It’s a known issue, that users tend to overload the network by downloading movies, music, etc… so the admin would like to put the users into a chroot environment. Now this doesn’t gonna happen, since we can restrict some downloads using squid. The condition is an installed and configured squid.
This HOWTO is written for Squid version 2.5.3, since the configuration parameteres changed a bit. Now edit with your favourite editor (vim:) squid.conf, wherever it is located on your system. Let’s make a directory for the misc squid configuration files.
osiris:~# vim /etc/squid.conf
Here are the lines you have to put into your squid.conf configuration file:
auth_param basic program /usr/lib/squid/ncsa_auth /etc/squid/passwd
auth_param basic children 5
auth_param basic realm Put here some text
auth_param basic credentialsttl 2 hours
# ACL
acl local-network src 192.168.0.0/255.255.0.0
acl deny_ext urlpath_regex -i “/etc/squid/deny_ext”
acl password proxy_auth REQUIRED
# HTTP ACCESS
http_access allow deny_ext password
http_access allow local-network
Let me explain the configuration above. First we have to specify the authentification parameters. Then we can add some acl’s: We create a rule for the local-network source. The second acl points to the deny_ext file, where you will put your extensions to deny. The third acl is the proxy authentification rule, you can put usernames afterword or just ‘REQUIRED’ to no specific username. Finally we have to put these acl’s in the http_access list. Please notice, that the order is very important, since the request gets the first matching rule. So we have to put the deny rules at the beginning.
We have to create the password file:
You have to confirm twice the password for the new user. Now lets put some extensions into our /etc/squid/deny_ext file:
\.bat$
\.com$
\.vbs$
\.ini$
\.dll$
\.mp3$
\.avi$
\.mpg$
\.mpeg$
\.asf$
\.wav$
\.ogg$
\.rm$
\.ram$
\.mov$
[..]
We have to restart squid and it should work. Some good plugins for squid you can find on Sarg’s page, like password expire for authentification, etc…
Copyright © 2002 Istvan Sebestyen.
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts and with no Back-Cover Texts. A Copy of the license is available at http://www.gnu.org/copyleft/fdl.html
This Document/Tutorial was written by Istvan Sebestyen .
Special thanks to algernon on the #linux channel of the SIRC Network.
Loading ...