How blocking works
This section explains the two different files used for black- and whitelisting:
domains and urls defined by domainlist and urllist,
respectively, in the destination section of the configuation file.
The reason for having two files is due to the way squidGuard checks the urls
submitted by squid.
You can block entire domains, subdomains, parts of urls and distinct urls. It all
depends on the way you specify them in the above mentioned files.
The easiest way is to block entire domains by entering the domain to the domains
file in the category in question. For example: You feel that is inapprorpiate for your
employees to surf to porn.com at work. So your entry in the domains
This blocks all accesses to http://porn.com, http://www.porn.com, http://foo.porn.com,
http://foo.bar.subdomain.porn.com and so on.
Sometimes blocking an entire domain is undesired. For example: You don't mind your
users reading the news, but they should not see the erotic pictures there and stay
of the games section. Lets assume the domain example.com has lots of good information
for your users, but in the pages there are erotic picture being served from erotic.example.com
and there is a online gaming section on games.example.com. You don't want to block all
of example.com but not allow access to these two subdomains. In this case the entries
in the domains file look like:
This ensure that all access to http://porn.example.com and http://games.example.com
including all possible subdomains is blocked, yet http://example.com, http://www.example.com
or http://www2.example.com is freely accessible.
Attention: If you have entries like
in your domains file only these two domains are blocked. Requests to http://my.example.com,
will not be blocked! Just adding a complete domain to the domains file will not
ensure that all access to the domain is blocked. This is only true if the domain entry
is the only entry for the domain in question in the domains file.
In order to block a single url enter this url in the urls file
in the category in question:
This block access to http://www.example.com/some/path/to/page.html,
In order to compare the given url to an entry in the urllist, squidGuard
strips port numbers and the following hostparts from the url: www, www1,
www2, ... www9, ftp, ftp1, ... ftp9,
web, web1, ... web9. The result is then matched
against the urllist entries.
Older versions of squidGuard (1.2.0 and below) are not able to evaluate the
host part of a domain for a given url.
Blocking access below a certain path
Sometimes you want to block everything located beneath a certain path
in the URL but leave anything else open for access. Lets assume that
your users shall not access documents beneath
http://www.example.com/foo/bar like http://www.example.com/foo/bar/test.html.
In this case your entry to the urls file will look like: