Our Dynamic Block List (DBL) configuration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai Help Center and we shall get it updated.
Refer to Squid Documentation as needed: http://www.squid-cache.org/
You will need to ensure your Squid proxy can reach a specific URL to obtain the DBL. This information will be provided to you once subscribed.
|Connection Port||TCP / 80|
|URL DBL||NTT will provide a unique URL to you to download the DBL URL list|
|IP DBL||NTT will provide a unique URL to you to download the DBL IP list|
Table 1: Connections requirements
From your Squid Proxy:
Import the DBL
1. Store the DBL list retrieval script as below:
2. Back up the script file:
# cp /usr/local/squidList/getSquidACL.sh /usr/local/squidList/getSquidACL.sh.org
3. Open the script file using your favorite editor. In the examples we use “vi” for editing
# vi /usr/local/squidList/getSquidACL.sh
4. Set the DBL URL to import URL list.
5. Set the DBL URL to import IP list.
6. Rewrite the reboot command to any command which used in production environment.
restart =/etc/rc.d/init.d/squid restart
7. Set the place to output the URL list
8. Set the place to output the IP list
9. Save and close ”vi”
10. Give the execute permission to the script.
# chmod 775 /usr/local/squidList/getSquidACL.sh
1. Edit the "squid.conf” file
# vi /etc/squid/squid.conf
2. Add ACL setting for the list that set in steps 7 and 8 of the previous section.
acl blocklist_regex url_regex “/etc/squid/block_plain.txt”
acl blockip dst “/etc/squid/block_ip_plain.txt”
http_access deny blocklist_regex
http_access deny blockip
3. Save and close
Confirm configuration and auto run
1. Run the DBL retrieval script manually with the following command:
After execution, check your standard Squid logs. If you receive an error, check the status of your network because it is highly likely that the DBL destination URL is not communicating.
2. If there are no errors, set the execute command on Cron. (Following setting is run every 10 minutes.)
*/10 * * * * /usr/local/squidList/getSquidACL.sh