Using Squid to filter Internet access
ACLs – Time Based
Restricting access by time is an especially useful feature of Squid for kids. Virtually every computing device now has WiFi, and I suspect at some point WiFi-capable devices will become cheap enough to give away in cereal packets. Given this trend, it seems clear that I won't be catching my kids hiding under their blankets reading a book with a flashlight; instead, they'll be surfing the web or playing online games.
To restrict web access on weekdays and leave it more open on weekends, you can use rules such as:
acl basic time MTWHF 18:00-20:00 acl basic time SA 9:00-20:00
These lines would set an ACL that allows traffic Monday through Friday from 6pm until 8pm, and on Saturday and Sunday from 9am until 8pm.
ACLs – URL Based
Squid really shines in the variety of ways it allows you to filter. For example, you can filter access based on source and destination IP, on the domain of the client, the destination domain of the request, regular expression versions of these domains, the URL, the URL excluding the protocol and hostname, and the HTTP method (GET, PUT, POST), just to name a few. One way to make all this more manageable is to use include files:
acl good_domains dstdomain "/etc/squid/good_domains.acl"
The named file would then contain entries such as
and so on. Basically, for any ACL type, you can use an external file. I strongly recommend doing so, because it makes things much more manageable.
Restricting by File Type and Mime Type
Some things never get old, and apparently serving malware in the form of hostile executables or files such as PDFs is still a popular and effective way to attack users. You can block files based on the
urlpath_regex, usually by blocking the file extension. However, some operating systems and applications will still load content, even if the file extensions are "wrong," so you should also block by mime type, just to be on the safe side. To block Flash videos, for example, you can do:
acl flashvideo rep_mime_type video/flv video/x-flv acl flashvideo urlpath_regex \.flv(\?.*)?$
Using Squid ACLs does have some down sides, however. For one thing, you'll need to maintain files manually and reload Squid every time you update them. To deal with this, you can use the ICAP protocol.
Buy this article as PDF
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.