webdnstools.com
DNS Lookup, Reverse DNS Lookup, Domain Configuration Check and IP Address Calculators

Using a Whitelist with a Squid Authenticating Proxy Server

If you're using Squid as an authenticating proxy server, you may want to add a list of websites that don't require authentication. This is known as a whitelist.

If Squid is not installed, refer to the Installing Squid Proxy Server article.

If authentication has not been enabled, refer to the Squid Proxy Authentication article.

Configuring a Whitelist

Open the squid configuration file, which on Linux should be in the following location:

/etc/squid/squid.conf

Squid whitelists are created using the acl whitelist directive.

To setup a small whitelist of sites, you can add them directly to the Squid conf file. To do this, add the following directives to the Squid conf file:

acl whitelist dstdomain .example.com .google.com .bing.com
http_access allow whitelist

Note: Make sure you add this http_access line before the http_access line that allows proxy authenticated connections (this is the one that you would have added to configure proxy authentication). Otherwise the whitelist will not work.

In this example three domains are whitelisted. The whitelist includes all subdomains of these sites as well.

Save the configuration file. We are now ready to start Squid. If Squid is already running, reload the configuration file using the following command:

squid -k reconfigure

If squid is not already running, start it using the following command:

service squid start

Open a browser on a client machine. If you browse to one of the sites in the whitelist, Squid should not ask for a username and password. If you browse to any other site, Squid should ask you for a username and password.

Although this works, an easier to maintain solution would be to create a file of whitelisted sites. To do this, change the acl whitelist directive as follows:

acl whitelist dstdomain "/etc/squid/sites.whitelist.txt"

Next create a file called /etc/squid/sites.whitelist.txt and add in a list of sites to be whitelisted. For example:

.example.com
.google.com
.bing.com

Save the configuration file.

We are now ready to start Squid. If Squid is already running, reload the configuration file by running the following command as the root user:

squid -k reconfigure

If squid is not already running, start it by running the following command as the root user:

/etc/init.d/squid start