HOME Downloads Documentation Development Blacklists Contributions Contact

  Extended Configuration of SquidGuard

There are several more options to configure SquidGuard according to your needs.

Not allowing IP adresses Times
Rules based on source IP adresses Logging blocked access tries
Regular Expressions Authentication

  • Not allowing IP adresses

    To make sure that people don't bypass the URL filter by simply using the IP addresses instead of the fully qualified domain names, you can add the   !in-addr   following to your acl:

    Disallowing access to IP addresses
     acl {
            default {
                    pass !in-addr all
                    redirect http://localhost/block.html

  • Blocking based on times

    There are two ways to define times and dates where access to websites are allowed or disallowed. The  weekly  directive is used for reoccuring access time, f.e. allowing web access to blocked sites after work.
    Using the  date  directive you can additionally define special days where access may be granted. Wildcards can be used.

    Defining access times
    time afterwork {
      weekly   * 17:00-24:00            # After work
      weekly   fridays 16:00-17:00      # On friday we close earlier
      date   *.01.01                    # New Year's Day
      date   *.12.24 12:00-24:00        # Christmas Eve
      date   2006.04.14-2006.04.17      # Easter 2006
      date   2006.05.01                 # Maifeiertag

    To apply the defined times you can use the qualifiers  within  and  outside , respectively. Now your acl looks like that:

    acl {
            all within afterwork {
                    pass all
            else {
                    pass    !adv !porn !warez all
            default {
                    pass    none
                    redirect http://localhost/block.html

    This means that for everyone free access to web sites is possible during the times defines in afterwork. Outsite these times people cannot access whatever is defined in adv, porn and warez.

  • Rules based on source IP adresses

    If you have policies in place granting some people access to more sites than others you have different options how to implement this policy. One way is to define source IP acls. This can only work if your user groups are well separated within your network.
    Assuming that this is the case you can now define the source IP ranges in your squidGuard.conf the following way:

    Defining source IP addresses
    src admins {

    You can secify IP addresses directly as well as defining IP ranges using a from-to notation, defining the netmask or use the netmask prefix abbreviation.
    Annotation: If you have many network definitions for a user group you can put that info into a separate file and just tell your squidGuard.conf about the location of the file. In this case you write in your squidGuard.conf:

    src admins {
            iplist      adminlist

    SquidGuard will look for a file called adminlist located wherever you pointed your dbhome directive to. Alternatively you can specify an absolute path with your filename. The file itself holds the information in the following style:

  • Logging blocked access tries

    It may be of interest who is accessing blocked sites. To track that down you can add a log directive to your src or dest definitions in your squidGuard.conf. If only a file name is given, the file is search in the directory specified in the logdir directive.

    Logging blocked access tries
    dest porn {
            domainlist porn/domains
            urllist porn/urls
            log pornaccesses

  • Documentation
     Getting started
     Destination ACLs
     Source ACLs
     Redirect Rule
     Time Constraints
     Regular Expressions

    Runtime Options
    About blocking
    Known Issues
    Other Sources

      © Powered by Shalla Secure Services 2019