# squid
caching proxy server from apache people


# configuration
`/etc/squid/squid.conf`

By default, squid listens on port 3128 on localhost only. Define your ACLs and http rules in the config file. An example:
```sh
acl lab1 src 192.168.1.0/24
http_access allow lab1
```

# filter websites
You can implement this by disabling name resolution on the clients and instead using the proxy server system wide. This way, any DNS request is intercepted, inspected and dropped if needed.
TODO I don't think this works with DNS-over-HTTPS/TLS. A solution would be SSL bumping but this is generally a bad idea.



See also
--------
See the arch wiki https://wiki.archlinux.org/title/Squid for more info.