Skip to main content
Once you’ve downloaded BlackWeb, configure Squid-Cache to use it for domain blocking.

Basic Configuration

Edit your Squid configuration file: 
/etc/squid/squid.conf
Add the following lines to implement the BlackWeb blocking rule:
squid.conf
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

# Block Rule for Blackweb
acl blackweb dstdomain "/path_to/blackweb.txt"
http_access deny blackweb
Replace /path_to/blackweb.txt with the actual path where you extracted the BlackWeb file. The default recommended path is /etc/acl/blackweb.txt.

Configuration Steps

1

Locate Configuration File

Open /etc/squid/squid.conf in your preferred text editor with root privileges:
sudo nano /etc/squid/squid.conf
2

Add ACL Definition

Define the BlackWeb ACL by specifying the path to the blocklist file:
acl blackweb dstdomain "/etc/acl/blackweb.txt"
This creates an Access Control List named blackweb that matches destination domains from the file.
3

Add Deny Rule

Add the HTTP access deny rule immediately after the ACL definition:
http_access deny blackweb
4

Restart Squid

Apply the configuration changes by restarting Squid:
sudo systemctl restart squid
Or for older systems:
sudo service squid restart
5

Verify Configuration

Check that Squid started successfully:
sudo systemctl status squid
Look for any error messages in the logs:
sudo tail -f /var/log/squid/cache.log

Understanding the Configuration

ACL Syntax

acl <name> dstdomain "<file_path>"
  • acl: Defines an Access Control List
  • blackweb: The name of this ACL (can be customized)
  • dstdomain: Matches destination domain names
  • “/path_to/blackweb.txt”: Path to the domain list file

HTTP Access Rule

http_access deny blackweb
  • http_access: Controls access to web resources
  • deny: Blocks matching requests
  • blackweb: References the ACL defined above

Rule Placement

Important: The order of rules in squid.conf matters! Place your BlackWeb rules after any http_access allow rules for your clients, but before the final http_access deny all rule.
Correct order: 
# 1. Allow access from your clients
http_access allow localnet

# 2. Block BlackWeb domains
acl blackweb dstdomain "/etc/acl/blackweb.txt"
http_access deny blackweb

# 3. Deny everything else (default rule)
http_access deny all

Testing the Configuration

After applying the configuration, test that blocked domains are properly denied: 
# Try accessing a domain that should be blocked
curl -x http://your-proxy:3128 http://example-blocked-domain.com
You should see an access denied error from Squid.

Advanced Configuration

For more sophisticated filtering with allowlists, TLD blocking, and pattern matching, see the Advanced Rules guide.

Troubleshooting

Check the following:
  • Verify the file path is correct and the file exists
  • Ensure the file has proper permissions (readable by the Squid user)
  • Check syntax with: squid -k parse
  • Review error logs: tail /var/log/squid/cache.log
Verify:
  • Rule placement (should be before http_access deny all)
  • The domain exists in blackweb.txt
  • Squid was restarted after configuration changes
  • Client is actually using the proxy
BlackWeb contains over 4.7 million domains, which may impact performance on systems with limited resources. Consider:
  • Increasing Squid’s memory allocation
  • Using SSD storage for Squid cache
  • Implementing advanced rules to reduce false positives

Build docs developers (and LLMs) love

Get started for freeTalk to us