SquidGuard

HOME Downloads Documentation Development Blacklists Contributions Contact


  How blocking works


This section explains the two different files used for black- and whitelisting: domains and urls defined by domainlist and urllist, respectively, in the destination section of the configuation file.

The reason for having two files is due to the way squidGuard checks the urls submitted by squid.
You can block entire domains, subdomains, parts of urls and distinct urls. It all depends on the way you specify them in the above mentioned files.


Blocking domains

The easiest way is to block entire domains by entering the domain to the domains file in the category in question. For example: You feel that is inapprorpiate for your employees to surf to porn.com at work. So your entry in the domains looks like:

porn.com

This blocks all accesses to http://porn.com, http://www.porn.com, http://foo.porn.com, http://foo.bar.subdomain.porn.com and so on.


Blocking subdomains

Sometimes blocking an entire domain is undesired. For example: You don't mind your users reading the news, but they should not see the erotic pictures there and stay of the games section. Lets assume the domain example.com has lots of good information for your users, but in the pages there are erotic picture being served from erotic.example.com and there is a online gaming section on games.example.com. You don't want to block all of example.com but not allow access to these two subdomains. In this case the entries in the domains file look like:

porn.example.com
games.example.com


This ensure that all access to http://porn.example.com and http://games.example.com including all possible subdomains is blocked, yet http://example.com, http://www.example.com or http://www2.example.com is freely accessible.
Attention: If you have entries like

example.com
pic.example.com


in your domains file only these two domains are blocked. Requests to http://my.example.com, http://porn.example.com, http://foo.bar.somedomain.example.com will not be blocked! Just adding a complete domain to the domains file will not ensure that all access to the domain is blocked. This is only true if the domain entry is the only entry for the domain in question in the domains file.


Blocking urls

In order to block a single url enter this url in the urls file in the category in question:

example.com/some/path/to/page.html


This block access to http://www.example.com/some/path/to/page.html, http://example.com/some/path/to/page.html, http://ftp.example.com/some/path/to/page.html.
In order to compare the given url to an entry in the urllist, squidGuard strips port numbers and the following hostparts from the url: www, www1, www2, ... www9, ftp, ftp1, ... ftp9, web, web1, ... web9. The result is then matched against the urllist entries.

Annotation:
Older versions of squidGuard (1.2.0 and below) are not able to evaluate the host part of a domain for a given url.


Blocking access below a certain path

Sometimes you want to block everything located beneath a certain path in the URL but leave anything else open for access. Lets assume that your users shall not access documents beneath http://www.example.com/foo/bar like http://www.example.com/foo/bar/test.html. In this case your entry to the urls file will look like:

example.com/foo/bar/






Documentation
Installation
Configuration
 Getting started
 Destination ACLs
 Source ACLs
 Redirect Rule
 Time Constraints
 Authentication
 Regular Expressions
 Examples

Runtime Options
About blocking
Troubleshooting
Known Issues
Other Sources



  © Powered by Shalla Secure Services KG 2007-2012