Squid DBL Configuration Guide

Refer to Squid Documentation as needed: http://www.squid-cache.org/

Submit a ticket

To continue with this configuration guide you must first submit a ticket via the Samurai MDR portal. Add the following information within your request:

Ticket fieldInformation
TitleDBL Onboarding Request for Squid device(s)
DescriptionAdd hostname and IP address (internet facing) details of your Squid proxy(s). For example: mysecureproxy1.acme.org, 19.16*.2*.2. If enrolling multiple gateways please add each gateway on individual lines.*

Submit the ticket and you will hear back from us with additional information (e.g DBL URL) to continue with the configuration below.

Connection Requirements

You will need to ensure your Squid proxy can reach a specific URL to obtain the DBL. This information will be provided to you once subscribed.

ParameterNote
Connection PortTCP / 80
URL DBLNTT will provide a unique URL to you to download the DBL URL list
IP DBLNTT will provide a unique URL to you to download the DBL IP list

Table 1: Connections requirements

From your Squid Proxy:

Import the DBL

  1. Store the DBL list retrieval script as below:
/usr/local/squidList/getSquidACL.sh
  1. Back up the script file:
# cp /usr/local/squidList/getSquidACL.sh /usr/local/squidList/getSquidACL.sh.org
  1. Open the script file using your favorite editor. In the examples we use “vi” for editing
# vi /usr/local/squidList/getSquidACL.sh
  1. Set the DBL URL to import URL list.
(Example)DBL_URL="http://<IP address>/dbl/block_plain.txt"
  1. Set the DBL URL to import IP list.
(Example)DBL_IP="http://<IP address>/dbl/block_ip_plain.txt"
  1. Rewrite the reboot command to any command which used in production environment.
(Example)restart =/etc/rc.d/init.d/squid restart
  1. Set the place to output the URL list
(Example)DBL_URL_OUTPUT="/etc/squid/block_plain.txt"
  1. Set the place to output the IP list
(Example)DBL_IP_OUTPUT="/etc/squid/block_ip_plain.txt"

9.Save and close ”vi”

# :wq
  1. Give the execute permission to the script.
# chmod 775 /usr/local/squidList/getSquidACL.sh

ACL Configuration

  1. Edit the “squid.conf” file
# vi /etc/squid/squid.conf
  1. Add ACL setting for the list that set in steps 7 and 8 of the previous section.
(Example)acl blocklist_regex url_regex“/etc/squid/block_plain.txt”acl blockip dst “/etc/squid/block_ip_plain.txt”http_access deny blocklist_regexhttp_access deny blockip
  1. Save and close
# :wq

Confirm configuration and auto run

  1. Run the DBL retrieval script manually with the following command:
# /usr/local/squidList/getSquidACL.sh

After execution, check your standard Squid logs. If you receive an error, check the status of your network because it is highly likely that the DBL destination URL is not communicating.

  1. If there are no errors, set the execute command on Cron. (Following setting is run every 10 minutes.)
*/10 * * * * /usr/local/squidList/getSquidACL.sh

Our Dynamic Block List (DBL) configuration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by *raising a ticket in the Samurai MDR portal and we shall get it updated.