This is a configuration that I have used to restrict access to web sites via squid. It seems to work well for a small number of users.

From /etc/squid/squid.conf

acl Home proxy_auth REQUIRED
acl all src 0/0
acl block url_regex -i “/etc/squid/blockedsites.acl”
http_access deny block
acl allowsites url_regex -i “/etc/squid/allowedsites.acl”
http_access allow Home allowsites
http_access deny all

In /etc/squid/blockedsites.acl, I listed strings that when contained in a url will not be permitted. In /etc/squid/allowedsites.acl, I listed domain name strings that are allowed. For example, “.mozilla.org”. Then, if I want to allow to all sites except those listed in the blockedsites.acl, I just add “.”. to the allowedsites.acl.

Sample /etc/squid/blockedsites.acl:


myspace.com
youtube.com

Sample /etc/squid/allowedsites.acl:


.

This will allow users to go to all sites but myspace and youtube.

However, in this sample /etc/squid/allowedsites.acl:


.google.com

Users will only be allowed to go to google.com.