The file download restriction using squid proxy ACL.

How to restrict file download using squid ?

Squid, file download restriction : Squid acl configuration to restrict file download like .exe, .mp3,& .avi.

With our guide we are going to show how easy to restrict file download using squid acl.

We assume that you have installed squid already, otherwise you can install squid package.

#yum install squid

With our guide we are going to cover :

1. Define an ACL to block file download
2. Activate the ACL.
3. Editing squid.conf

1. Define the ACL.


acl aclname acltype “acl file name with location”

Note :
acl: access control list

acl blocked_files urlpath_regex /etc/squid/acls/blocked_files.txt”

2.Activation of ACL

The activation of acl should be on top of allow because deny over rights allow.

http_access deny aclname
http_access allow aclname

Example :
http_access deny blocked_files
#defined the acl for localnet (acl localnet src, this is how you can activate it.
http_access allow localnet
http_access allow localhost
http_access allow all

3. Editing squid.conf

Let’s take you to sample acl to block, and

#vi /etc/squid/squid.conf

**go to the line localnet section and define the acl based on LAN *

acl localnet src # RFC1918 possible internal network

** down the line of localnet , define the acl to block file download the acl type :urlpath_regex************

acl blocked_files urlpath_regex "/etc/squid/acls/blocked_files.txt"

**go to the line http_access allow localnet add below acl activation entry top of this line************

http_access deny blocked_files

Save & Exit!

Create a file to specify the URL’s denied in our previous step.

Create a folder “acls” under the /etc/squid/. You can create it in your desired location within the file system. In our guide we are using the location “/etc/squid/acls” and the file name to block file downloads “blocked_files.txt”

Create the folder under the /etc/squid/. If it already exists then skip this section.

#mkdir /etc/squid/acls

Create a file to add the files extensions to be denied. Specify each in a separate line.

#vi /etc/squid/acls/blocked_files.txt

\.[Ee][Xx][Ee]$ #.exe or .EXE
\.[Aa][Vv][Ii]$ # .avi or .AVI
\.[Mm][Pp]3$ # .mp3 or .MP3

Save & Exit!

Reload squid configuration file changes to take effect.

#service squid reload


Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 2 =