[squid-users] Re: How to: Block certain domains

From: Joost de Heer <sanguis@dont-contact.us>
Date: Mon, 19 Sep 2005 16:58:16 +0200 (CEST)

James Moe said:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
> ~ Disclaimer: Yes, I RTFM. Yes, I scanned the archives; because there is
> no search, I probably missed a similar question. Yes, I have lurked here
> for a couple of weeks.
>
> ~ v2.5.stable5
> ~ Can squid be configured to deny access to certain domains? Like
> *.doubleclick.net or *.falkag.net? The "acl <waste-of-time> dstdomain
> <unwanted>" + "http_access deny <waste-of-time>" looked promising but had
> no effect; the hosts were accessed anyway.

> ~ Here is what I tried:
> acl adclick1 dstdomain .doubleclick.net
> acl adclick2 dstdomain .valueclick.net
> acl adclick3 dstdomain .falkag.net
> http_access deny adclick1 adclick2 adclick3

acl's are 'OR' lists, http_access rules are 'AND' lists. Your http_access
rule will never be true, because the destination domain is never
.doubleclick.net AND .valueclick.net AND .falkag.net.

So what you want is
acl adclick dstdomain .doubleclick.net .valueclick.net .falkag.net
http_access deny adclick

This will deny access if dstdomain is .doubleclick.net OR .valueclick.net
OR .falkag.net.

If your list of ads-to-block is very long, you can also use
acl adclick dstdomain "/path/to/textfile"
where /path/to/textfile is a list of domains (one per line). You can add
comments in this file by starting the line with #.

> ~ How does squid block/deny/etc specified domains?

With a dstdomain acl

> ~ Is a reload all that is necessary after changing squid.conf? Or is a
> full restart required?

Reload is enough

Joost
Received on Mon Sep 19 2005 - 08:58:31 MDT

This archive was generated by hypermail pre-2.1.9 : Sat Oct 01 2005 - 12:00:03 MDT