15.4. Configuring a Domain Blacklist in Squid

Frequently, administrators want to block access to specific domains. This section describes how to configure a domain blacklist in Squid.

Prerequisites

  • Squid is configured, and users can use the proxy.

Procedure

  1. Edit the /etc/squid/squid.conf file and add the following settings:
    acl domain_blacklist dstdomain "/etc/squid/domain_blacklist.txt"
    http_access deny all domain_blacklist

    Important

    Add these entries before the first http_access allow statement that allows access to users or clients.
  2. Create the /etc/squid/domain_blacklist.txt file and add the domains you want to block. For example, to block access to example.com including subdomains and to block example.net, add:
    .example.com
    example.net

    Important

    If you referred to the /etc/squid/domain_blacklist.txt file in the squid configuration, this file must not be empty. If the file is empty, Squid fails to start.
  3. Restart the squid service:
    # systemctl restart squid