfile
http_access deny badlist

Now this way, you can just add a site, to the restricted file, with messing with the already messy, squid.conf

p.s This is tested on a server I manage, which runs fedora. Not my laptop which runs ubuntu

server project: cache is full

Today we got the problem where our squid server shutdown because of disk full error:

the solution for that, after check around the faq is:
(our cache is in /var/spool/squid, since it is from the repo), change it to your cache directory
cd /var/spool/squid

type this, in /var/spool/squid:

echo “”>swap.state

make sure you have root access before you attempt it.