Howto Deny Access to Malware Sites in Squid

Last Updated on Monday, 7 July o 09:22 Written by admin Monday, 23 June o 10:24

Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on Unix and Windows and is licensed under the GNU GPL.

The Malware Block List is a free, automated and user contributed system for checking URLs for the presence of Viruses, Trojans, Worms, or any other software considered Malware.

Preface

If you are working in IT, you are most probably aware of the problem that most of us face each day with Spam emails (rouge links), pop-ups and spoof sites. This causes a security problem where our less informed work colleagues unknowingly puts themselves at risk of getting infected with many malicious software out there.
This Howto was taken from the Malware Block List project, and I take no credit for this Howto. All credit goes to the maintainers of the Malware project and therefore thanks should be directed to them on their site.

Create an ACL in the main configuration file (squid.conf) pointing to a file which will have the list of URLs:

acl malware_block_list url_regex -i "/etc/squid/malware_block_list.txt"

Enable the ACL created previously:

http_access2 deny malware_block_list
deny_info http://malware.hiperlinks.com.br/denied.shtml malware_block_list

Download the block list:

wget -O - http://malware.hiperlinks.com.br/cgi/submit?action=list_squid > malware_block_list.txt

Force Squid reconfiguration:

squid -k reconfigure

To have an up-to-date block list, create a cron job to run every 4 hours, pointing to a script like this:

#!/bin/sh
wget -O - http://malware.hiperlinks.com.br/cgi/submit?action=list_squid > /etc/squid/malware_block_list.txt
squid -k reconfigure