How to use squid to block download of certain file types ?

Squid Proxy by default enabled content filtering and download restriction using native ACL types by adding ACL in squid.conf configuration file. The content filtering and download restriction can be achieved.

Squid is freely available within OS packages bundle, alternatively you can install using yum repository which covered in steps involved to configure ACL.

Following steps shall guide you ” how to configure squid to file download restriction”

Step : 1 Install squid using yum repository as explained in below command, if already installed you can skip this step.

#yum install squid

Step : 2 Go to insert you own rules section in squid.conf configuration file and add line indicated below.

#vi /etc/squid/squid.conf

#Below lines used to block file type using extension, we used separate ACL file to define file types in order to block them

acl blockfiles urlpath_regex “/etc/squid/block.files.acl”

htpp_access deny blockfiles

http_access allow mylan

http_access deny blockfiles

http_access allow my lan

Save and exit (:wq!)

Step : 3  Add fallowing entries by creating a file in /etc/squid/ , use the file name as specified in squid.conf

#vi /etc/squid/block.files.acl


Save and exit(:wq!)

Note : 

[Ee][Xx][Ee]$ :- “.exe or .EXE file extension”
[Aa][Vv][Ii}$ :- “.avi or .AVI file extension”
[Zz][Ii][Pp]$ :- “.zip or .ZIP file extension”
[Tt][Aa][Rr]$ :- “.tar or .TAR file extension”
\. is used for file extension part .

Step : 4 Restart or reload squid configuration file or service.

#service squid restart

“This will do restart which will perform  stop than starts. The  impact, connect users will be disconnected.”


#squid -k reconfigure

“This will reload configuration files, doesn’t stop or restart. This has no impact on connected users.”

Finally you can check by downloading a file .zip or .exe file from internet browser from any of the client machine reachable to proxy server.

Result : Immediately it should through an error.

Thank You.