On Tue, 18 Dec 2001, Craig Falconer wrote:
> One of the problems with squidguard is how it is awkward to do an update of
> the diff files. I use this little script ( /usr/local/squidGuard/db/reload
> ) to recreate db files and kick squid over.
>
> My editor makes a backup file with a ~ appended to the end, so the script
> looks for that file and regenerates the db as necessary. I do not use the
> supplied black-lists, however periodically (once in 6-12 months) I simply
> append the new pornography domains file to mine... then the uniq sorts out
> double-ups.
>
> I also use categories that are not in the supplied blacklists:
> approved a list of sites that are always allowed, for when
> we're using severe time-based restrictions.
> excessive-volume sites that seem to create a lot of
> traffic... we have a cap of 5 Gb a month.
Right now I have a more pressing problem than the updating the blacklist.
The present databases that come with squidGuard are not being used
apparently. I setup squid and apache for a basic setup. I then configured
squidGuard. The problem I found was on a test to see if I could load a
porn site (www.playboy.com) the porn rules were not tripped. I used the
standard RedHat 7.2 install with a few slight modifications. If I point
Mozilla to use HTTP traffic on port 3128 (squid's default) I can surf the
web. I see squid's cache fill up but I am not seeing the squidGuard being
used. How can I test to verify that squidGuard is being used to check all
web traffic?
My squidGuard configuration file is attached.
Stephen
#----------------------------------------------------------------
# SquidGuard CONFIGURATION FILE
#----------------------------------------------------------------
# CONFIGURATION DIRECTORIES
dbhome /usr/share/squidGuard-1.2.0/db
logdir /var/log/squidGuard
# TIME RULES:
# abbrev for weekdays:
# s = sun, m = mon, t =tue, w = wed, h = thu, f = fri, a = sat
time workhours {
weekly s 09:30-12:00 13:00-24:00
weekly m 09:00-12:00 13:00-24:00
weekly t 09:00-11:00 12:00-24:00
weekly w 09:00-12:00 12:00-24:00
weekly h 09:00-13:00 13:00-24:00
weekly f 09:00-12:00 13:30-24:00
weekly a 08:20-13:00 13:30-24:00
}
# SOURCE ADDRESSES:
src lansource within workhours {
#iplist lansource/lan
ip 10.0.0.26
}
# DESTINATION CLASSES:
dest porn {
domainlist porn/domains
urllist porn/urls
expressionlist porn/expressions
redirect http://www.yahoo.com
}
dest adult {
domainlist adult/domains
urllist adult/urls
expressionlist adult/expressions
redirect http://www.yahoo.com
}
dest audio-video {
domainlist audio-video/domains
urllist audio-video/urls
redirect http://www.yahoo.com
}
dest forums {
domainlist forums/domains
urllist forums/urls
expressionlist forums/expressions
redirect http://www.yahoo.com
}
dest hacking {
domainlist hacking/domains
urllist hacking/urls
redirect http://www.yahoo.com
}
dest redirector {
domainlist redirector/domains
urllist redirector/urls
expressionlist redirector/expressions
redirect http://www.yahoo.com
}
dest warez {
domainlist warez/domains
urllist warez/urls
redirect http://www.yahoo.com
}
dest ads {
domainlist ads/domains
urllist ads/urls
redirect http://www.yahoo.com
}
dest aggressive {
domainlist aggressive/domains
urllist aggressive/urls
redirect http://www.yahoo.com
}
dest drugs {
domainlist drugs/domains
urllist drugs/urls
redirect http://www.yahoo.com
}
dest gambling {
domainlist gambling/domains
urllist gambling/urls
redirect http://www.yahoo.com
}
dest publicite {
domainlist publicite/domains
urllist publicite/urls
expressionlist publicite/expressions
redirect http://www.yahoo.com
}
dest violence {
domainlist violence/domains
urllist violence/urls
expressionlist violence/expressions
redirect http://www.yahoo.com
}
dest banneddestination {
domainlist banneddestination/domains
urllist banneddestination/urls
expressionlist banneddestination/expressions
redirect http://www.yahoo.com
}
dest advertising {
domainlist advertising/domains
urllist advertising/urls
redirect http://127.0.0.1/cgi-bin/nulbanner.png
log /var/log/squidGuard/advertising.log
}
# ACLs
acl {
lansource {
pass !adult !audio-video !forums !hacking !redirector !warez !ads
!aggressive !drugs !gambling !publicite !violence !banneddestination !advertising all
#pass !hacking all
redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&url=%u
}
default {
pass none
redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass=%t&url=%u
}
}
