Friday, October 23, 2009

Linux Securirty Notes 14: Squid notes 4: ACLs 2

Squid ACL-2

ACL restriction using regular expressions.
    Squid has the capability to parse the URL and based on the content it can grant or deny the access.

Scenario:
    We should deny all the request which has the keyword "sex" in URL
To obtain the result define url_regex ACL. this allow to write rules, which allows to grant or deny access based on the content of the URL.

syntax:
acl bad_key_word    url_regex -i sex
http_access deny bad_keyword


No we will configure squid with the url_regex ACL to deny sites having the key work "sex"
# vim squid.conf
-----
acl    bad_key_word    url_regex    -i    sex
#or
#acl    bad_key_word    url_regex    -i    "/etc/squid/bad_keywords"
http_access    bad_key_word    deny
-----
# reload squid

    This will deny all the requests which has the key word "sex" in URL. We can even define the keywords by multiple ACLs or to a file. It is important to retain the "-i" in acl which used to parse the URL in case insensitive manner.

Deny access to files with a certain suffix.
Eg:- Denying the download of mp3, exe, mpeg files

# vim squid.conf
-----
acl bad_suffixes    url_regex    .*\.exe$ #(.*(any number of strings upto this point) \ (escape the character".") $ (should terminate with exe in URL))
http_access deny bad_suffixes
-----
# reload squid


Defining the denied files suffixes to a file
# vim bad_suffixe_files
----------
.*\.exe$
.*\.bat$
.*\.mp3$
.*\.mpeg$
----------
# vim squid.conf
-----
acl bad_suffixes    url_regex    "/etc/squid/bad_suffixe_files"
http_access deny bad_suffixes
-----
# reload squid

    This will deny the download of all files having the suffixes defined int he file /etc/squid/bad_suffixe_files

More information about the meta-characters in the perl
# man perlre
    This perl reqular expression is used by squid to match the pattern. So brows through the man page to find more regular expressions.

Deny Access to certain Top Level Domains (TLDs) like .cn,.pk,.jp etc
# vim squid.conf
-----------
acl    bad_tlds    dstdom_regex    \.pk$
# or
# acl    bad_tlds    dstdom_regex    "/etc/squid/bad_tlds.txt"
http_Access    deny bad_tlds
-----------
# vim /etc/squid/bad_tlds.txt
----------
\.pk$
\.ru$
\.cn$
----------
# reload squid

    This will block the access to the TLD .pk (so a request to www.songs.pk will be denied), or as mentioned in the file So this can be used to deny any top level domains like .net,.com .gov etc

Denying the access based on the URL path
# vim squid.conf
-----
acl sex_url    urlpath_regex    http://www.youporn.com
#or
#acl sex_url    urlpath_regex "/etc/squid/sex_url.txt"
http_access deny sex_url
-----
# vim /etc/squid/sex_url.txt
--------
http://www.youporn.com
http://www.sex.com
http://www.redtube.com
--------
# reload squid

        This will deny the outbound access to all the URL defined either in the file or in the squid.conf file

Note:-
    To get the database of the blacklist which can be useful for blocking the unwanted URLs vist http://www.squidguard.org/blacklists.html\
    Or to use squidguard visit http://www.squidguard.org/
    More detailed descriptions and configuration examples for squid can be found at http://wiki.squid-cache.org/ConfigExamples

No comments:

Post a Comment

tag ur valuable ideas below