Recently I needed a small kiosk for some truck drivers to easily use google maps to verify their routes. But I wanted to make sure that's all they were using the kiosk for. I had considered writing my own google maps portal, and I may still yet, but for now I implemented the limitation as an acl in squid.
I can't say this will always work, as it's at google's discretion to change urls and hostnames anytime, but it works for me as of now. I hope someone else finds this information useful.
These are the domains I've allowed so far:
# Primary domains for most traffic acl GMAPS dstdomain maps.google.com maps.gstatic.com # Some stock google images come from here acl GMAPS dstdomain ssl.gstatic.com # These aren't strictly necessary, but I didn't think it would be harmful to add acl GMAPS dstdomain safebrowsing.clients.google.com acl GMAPS dstdomain cache.pack.google.com # Nearly every query hits this, I couldn't find good information about it # Some suggest it's related to ads, things work without it but I couldn't # find a good reason not to include it acl GMAPS dstdomain id.google.com # Map Images acl GMAPSREG dstdom_regex -i ^mt[0-9]+\.google\.com$ # Earth/Satellite images acl GMAPSREG dstdom_regex -i ^khm[0-9]+\.google\.com$ # Street view acl GMAPSREG dstdom_regex -i ^cbk[0-9]+\.google\.com$ # Location Images acl GMAPSREG dstdom_regex -i ^t[0-9]+\.gstatic\.com$ # Printing a map calls the chart api acl GMAPSURL url_regex -i ^http://www\.google\.com/chart\? #... further down near the end of the http_access stanzas http_access allow GMAPS localnet http_access allow GMAPSREG localnet http_access allow GMAPSURL localnet # And finally deny all other access to this proxy http_access deny all