Saturday, May 24, 2008

Block malware domains using Squid




Today we'll see how we can start filtering malicious websites using Squid as an example. Squid cache is a popular open source web proxy server and web cache software. If you don't want a complex solution, you can use malwaredomains.com black lists and a small batch file to generate copy-and-pase Squid ACL's to filter the unwanted.

Let's Start:

1) Download the complete file from this link domains.txt

2) Use MS Excell to filter and save URL's:

- open domain.txt








Now select the domains in the first column and paste them into a text file, call it block.txt

3) Use this batch file to import URL's from block.txt and convert them to Squid ACL's

@echo off
for /f %%a in (c:\block.txt) do echo acl blocksites dstdomain %%a >> c:\squid-acls.txt
notepad c:\squid-acls.txt
exit /b

append the output to the squid conf file like this:

acl blocksites dstdomain koolkatalog.com

acl blocksites dstdomain prostol.com

acl blocksites dstdomain alwaysupdatednews.com

acl blocksites dstdomain cometsystems.com

acl blocksites dstdomain sdsauto.ru

acl blocksites dstdomain googkle.com

acl blocksites dstdomain loadcash.biz

http_access deny blocksites

Save and close the conf file, Restart Squid:

# /etc/init.d/squid restart

you're done ;)