Squid configuration

  • The squid access control blacklist only accepts IP address. I want to filter .somedomainname.com, not just an IP address.  If I modify the /var/squid/acl/blacklist.acl, it does work, until reboot. I have also created a /var/squid/acl/blacklist1.acl file and modified squid.conf  adding: acl blacklist1 estdomain -i "/var/squid/acl/blacklist1.acl" and http_access deny blacklist1. This works great. I created blacklist1 because any modifications to blacklist.acl are wiped out on reboot. Unfortunately, any changes to squid.conf are also wiped out after a reboot.

    Is there a way to make the blacklist accept URL names?


    Can I somehow force changes to the blacklist or configuration file to be permanent?

  • I had to play with the squid configuration last month, before the GUI made it to the webConfiguration.

    First off, correct me if I'm wrong, but blacklisting domain names (or anything other than an IP adress for that matter) will require a RegExp match of some sort (check out the squid doc).

    As for losing the squid configuration, I had that problem too. Its because it is dinamically generated on boot. The 'real' permanent configuration parameters are in the config.xml file (if I remember well) … changing them there will make your changes persistent.

    I would really, really like to see RegExp ACL's (black & white listing) in the next squid webConfigurator interface. These filters can block dangerous file extensions, which is a must for a proxy on a security appliance.

    Hope this helps ...

Log in to reply