This is a configuration that I have used to restrict access to web sites via squid. It seems to work well for a small number of users.
From /etc/squid/squid.conf
…
acl Home proxy_auth REQUIRED
acl all src 0/0
acl block url_regex -i “/etc/squid/blockedsites.acl”
http_access deny block
acl allowsites url_regex -i “/etc/squid/allowedsites.acl”
http_access allow Home allowsites
http_access deny all
…
In /etc/squid/blockedsites.acl, I listed strings that when contained in a url will not be permitted. In /etc/squid/allowedsites.acl, I listed domain name strings that are allowed. For example, “.mozilla.org”. Then, if I want to allow to all sites except those listed in the blockedsites.acl, I just add “.”. to the allowedsites.acl.
Sample /etc/squid/blockedsites.acl:
…
myspace.com
youtube.com
…
Sample /etc/squid/allowedsites.acl:
…
.
…
This will allow users to go to all sites but myspace and youtube.
However, in this sample /etc/squid/allowedsites.acl:
…
.google.com
…
Users will only be allowed to go to google.com.