How to Restrict Web Access By Time Using Squid Proxy Server on CentOS 6.2

In web server administration, controlling internet access by time is a crucial task. This can be achieved using the Squid proxy server on CentOS 6.2.

In this tutorial, we will be focusing on restricting web access by time. This is particularly useful in a corporate setting where you might want to limit internet access during certain hours. For instance, you might want to restrict access to non-work related websites during working hours to ensure productivity.

Step 1: Open the squid.conf Configuration File

The first step in this process is to open the squid.conf configuration file. This can be done using the following command:

[root@centos62 ~]# vi /etc/squid/squid.conf

Step 2: Define Your Internal Network

Next, you need to define your internal network. In this example, we will be allowing access from the webhostinggeeks-dev4.com network, while always restricting access to the webhostinggeeks-dev4.com network outside of the specified surfing hours.

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl webhostinggeeks-dev4.com src 192.168.1.0/24    # Your webhostinggeeks-dev4.com internal network

Step 3: Define Surfing Hours

Now, you need to define the surfing hours. This is the time period during which you want to allow internet access. In this example, we are allowing access from Monday to Friday between 08:00 and 17:00.

#Add this at the bottom of the ACL Section
#
acl surfing_hours time M T W H F 08:00-17:00
#

Step 4: Set Access Restrictions

The next step is to set the access restrictions. In this case, we are always restricting access to the webhostinggeeks-dev4.com network, but allowing access during the specified surfing hours.

# Only allow cachemgr access from webhostinggeeks-dev4.com
http_access allow webhostinggeeks-dev4.com surfing_hours
http_access deny webhostinggeeks-dev4.com

Step 5: Restart Squid Proxy Server

Finally, you need to restart the Squid proxy server for the changes to take effect. This can be done using the following command:

[root@centos62 ~]# service squid restart
Stopping squid: ................                           [  OK  ]
Starting squid: .                                          [  OK  ]

Squid Cache Proxy Full Configuration:

#
# Recommended minimum configuration:
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32 ::1
acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1

# Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8	# RFC1918 possible internal network
acl localnet src 172.16.0.0/12	# RFC1918 possible internal network
acl localnet src 192.168.0.0/16	# RFC1918 possible internal network
acl localnet src fc00::/7       # RFC 4193 local private network range
acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
acl webhostinggeeks-dev4.com src 192.168.1.0/24    # Your webhostinggeeks-dev4.com internal network

acl SSL_ports port 443
acl Safe_ports port 80		# http
acl Safe_ports port 21		# ftp
acl Safe_ports port 443		# https
acl Safe_ports port 70		# gopher
acl Safe_ports port 210		# wais
acl Safe_ports port 1025-65535	# unregistered ports
acl Safe_ports port 280		# http-mgmt
acl Safe_ports port 488		# gss-http
acl Safe_ports port 591		# filemaker
acl Safe_ports port 777		# multiling http
acl CONNECT method CONNECT

#Add this at the bottom of the ACL Section
#
acl surfing_hours time M T W H F 08:00-17:00
#
# Recommended minimum Access Permission configuration:
#
# Only allow cachemgr access from localhost
http_access allow manager localhost
http_access deny manager

# Only allow cachemgr access from webhostinggeeks-dev4.com
http_access allow webhostinggeeks-dev4.com surfing_hours
http_access deny webhostinggeeks-dev4.com

# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# We strongly recommend the following be uncommented to protect innocent
# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost

#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Example rule allowing access from your local networks.
# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
#http_access allow localnet
http_access allow localhost
http_access allow webhostinggeeks-dev4.com

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?

# Uncomment and adjust the following to add a disk cache directory.
#cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

# Add any of your own refresh_pattern entries above these.
refresh_pattern ^ftp:		1440	20%	10080
refresh_pattern ^gopher:	1440	0%	1440
refresh_pattern -i (/cgi-bin/|\?) 0	0%	0
refresh_pattern .		0	20%	4320

Commands Mentioned

  • vi /etc/squid/squid.conf – Opens the squid.conf configuration file
  • service squid restart – Restarts the Squid proxy server
See also  How to Setup Squid Proxy Server for IoT Devices

Conclusion

Controlling internet access by time using the Squid proxy on CentOS 6.2 is a powerful tool for web server administrators. It allows you to maintain productivity in a corporate setting by restricting access to non-work related websites during working hours.

This tutorial has provided a step-by-step guide on how to set up this feature. Remember, the key to successfully implementing this is to have a properly configured Squid proxy server. If you haven’t set it up yet, you can follow this guide on how to install and configure Squid Proxy Server on CentOS 6.2.

See also  How to Install Apache Httpd Server on RHEL 6

By following these steps, you can ensure a more controlled and productive internet usage environment in your organization. As always, if you have any questions or run into any issues, don’t hesitate to reach out for help. Happy surfing!

FAQ Section

  1. What is the purpose of the Squid Proxy?

    TSquid Proxy server is a widely-used caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages.

  2. What is the significance of the ‘acl’ command in Squid?

    ‘acl’ stands for Access Control List. It is used in Squid to define and control user access to the internet. It can be used to restrict access based on several factors like IP address, time, and more.

  3. What does the ‘http_access’ command do in Squid?

    ‘http_access’ is a command in Squid that either allows or denies HTTP requests based on the specified criteria. It works in conjunction with ‘acl’ to control user access to the internet.

  4. How can I check if my Squid Proxy server is running correctly?

    You can check the status of your Squid Proxy server by using the command ‘service squid status’. If the server is running correctly, it will display ‘squid is running’.

  5. Can I set different surfing hours for different days in Squid?

    Yes, you can set different surfing hours for different days in Squid. You just need to define the ‘acl’ for each time period separately. For example, ‘acl surfing_hours1 time M T W H F 08:00-12:00’ and ‘acl surfing_hours2 time M T W H F 13:00-17:00’.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *