Use squid to control the Internet access. Modify the squid configuration file/etc/squid. conf and add the custom ACL after the default ACL rule.
1 # forbidden file type 2 ACL denyfiles urlpath_regex-I \. MP3 $ \. avi $ \. zip $ \. RAR $ \. EXE $ \. ISO $3 # list of prohibited websites 4 ACL denysites url_regex-I "/etc/squid/denysites"
List of prohibited websites
[[email protected] squid]#cat denysitesweb2.qq.com
Add http_access corresponding to ACL in the/etc/squid. conf file and add it in "# insert your own rule (s) here to allow access from your clients. If no prompt is displayed, add the IP address before "allow access to the IP address.
http_access allow testhttp_access deny denyfileshttp_access deny denysiteshttp_access allow localnet
NOTE: If both test and localnet are the IP addresses of the local hosts that are allowed to be accessed, the IP addresses in localnet cannot access the websites in "denyfiles and denysites", and the IP addresses in "test" can be accessed normally.
Pay attention to the order of their http_access. Because access denied control is not implemented before test, and access denied control has been implemented before localnet, the IP addresses in test are not restricted by "denyfiles and denysites, the IP address in localnet is restricted and cannot access websites in "denyfiles and denysites.