{"id":1852,"date":"2012-01-31T22:14:21","date_gmt":"2012-01-31T14:14:21","guid":{"rendered":"https:\/\/webhostinggeeks.com\/howto\/?p=1852"},"modified":"2023-07-04T13:00:33","modified_gmt":"2023-07-04T13:00:33","slug":"how-to-restrict-web-access-by-time-using-squid-proxy-server-on-centos-6-2","status":"publish","type":"post","link":"https:\/\/webhostinggeeks.com\/howto\/how-to-restrict-web-access-by-time-using-squid-proxy-server-on-centos-6-2\/","title":{"rendered":"How to Restrict Web Access By Time Using Squid Proxy Server on CentOS 6.2"},"content":{"rendered":"

In web server administration, controlling internet access by time is a crucial task. This can be achieved using the Squid proxy server<\/a> on CentOS 6.2.<\/p>\n

In this tutorial, we will be focusing on restricting web access by time. This is particularly useful in a corporate setting where you might want to limit internet access during certain hours. For instance, you might want to restrict access to non-work related websites during working hours to ensure productivity.<\/p>\n

Step 1: Open the squid.conf Configuration File<\/h2>\n

The first step in this process is to open the squid.conf configuration file. This can be done using the following command:<\/p>\n

\r\n[root@centos62 ~]# vi \/etc\/squid\/squid.conf\r\n<\/pre>\n
Step 2: Define Your Internal Network<\/h2>\n
Next, you need to define your internal network. In this example, we will be allowing access from the webhostinggeeks-dev4.com network, while always restricting access to the webhostinggeeks-dev4.com network outside of the specified surfing hours.<\/p>\n
\r\n# Example rule allowing access from your local networks.\r\n# Adapt to list your (internal) IP networks from where browsing\r\n# should be allowed\r\nacl webhostinggeeks-dev4.com src 192.168.1.0\/24    # Your webhostinggeeks-dev4.com internal network\r\n<\/pre>\n
Step 3: Define Surfing Hours<\/h2>\n
Now, you need to define the surfing hours. This is the time period during which you want to allow internet access. In this example, we are allowing access from Monday to Friday between 08:00 and 17:00.<\/p>\n
\r\n#Add this at the bottom of the ACL Section\r\n#\r\nacl surfing_hours time M T W H F 08:00-17:00\r\n#\r\n<\/pre>\n
Step 4: Set Access Restrictions<\/h2>\n
The next step is to set the access restrictions. In this case, we are always restricting access to the webhostinggeeks-dev4.com network, but allowing access during the specified surfing hours.<\/p>\n
\r\n# Only allow cachemgr access from webhostinggeeks-dev4.com\r\nhttp_access allow webhostinggeeks-dev4.com surfing_hours\r\nhttp_access deny webhostinggeeks-dev4.com\r\n<\/pre>\n
Step 5: Restart Squid Proxy Server<\/h2>\n
Finally, you need to restart the Squid proxy server for the changes to take effect. This can be done using the following command:<\/p>\n
\r\n[root@centos62 ~]# service squid restart\r\nStopping squid: ................                           [  OK  ]\r\nStarting squid: .                                          [  OK  ]\r\n<\/pre>\n
Squid Cache Proxy Full Configuration:<\/p>\n
\r\n#\r\n# Recommended minimum configuration:\r\n#\r\nacl manager proto cache_object\r\nacl localhost src 127.0.0.1\/32 ::1\r\nacl to_localhost dst 127.0.0.0\/8 0.0.0.0\/32 ::1\r\n\r\n# Example rule allowing access from your local networks.\r\n# Adapt to list your (internal) IP networks from where browsing\r\n# should be allowed\r\nacl localnet src 10.0.0.0\/8\t# RFC1918 possible internal network\r\nacl localnet src 172.16.0.0\/12\t# RFC1918 possible internal network\r\nacl localnet src 192.168.0.0\/16\t# RFC1918 possible internal network\r\nacl localnet src fc00::\/7       # RFC 4193 local private network range\r\nacl localnet src fe80::\/10      # RFC 4291 link-local (directly plugged) machines\r\nacl webhostinggeeks-dev4.com src 192.168.1.0\/24    # Your webhostinggeeks-dev4.com internal network\r\n\r\nacl SSL_ports port 443\r\nacl Safe_ports port 80\t\t# http\r\nacl Safe_ports port 21\t\t# ftp\r\nacl Safe_ports port 443\t\t# https\r\nacl Safe_ports port 70\t\t# gopher\r\nacl Safe_ports port 210\t\t# wais\r\nacl Safe_ports port 1025-65535\t# unregistered ports\r\nacl Safe_ports port 280\t\t# http-mgmt\r\nacl Safe_ports port 488\t\t# gss-http\r\nacl Safe_ports port 591\t\t# filemaker\r\nacl Safe_ports port 777\t\t# multiling http\r\nacl CONNECT method CONNECT\r\n\r\n#Add this at the bottom of the ACL Section\r\n#\r\nacl surfing_hours time M T W H F 08:00-17:00\r\n#\r\n# Recommended minimum Access Permission configuration:\r\n#\r\n# Only allow cachemgr access from localhost\r\nhttp_access allow manager localhost\r\nhttp_access deny manager\r\n\r\n# Only allow cachemgr access from webhostinggeeks-dev4.com\r\nhttp_access allow webhostinggeeks-dev4.com surfing_hours\r\nhttp_access deny webhostinggeeks-dev4.com\r\n\r\n# Deny requests to certain unsafe ports\r\nhttp_access deny !Safe_ports\r\n\r\n# Deny CONNECT to other than secure SSL ports\r\nhttp_access deny CONNECT !SSL_ports\r\n\r\n# We strongly recommend the following be uncommented to protect innocent\r\n# web applications running on the proxy server who think the only\r\n# one who can access services on \"localhost\" is a local user\r\n#http_access deny to_localhost\r\n\r\n#\r\n# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS\r\n#\r\n\r\n# Example rule allowing access from your local networks.\r\n# Adapt localnet in the ACL section to list your (internal) IP networks\r\n# from where browsing should be allowed\r\n#http_access allow localnet\r\nhttp_access allow localhost\r\nhttp_access allow webhostinggeeks-dev4.com\r\n\r\n# And finally deny all other access to this proxy\r\nhttp_access deny all\r\n\r\n# Squid normally listens to port 3128\r\nhttp_port 3128\r\n\r\n# We recommend you to use at least the following line.\r\nhierarchy_stoplist cgi-bin ?\r\n\r\n# Uncomment and adjust the following to add a disk cache directory.\r\n#cache_dir ufs \/var\/spool\/squid 100 16 256\r\n\r\n# Leave coredumps in the first cache dir\r\ncoredump_dir \/var\/spool\/squid\r\n\r\n# Add any of your own refresh_pattern entries above these.\r\nrefresh_pattern ^ftp:\t\t1440\t20%\t10080\r\nrefresh_pattern ^gopher:\t1440\t0%\t1440\r\nrefresh_pattern -i (\/cgi-bin\/|\\?) 0\t0%\t0\r\nrefresh_pattern .\t\t0\t20%\t4320\r\n<\/pre>\n
Commands Mentioned<\/h2>\n