In this article, we will discuss how to restrict web access by time using Squid proxy server, so keep reading to find out more.
Squid software is one of the most widely used proxy servers that can be used for regular network traffic. Using Squid, you can define rules to allow network traffic based on specific criteria, along with caching contents for faster access, and blocking websites. It is used by internet service providers (ISPs) to improve their internet speed.
This article will specifically discuss how we can restrict web access based on time. There may be several reasons, like when you’re restricting children’s computer usage or if you’re running an internet café and you want to limit user access for a specific time.
We will start with a brief discussion of the Squid proxy server, its installation, and then the steps to restrict access based on time.
What is a Squid proxy server?
It is a proxy application that resides between the client and the internet. All web requests pass through this proxy server. With Squid, the proxy server can filter, cache, and block requests based on specific rules. It can also monitor network traffic and access regions of the network. Additionally:
- It can provide access control to restrict the type of content viewed over the network.
- It allows you to do anonymous surfing of websites.
- It scans the outbound content.
- It can be used to speed up internet browsing.
- It can be used to share or restrict internet connection to specific users.
How to Install Squid proxy server
We will now discuss the installation instructions for the Squid proxy server. Follow the following steps for installation.
Squid is available in Ubuntu’s repository. So, it can be easily installed by typing this command on your Terminal:
$apt-get install squid -y
Enabling Squid to start on system boot
After some time, the installation will be completed. By then, you can enable Squid to start as a service on system boot using this command:
$systemctl start squid
$systemctl enable squid
Verify the status of Squid
Now to verify Squid’s status, input the following command:
$systemctl status squid
Once verified, you should see the details of Squid’s proxy server. Now, check the version of Squid via this command:
You should then see an output similar to the one shown below:
Squid Cache: Version 4.10
Service Name: squid
Now, verify the port of Squid using this command:
$ss -antpl | grep squid
Squid’s proxy server should now run on port 3128.
Configure user-based authentication for Squid
This section will discuss the steps for the user-based authentication of Squid. This will enable Squid to accept the connection and serve as hypertext transfer protocol (HTTP) proxy.
As the first step, install the
apache2-utils package using the following command:
$apt-get install apache2-utils -y
To let the Squid store the user ID and password, create a file using the
touch command as follows:
Now, create a user for Squid with this:
$htpasswd /etc/squid/htpasswd khan1
Set the password for the new user khan1 as shown below:
Re-type new password:
Adding password for user khan1
Now, create one more user, khan2, like this:
$htpasswd /etc/squid/htpasswd khan2
Set the password for the user. You can then verify the password for both users (i.e., khan1 and khan2) as follows:
Edit the configuration file to define user authentication
Now, open the configuration file to determine the user authentication. Using your favorite editor, open the file as follows:
Now, add the following lines to the file at the beginning:
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid/htpasswd
acl ncsa_users proxy_auth REQUIRED
http_access allow ncsa_users
Save and close the file.
Restart Squid’s proxy server
Restart the Squid proxy server as follows:
$systemctl restart squid
Restrict websites domain using Squid proxy
We will now discuss how we can block specific websites using Squid proxy. Open the squid.conf file using your favorite editor as follows:
Add the following lines to the file:
acl block dstdomain "https://net.cloudinfrastructureservices.co.uk/etc/squid/website_block.txt"
http_access deny block
Save and close the file.
After that, create the website_block.txt file using the touch command as follows:
Now, open the file and add the domains you want to block. Save and close the file.
Restart the Squid proxy server using the following command:
systemctl restart squid
How to Restrict Web Access by Time Using Squid Proxy Server
Now, we will discuss how we can restrict website access based on time. Open the squid.conf file in your favorite editor. Now create an access control list (ACL). Add the following lines at the bottom of the conf file:
acl home_network src 192.168.1.0/24
acl kids_hours time M T W H F 15:00-19:00
Here, we have defined the source of the connection first, i.e., home network, and then the time allowed (for instance, by kids) to access the websites from 3 pm – 7 pm.
Now, add the following lines to the conf file:
http_access allow home_network kids_hours
You can even allow access for more time during the weekend by creating an ACL for weekend hours. To further customize, you can completely restrict the entry for a specific machine by adding the following lines in the conf file:
acl RestrictedHost src 192.168.1.10
http_access deny RestrictedHost
Now restart the Squid proxy server via the following command:
This article discusses the Squid proxy server, its installation, and steps for restricting access based on web domains or time. There are other advanced features in the Squid proxy server, such as limiting access based on web content. For more details, the reader can consult the manual for Squid.
If this guide helped you, please share it.