Configure Squid to block 16,024+ AI-tool domains using ACLs, SSL bump, transparent proxy mode, and automated daily feed updates.
Squid delivers enterprise-grade AI-tool blocking at zero software cost. It runs on Linux, FreeBSD, and Windows, handling tens of thousands of concurrent connections with granular URL-level access control.
No NGFW license or cloud gateway subscription needed. Open-source and battle-tested for 20+ years.
Operates at the HTTP layer, not just DNS. Block specific paths within a domain while allowing the rest.
Block github.com/copilot while allowing github.com itself. DNS sinkholes can't do this.
Per-user and per-group policies via proxy authentication. Different rules for engineering vs. finance.
Decrypt HTTPS traffic to inspect full URLs, serve custom block pages, and log complete request details.
Complete audit trail of every blocked request — user, URL, timestamp, and action — for compliance reporting.
ACL setup with external domain list files
Transparent proxy deployment
SSL bump for HTTPS inspection
Automated daily cron updates
Performance tuning for large lists
User-based policies via LDAP
Logging and SIEM integration
Custom block pages
Squid's ACL engine evaluates every request against match conditions. A dstdomain ACL paired with an http_access deny rule blocks all AI-tool traffic.
Matches any request whose destination domain appears in the list or is a subdomain of an entry.
For 16,024+ domains, point the ACL to an external file — one domain per line, loaded at startup.
An entry for openai.com automatically matches chat.openai.com, api.openai.com, and all subdomains.
# /etc/squid/squid.conf — AI tool blocking via external domain list # Step 1: Define the ACL referencing the AI blocklist file acl ai_tools_blocked dstdomain "/etc/squid/blocklists/ai-tools-domains.txt" # Step 2: Deny access to matched domains http_access deny ai_tools_blocked # Step 3: Custom block page for AI tool requests deny_info ERR_AI_BLOCKED ai_tools_blocked # Ensure this deny rule appears BEFORE any broad allow rules # Squid processes http_access rules top-to-bottom, first match wins http_access allow localnet http_access deny all
The domain list file uses one domain per line. Lines starting with . match the domain and all subdomains — our feed delivers this format by default.
# /etc/squid/blocklists/ai-tools-domains.txt (excerpt) # AI Tools Blocklist — 16,024+ domains, 18 categories # Updated daily from feeds.aitoolsblocklist.com .openai.com .chat.openai.com .api.openai.com .claude.ai .anthropic.com .gemini.google.com .midjourney.com .jasper.ai .copy.ai .writesonic.com .huggingface.co .replicate.com .stability.ai .runway.com # ... 16,024+ domains total
After editing squid.conf, reload without restarting — a reconfigure applies rules to new connections without dropping active ones.
# Validate configuration syntax before applying squid -k parse # Apply new configuration without dropping active connections squid -k reconfigure # Verify the ACL loaded correctly (check for domain count in cache.log) grep "ai_tools_blocked" /var/log/squid/cache.log
Standard forward proxy requires every client to be configured. Transparent proxy intercepts traffic at the network layer — no client-side changes needed.
BYOD devices — block AI tools on personal devices without installing proxy profiles
IoT endpoints — enforce policy on devices that can't be configured for a proxy
Anti-bypass — users can't remove proxy settings they don't know exist
Same ACLs — the AI domain blocklist works identically in transparent mode
Requires iptables rules on the gateway to redirect ports 80/443 to Squid, plus Squid configured to accept intercepted connections.
# iptables rules to redirect HTTP/HTTPS traffic to Squid transparent proxy # Run on the gateway/router where Squid is installed # Redirect HTTP (port 80) to Squid on port 3129 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 \ -j REDIRECT --to-port 3129 # Redirect HTTPS (port 443) to Squid SSL bump on port 3130 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 443 \ -j REDIRECT --to-port 3130 # Exclude Squid's own traffic from redirection (prevent loops) iptables -t nat -A OUTPUT -m owner --uid-owner proxy -j ACCEPT
The Squid side uses http_port with intercept for HTTP and https_port with SSL bump for HTTPS.
# squid.conf — Transparent proxy ports http_port 3129 intercept https_port 3130 intercept ssl-bump \ cert=/etc/squid/ssl/squid-ca-cert.pem \ key=/etc/squid/ssl/squid-ca-key.pem \ generate-host-certificates=on dynamic_cert_mem_cache_size=4MB # AI blocklist ACL works the same in transparent mode acl ai_tools_blocked dstdomain "/etc/squid/blocklists/ai-tools-domains.txt" http_access deny ai_tools_blocked
Without SSL bump, Squid sees only the SNI hostname. It can block the connection (client gets a reset) but cannot serve a custom HTML block page over HTTPS. Enable SSL bump for full block-page support.
Nearly all AI tools operate over HTTPS. SSL bump decrypts targeted connections so Squid can inspect full URLs, serve block pages, and log complete request details.
Allow github.com but block github.com/features/copilot — only possible with decrypted traffic.
Log complete request URLs (not just domains) for every blocked AI-tool access attempt.
Serve branded HTML block pages over HTTPS instead of generic connection resets.
First, generate the Squid CA certificate used to sign dynamically-generated per-domain certificates.
# Generate the Squid CA certificate for SSL bump mkdir -p /etc/squid/ssl openssl req -new -newkey rsa:2048 -days 1825 -nodes -x509 \ -subj "/CN=Squid Proxy CA/O=YourOrganization/C=US" \ -keyout /etc/squid/ssl/squid-ca-key.pem \ -out /etc/squid/ssl/squid-ca-cert.pem # Initialize the SSL certificate database /usr/lib/squid/security_file_certgen -c -s /var/spool/squid/ssl_db -M 4MB # Set ownership chown -R proxy:proxy /var/spool/squid/ssl_db
# squid.conf — Full SSL bump configuration for AI tool blocking http_port 3128 ssl-bump \ cert=/etc/squid/ssl/squid-ca-cert.pem \ key=/etc/squid/ssl/squid-ca-key.pem \ generate-host-certificates=on dynamic_cert_mem_cache_size=4MB # Certificate generation helper sslcrtd_program /usr/lib/squid/security_file_certgen -s /var/spool/squid/ssl_db -M 4MB # Define which connections to bump (decrypt) vs. splice (pass through) acl step1 at_step SslBump1 acl ai_tools_blocked dstdomain "/etc/squid/blocklists/ai-tools-domains.txt" # Peek at the SNI to identify the domain, then bump AI domains ssl_bump peek step1 ssl_bump bump ai_tools_blocked ssl_bump splice all # Block AI tools after decryption — full URL is now visible http_access deny ai_tools_blocked
Decrypt only connections to AI-tool domains. Full URL visible, block pages served, complete logging enabled.
All non-AI HTTPS traffic passes through untouched. Minimizes performance overhead and privacy impact.
Windows — Push via Group Policy to Trusted Root Certification Authorities store
macOS — Deploy via MDM configuration profile
Linux — Add to /usr/local/share/ca-certificates/ and run update-ca-certificates
A static blocklist decays within days. Our pipeline identifies hundreds of new AI-tool domains every week from a corpus of 102 million domains.
Download — Fetches the latest domain list from our API feed
Validate — Checks minimum domain count to guard against empty responses
Backup — Preserves the current list as .bak before replacing
Deploy — Moves the validated file into place with correct ownership
Reload — Triggers squid -k reconfigure for zero-downtime application
#!/bin/bash # /usr/local/bin/update-ai-blocklist.sh # Downloads the latest AI tool domain list and reloads Squid FEED_URL="https://feeds.aitoolsblocklist.com/v1/domains?format=squid&key=YOUR_API_KEY" BLOCKLIST="/etc/squid/blocklists/ai-tools-domains.txt" TMPFILE="/tmp/ai-tools-domains-new.txt" MIN_LINES=30000 # Download the latest list curl -s -f -o "$TMPFILE" "$FEED_URL" if [ $? -ne 0 ]; then echo "[$(date)] ERROR: Failed to download AI blocklist" >> /var/log/squid/blocklist-update.log exit 1 fi # Validate minimum domain count LINES=$(wc -l < "$TMPFILE") if [ "$LINES" -lt "$MIN_LINES" ]; then echo "[$(date)] ERROR: Downloaded list has only $LINES lines (expected $MIN_LINES+)" >> /var/log/squid/blocklist-update.log rm -f "$TMPFILE" exit 1 fi # Backup current list and deploy new one cp "$BLOCKLIST" "${BLOCKLIST}.bak" mv "$TMPFILE" "$BLOCKLIST" chown proxy:proxy "$BLOCKLIST" # Reload Squid configuration squid -k reconfigure echo "[$(date)] SUCCESS: Updated AI blocklist ($LINES domains), Squid reloaded" >> /var/log/squid/blocklist-update.log
# Cron entry — run the update script daily at 3:00 AM 0 3 * * * /usr/local/bin/update-ai-blocklist.sh
For multiple Squid instances behind a load balancer, store the blocklist on a shared NFS mount or internal HTTP server. Run the cron job on one management host and send a reconfigure signal to each instance via SSH or config management.
Squid stores dstdomain ACL entries in a Splay tree with O(log n) lookup time. A list of 16,024+ domains requires only ~15 binary comparisons per request — negligible compared to network latency.
Initial load time for 16,024+ domains is 1–3 seconds. Use squid -k reconfigure instead of a restart — it swaps the new config atomically without dropping connections.
A 42,000-entry dstdomain ACL consumes approximately 8-12 MB of RAM in the Splay tree. Allocate at least 256 MB total for Squid process memory. For SSL bump, add another 64-128 MB for the dynamic certificate cache. Set memory_pools on and memory_pools_limit 256 MB in squid.conf.
AI tool blocking does not require disk caching — blocked requests never reach the origin server. If Squid also caches allowed content, keep the disk cache on a fast SSD. Use cache_dir aufs /var/spool/squid 10000 16 256 for high-throughput environments.
Set max_filedescriptors 65535 to handle high-concurrency environments. Each blocked request consumes a file descriptor briefly while Squid returns the deny response. Under heavy AI-tool usage, thousands of block events per minute are common.
Squid resolves destination domains internally. For dstdomain ACL matching, it compares the requested hostname string — no DNS lookup is required for the block decision. This makes domain-based ACLs extremely fast and immune to DNS-level evasion techniques.
Squid supports proxy authentication via LDAP, Kerberos, NTLM, and basic auth. Combine user/group ACLs with domain ACLs for per-department AI blocking policies.
| Department | AI Code Tools | AI Writing Tools | AI Image Tools |
|---|---|---|---|
| Engineering | Allowed | Blocked | Blocked |
| Finance | Blocked | Blocked | Blocked |
| Marketing | Blocked | Blocked | Allowed |
| All Other Staff | Blocked | Blocked | Blocked |
Create separate ACL files per category and combine them with LDAP group ACLs in http_access rules. Rule order determines precedence.
# squid.conf — LDAP authentication with per-group AI blocking # LDAP authentication helper auth_param basic program /usr/lib/squid/basic_ldap_auth \ -b "dc=corp,dc=example,dc=com" \ -f "(&(objectClass=user)(sAMAccountName=%s))" \ -h ldap.corp.example.com -D "CN=squid-svc,OU=Service,DC=corp,DC=example,DC=com" -W /etc/squid/ldap-pass auth_param basic children 20 auth_param basic realm "Corporate Proxy" # LDAP group membership helper external_acl_type ldap_group %LOGIN /usr/lib/squid/ext_ldap_group_acl \ -b "dc=corp,dc=example,dc=com" \ -f "(&(objectClass=group)(cn=%g)(member=%u))" \ -h ldap.corp.example.com -D "CN=squid-svc,OU=Service,DC=corp,DC=example,DC=com" -W /etc/squid/ldap-pass # Define user group ACLs acl authenticated proxy_auth REQUIRED acl engineering_group external ldap_group Engineering acl finance_group external ldap_group Finance acl all_staff external ldap_group AllStaff # AI domain blocklists — full and category-specific acl ai_all dstdomain "/etc/squid/blocklists/ai-tools-all.txt" acl ai_code dstdomain "/etc/squid/blocklists/ai-tools-code.txt" acl ai_text dstdomain "/etc/squid/blocklists/ai-tools-text.txt" # Policy: Engineering can access code AI, blocked from text AI http_access allow engineering_group ai_code http_access deny engineering_group ai_text # Policy: Finance blocked from all AI tools http_access deny finance_group ai_all # Policy: All other staff — block all AI tools http_access deny all_staff ai_all
Our 18-category taxonomy maps directly to this pattern. Browse the AI Tools Database by category before building your policy.
Squid produces detailed access logs for every request, creating a complete audit trail of AI-tool access attempts.
Timestamp (millisecond precision)
Client IP address
HTTP method (GET, POST, CONNECT)
Full URL (with SSL bump enabled)
Status code (TCP_DENIED for blocks)
Authenticated username (via LDAP)
Configure a custom log format to capture AI-blocking analytics and route deny events to a separate file.
# squid.conf — Custom log format for AI block analytics logformat ai_audit %ts %{%Y-%m-%d %H:%M:%S}tl %ul %>a %Ss/%>Hs %rm %ru %un %Sh/%access_log /var/log/squid/ai-blocks.log ai_audit ai_tools_blocked # Separate log file for all AI-related deny events acl denied_log_acl log_type deny access_log /var/log/squid/denied-ai.log squid ai_tools_blocked
# Analyze blocked AI tool requests from Squid access log # Top 20 blocked AI domains by request count awk '/TCP_DENIED/ {split($7,u,"/"); print u[3]}' /var/log/squid/access.log \ | sort | uniq -c | sort -rn | head -20 # Users with the most blocked AI tool requests (requires auth) awk '/TCP_DENIED/ && $8 != "-" {print $8}' /var/log/squid/access.log \ | sort | uniq -c | sort -rn | head -10 # Blocked requests per hour (trend analysis) awk '/TCP_DENIED/ {print substr($1,1,13)}' /var/log/squid/access.log \ | sort | uniq -c # Real-time monitoring of blocked AI requests tail -f /var/log/squid/access.log | grep --line-buffered "TCP_DENIED"
Forward Squid logs via syslog or a log shipper (Filebeat, Fluentd, rsyslog). Build dashboards for blocked AI-tool volume over time, top domains, top users, and geographic distribution. Alert on spikes indicating bypass attempts.
The AI blocklist configuration is identical regardless of scale — what changes is how you distribute the config and sync the blocklist file across instances.
One Squid instance handling all proxy traffic. Suitable for up to 500 concurrent users. The blocklist file lives locally. The cron job downloads updates directly from our feed. Configuration management is a single squid.conf file.
Multiple Squid instances behind an L4 load balancer. Each instance runs the same squid.conf with the blocklist on a shared NFS mount or synced via rsync. A single cron job updates the shared blocklist, and each instance reloads independently.
Branch offices run child Squid instances that forward to a parent proxy at headquarters. AI blocking can be enforced at the parent level (centralized) or at each child (distributed). The blocklist is distributed via configuration management (Ansible, Puppet, Salt).
Mount the blocklist as a volume. Update via a sidecar container or host cron job. Use inotifywait to trigger automatic reloads on file change.
Store the blocklist in a ConfigMap or PersistentVolume. Use a CronJob resource for daily updates. Signal Squid pods to reconfigure via lifecycle hooks.
Replace Squid's generic error pages with branded block pages that explain the policy and link to exception requests. This reduces support tickets.
Squid substitutes %U (requested URL), %w (domain), %i (client IP), and %u (authenticated username) into the error page HTML.
<!-- /etc/squid/errors/ERR_AI_BLOCKED --> <html><head><title>AI Tool Blocked</title> <style> body { font-family: -apple-system, sans-serif; max-width: 600px; margin: 80px auto; text-align: center; } .icon { font-size: 3rem; margin-bottom: 16px; } h1 { color: #2563eb; font-size: 1.5rem; } .domain { background: #f1f5f9; padding: 8px 16px; border-radius: 8px; font-family: monospace; display: inline-block; } a { color: #2563eb; } </style></head><body> <div class="icon">🚫</div> <h1>AI Tool Access Blocked</h1> <p>Your request to <span class="domain">%w</span> was blocked by corporate policy.</p> <p>This domain is classified as an AI tool. Per the company's Acceptable Use Policy, access to AI tools is restricted to prevent unauthorized data exposure.</p> <p><a href="https://intranet.example.com/ai-exception">Request an exception</a> | <a href="https://intranet.example.com/ai-policy">View AI Usage Policy</a></p> </body></html>
# squid.conf — Reference the custom block page error_directory /etc/squid/errors deny_info ERR_AI_BLOCKED ai_tools_blocked
Download the free 500-domain sample to test with your Squid configuration today. Or tell us your requirements and we will prepare a Squid-formatted domain list for your organization.
Tell us your Squid version, deployment mode (explicit/transparent), and category requirements. We will send a ready-to-deploy domain list within 24 hours.