I don't have a tutorial for it and there are ways to filter based on words but I don't use that type of filter. I just create my own access rules. My kids are limited to only being able to access sites that I have on the list of acceptable sites. I also have a list of sites that are banned no matter who you are (microsoft.com, msn.com, etc). I keep the banned sites or allowed sites in separate text files. Then I have a couple of rules that point to those files in my squid.conf:
squid.conf exerpt:
Code: Select all
acl bannedsites dstdomain "/etc/squid/acl/banned.sites"
acl unrestricted_users proxy_auth "/etc/squid/acl/unrestricted.grp"
acl kidsgrp proxy_auth "/etc/squid/acl/kids.grp"
acl kidsites dstdomain "/etc/squid/acl/kids.sites"
acl kidips dst "/etc/squid/acl/kids.ips"
http_access allow manager
http_access allow SSL_ports
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny badips
http_access allow unrestricted_users !bannedsites
http_access allow kidsgrp kidsites !bannedsites
http_access allow kidsgrp kidips !bannedsites
http_access allow localhost
http_access deny all
As you can see I created a directory /etc/squid/acl that contain my site and user files that I use in my access rules.
The "banned.sites" file excerpt:
Code: Select all
.doubleclick.net
.hitbox.com
.microsoft.com
.msn.com
.penthousemag.com
.unixsux.com
3ps.go.com
homepage.mac.com
The "unrestricted.grp" (auth usernames) excerpt:
The "kids.grp" (auth usernames) excerpt:
The "kids.sites" excerpt:
Code: Select all
.foxnews.com
.supercross.com
games.yahoo.com
sports.yahoo.com
The "kids.ips" excerpt:
Code: Select all
10.0.0.0/255.0.0.0
192.168.0.0/255.255.0.0
Of course you need to have a proxy authentication method set up in order to use this. You could set up an htaccess type of authentication using ncsa_auth or if you are running a Samba domain you can use smb_auth. Find the "authentication_program" section in your squid.conf. You should find several auth programs in /usr/lib/squid, just pick the one you want to use and you'll have to read a few docs on how to use it.
I also have written a CGI program to be able to easily add/remove users to the kids or unrestricted groups and add/remove sites from the banned and kids site files. I just go to
http://proxy.voidmain.home/ and enter my password and it runs my CGI program. It automatically does a "service squid reload" after a file is modified. Of course there is nothing wrong with using "vi" on these files directly and reloading squid.
Hope that is roughly what you were asking about...