> -----Original Message----- > From: Samir Faci [mailto:[EMAIL PROTECTED] > Sent: August 6, 2004 4:28 PM > To: [EMAIL PROTECTED] > Subject: [squid-users] Configuring Squid to work with squidGuard... > > > I have squidGuard working (i believe) If i issue the following command: > > echo "http://www.zzm.com 64.125.84.23/- - GET" | squidGuard > -c /etc/squidguard.conf -d
> Angela Burrell wrote: > Why are you using that command?
I use squidGuard too and I couldn't really follow this approach...
Personally what I do is run squidGuard -C all (to recompile the databases when I add a site.)
I did this only the first time as I have some uncompiled small databases, e.g. a whitelist which allows me to enable sites very quickly. I prefer to specify the database to compile.
Then I do squid -k reconfigure (which restarts squid) and squid automatically starts squidGuard.
This is very dangerous if the permissions on the databases are wrong.
I have managed to crash a squid with at least 300 users online in the middle of a day.
Then look at the log files and verify that it's running (last line is "squidGuard ready for requests")
Squidguard needs rw-Permissions on the database-files. Double check the permissions especially if the database compilation is done as root.
A safe way ist to start squidGuard as the squid-user logging to stdout/stderr.
su - proxy 'squidGuard -d'
If you see "squidGuard ready for requests" there, you will see it in the logfiles after the reconfigure.
Now go to a web browser on a client and try to access a blocked site. You should be shown a error page or redirected (whatever you configured it to do).
Recap: 1. squidGuard -C all (as root) 2. squid -k reconfigure 3. check to make sure squidGuard is running 4. Test with browser 5. if not working, do squid -k kill, then "squid" to start it up again.
In general this is the recipe I used as well and it works, although I did not compile from source. Everything on my machine comes from debian (woody) execpt the kernel (stock kernel did not support the hardware).
Additionally I have modified the page squidGuard is redirecting to. It's now a quick'n'dirty perl-cgi which offers a convenient way to reports false positives.
Regards, Hendrik Voigtl�nder
