Tuesday, August 9, 2011

Squid content filtering: Block / download of music MP3, mpg, mpeg, exec files


Squid content filtering: Block / download of music MP3, mpg, mpeg, exec files

Q. For security and to save bandwidth I would like to configure Squid proxy server such way that I do not want my users to download all of the following files:
MP3
MPEG
MPG
AVG
AVI
EXE
How do I configure squid content filtering?
A. You can use squid ACL (access control list) to block all these files easily.

How do I block music files using squid content filtering ACL?

First open squid.conf file /etc/squid/squid.conf:
# vi /etc/squid/squid.conf
Now add following lines to your squid ACL section:
acl blockfiles urlpath_regex "/etc/squid/blocks.files.acl"
You want display custom error message when a file is blocked:
# Deny all blocked extension
deny_info ERR_BLOCKED_FILES blockfiles
http_access deny blockfiles
Save and close the file.
Create custom error message HTML file called ERR_BLOCKED_FILES in /etc/squid/error/ directory or /usr/share/squid/errors/English directory.
# vi ERR_BLOCKED_FILES
Append following content:
<HTML>
<HEAD>
<TITLE>ERROR: Blocked file content</TITLE>
</HEAD>
<BODY>
<H1>File is blocked due to new IT policy</H1>
<p>Please contact helpdesk for more information:</p>
Phone: 555-12435 (ext 44)<br>
Email: helpdesk@yourcorp.com<br>
Caution: Do not include HTML close tags </HTML> </BODY> as it will be closed by squid.
Now create /etc/squid/blocks.files.acl file:
# vi /etc/squid/blocks.files.acl
Append following text:
\.[Ee][Xx][Ee]$
\.[Aa][Vv][Ii]$
\.[Mm][Pp][Gg]$
\.[Mm][Pp][Ee][Gg]$
\.[Mm][Pp]3$
Save and close the file. Restart Squid:
# /etc/init.d/squid restart
Squid in action:

Sunday, August 7, 2011

Block Torrent Files on Squid Proxies


Block Torrent Files on Squid Proxies


squid-img"BitTorrent is a peer-to-peer file sharing protocol used for distributing large amounts of data. BitTorrent is one of the most common protocols for transferring large files, and it has been estimated that it accounts for approximately 27-55% of all Internet traffic (depending on geographical location) as of February 2009(see Wikipedia.org).

1. BitTorrent and Downloads

BitTorrent is a decentralized network to provide files of any size to other internet users. You may use BitTorrent as a powerful successor of FTP servers with the additional features (highly available download resources and contents are findable via search engines). E.g. the major Linux distributions are available via the BitTorrent network.
Beside these and other nice features there is a dark side that may be considered then providing internet access to employees or customers. A number of users are using the BitTorrent network to distribute contents for free by breaking national and international law. This is a problem that is not dedicated to BitTorrent but if you decide to restrict internet access for your users and you are running a Squid proxy server you may build up a basic barrier to prevent the download of torrent files containing meta data required for finding resources in the BitTorrent network.

2. Configure your Squid Proxy

To prevent your users to download torrent files, you have to add the following lines to your squid configuration file. The new rules will prevent users from downloading contents specified in a separate file called/etc/squid/extensiondeny.


acl extensiondeny url_regex -i "/etc/squid/extensiondeny"
acl download method GET
http_access deny extensiondeny download
http_access deny extensiondeny

The file  /etc/squid/extensiondeny will contain regular expressions. If one of these expressions matches the download request squid will veto and will not provide the requested contents. Example of a basic configuration entry.


\.torrent$
This regular expression will match file names with the extension '.torrent'.