Steelmon's tech stuff

Setting up a strict whitelist proxy server using Squid

Posted in Howto, Linux, Proxy, Security by steelmon on November 22, 2009

Squid is an open source proxy server that comes pre installed with many linux distributions. The software can be used for a lot of neat stuff, but I came across a situation where I wanted to be able to lock down access to the whole web except for a few approved sites – kind of an information kiosk scenario.

Assumptions

I am using Ubuntu Server 9.04, which comes with Squid installed already. Apparently it is not automatically installed with Ubuntu Desktop, but it is available in the repositories and as such can be installed quite easily by:

sudo apt-get install squid

Configuration

Once you’re set with a standard installation, edit /etc/squid/squid.conf and locate the line starting with INSERT YOUR OWN... Now, add the following lines:

acl whitelist dstdomain "/etc/squid/whitelist.txt"
http_access allow whitelist

You may want to comment out the line http_access allow localhost if you want the same rules to apply for localhost as well.

You can now edit /etc/squid/whitelist.txt and add domains using the following pattern:

  • example.com will add that domain
  • .example.com will add example.com and all subdomains.

It seems possible to be a lot more sophisticated with regular expressions and stuff, but this was good enough for me.

Reload the squid configuration:

/etc/init.d/squid/reload

Error pages are located in /usr/share/squid/errors and can be customized.

Finally, you’ll need to configure your browser to use the proxy server. If you are running Firefox, follow these steps:

  • From the Firefox menu, Choose Edit > Preferences. Click “Advanced” and then “Network”
  • Click “Settings” and select the “Manual Proxy Configuration” radio button.
  • In the “HTTP Proxy” field enter the name or IP address of the machine running your proxy.
  • In the “Port” field enter the value 3128 and check “Use this proxy server for all protocols”.

Your should now be able to visit only the sites registered in the whitelist.

References

2 comments

2 Responses

Subscribe to comments with RSS.

    • Nitish Kumar said, on December 4, 2009 at 11:44

      These links might be helpful while configuring Squid.

      Your wordpress theme is a clean one, I also thought to use the same, but it has not much widget options.

      Anyway, enjoy blogging

      Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.