|
Rick,
Thx for the follow-up.
Actually, I tried it both ways... With and without the 302.
Also with redirects tied only to destination rules and also tied only to
ACL's.
The config I posted was an example of one of the methods I tried.... and I
guessed that there would be questions about how/why I had it set up....
but nothing has worked so far - so I figured any version of the config would be
good for the sake of discussion...
I tried what you suggested - but the address bar still switches to the
redirect URL...
Any other thoughts?
Here is the new current version of my config with your suggested changes
included.
*****************************************
logdir /usr/local/squidGuard/log dbhome /usr/local/squidGuard/db src squidbox { ip [SNIP] }
src r9esd { ip [SNIP] }
src d9 { ip [SNIP] }
src hrcsd { ip [SNIP] }
src d12 { ip [SNIP] }
dest ads { domainlist ads/domains urllist ads/urls redirect http://www.r9esd.k12.or.us/denied/blank.gif log ads.log } dest adult { domainlist adult/domains urllist adult/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest aggressive { domainlist aggressive/domains urllist aggressive/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest audio-video { domainlist audio-video/domains urllist audio-video/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest drugs { domainlist drugs/domains urllist drugs/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest forums { domainlist forums/domains urllist forums/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest gambling { domainlist gambling/domains urllist gambling/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest hacking { domainlist hacking/domains urllist hacking/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest mail { domainlist mail/domains redirect http://www.r9esd.k12.or.us/denied log denied.log } dest porn { domainlist porn/domains urllist porn/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest proxy { domainlist proxy/domains urllist proxy/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest publicite { domainlist publicite/domains urllist publicite/urls redirect http://www.r9esd.k12.or.us/denied/blank.gif log ads.log } dest redirector { domainlist redirector/domains urllist redirector/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest violence { domainlist violence/domains urllist violence/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest warez { domainlist warez/domains urllist warez/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest r9esd.nonacademic { domainlist r9esd.nonacademic/domains urllist r9esd.nonacademic/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest r9esd.adult { domainlist r9esd.adult/domains urllist r9esd.adult/urls redirect http://www.r9esd.k12.or.us/denied log denied.log } dest d12.exceptions { domainlist d12.exceptions/domains urllist d12.exceptions/urls log exceptions.log } dest r9esd.exceptions { domainlist r9esd.exceptions/domains urllist r9esd.exceptions/urls log exceptions.log } acl { squidbox { pass r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all } r9esd { pass r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all } d9 { pass r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all } hrcsd { pass r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all } d12 { pass d12.exceptions r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all } default { pass none redirect http://www.r9esd.k12.or.us/denied } } *****************************************
- Dave Karlson
Director, Information Technology Region Nine Education Service District The Dalles, Oregon (voice) 541-298-3140 (fax) 541-298-3141 >>> "Rick Matthews" <[EMAIL PROTECTED]> 03/04/02 06:11PM >>> I apologize... I wrote that in a rush and I shouldn't have. Here's the corrected version: ------------------------------------------------ The redirect without the 302 is what you want; it will leave the requested url showing in the browser address window. I think you might have been getting unpredictable results because it looks like you were trying it both ways at the same time. Here's a summary of the redirects in your squidGuard.conf file: dest ads redirect http://www.r9esd.k12.or.us/denied/blank.gif dest adult redirect 302:http://www.r9esd.k12.or.us/denied dest aggressive redirect 302:http://www.r9esd.k12.or.us/denied dest audio-video redirect 302:http://www.r9esd.k12.or.us/denied dest drugs redirect 302:http://www.r9esd.k12.or.us/denied dest forums redirect 302:http://www.r9esd.k12.or.us/denied dest gambling redirect 302:http://www.r9esd.k12.or.us/denied dest hacking redirect 302:http://www.r9esd.k12.or.us/denied dest mail redirect 302:http://www.r9esd.k12.or.us/denied dest porn redirect 302:http://www.r9esd.k12.or.us/denied dest proxy redirect 302:http://www.r9esd.k12.or.us/denied dest publicite redirect 302:http://www.r9esd.k12.or.us/denied/blank.gif dest redirector redirect 302:http://www.r9esd.k12.or.us/denied dest violence redirect 302:http://www.r9esd.k12.or.us/denied dest warez redirect 302:http://www.r9esd.k12.or.us/denied dest r9esd.nonacademic redirect 302:http://www.r9esd.k12.or.us/denied dest r9esd.adult redirect 302:http://www.r9esd.k12.or.us/denied dest d12.exceptions dest r9esd.exceptions acl squidbox redirect 302:http://www.r9esd.k12.or.us/denied <remove this r9esd redirect http://www.r9esd.k12.or.us/denied <remove this d9 hrcsd d12 default redirect http://www.r9esd.k12.or.us/denied <leave this one -------- End ------------ Every destination group (that needs one) has a redirect. The only redirect that you need in the ACL is for default. Then remove the 302s from the redirects and you should be good to go. Again, sorry about the previous post. Rick Matthews -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dave Karlson Sent: Monday, March 04, 2002 3:24 PM To: [EMAIL PROTECTED] Subject: REDIRECT vs REDIRECT 302: Hi all, I've got squid and squidguard working pretty well..... BUT The one issue I am having is how the REDIRECT is working in my rules I want the "address" in the browser to keep the 'denied URL' rather than changing to the redirect address. From the documentation, I see this is (supposed to be) controlled by adding/removing the 302: before the URL on the REDIRECT line. However, I have tried it both ways and can't get it to work the way I want. REGARDLESS of the 302: (or lack there of), my 'redirect address' (http://www.r9esd.k12.or.us/denied) ALWAYS shows up in the address box in users' browsers. i.e. user types www.badsite.com and the URL is immediately changed to http://www.r9esd.k12.or.us/denied as they are directed to the 'denied page'. Any ideas? my squidguard.conf is below. THANKS! *************************** logdir /usr/local/squidGuard/log dbhome /usr/local/squidGuard/db src squidbox { ip [SNIP] } src r9esd { ip [SNIP] } src d9 { ip [SNIP] } src hrcsd { ip [SNIP] } src d12 { ip [SNIP] } dest ads { domainlist ads/domains urllist ads/urls redirect http://www.r9esd.k12.or.us/denied/blank.gif log ads.log } dest adult { domainlist adult/domains urllist adult/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest aggressive { domainlist aggressive/domains urllist aggressive/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest audio-video { domainlist audio-video/domains urllist audio-video/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest drugs { domainlist drugs/domains urllist drugs/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest forums { domainlist forums/domains urllist forums/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest gambling { domainlist gambling/domains urllist gambling/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest hacking { domainlist hacking/domains urllist hacking/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest mail { domainlist mail/domains redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest porn { domainlist porn/domains urllist porn/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest proxy { domainlist proxy/domains urllist proxy/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest publicite { domainlist publicite/domains urllist publicite/urls redirect 302:http://www.r9esd.k12.or.us/denied/blank.gif log ads.log } dest redirector { domainlist redirector/domains urllist redirector/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest violence { domainlist violence/domains urllist violence/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest warez { domainlist warez/domains urllist warez/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest r9esd.nonacademic { domainlist r9esd.nonacademic/domains urllist r9esd.nonacademic/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest r9esd.adult { domainlist r9esd.adult/domains urllist r9esd.adult/urls redirect 302:http://www.r9esd.k12.or.us/denied log denied.log } dest d12.exceptions { domainlist d12.exceptions/domains urllist d12.exceptions/urls log exceptions.log } dest r9esd.exceptions { domainlist r9esd.exceptions/domains urllist r9esd.exceptions/urls log exceptions.log } acl { squidbox { pass r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all redirect 302:http://www.r9esd.k12.or.us/denied } r9esd { pass r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all redirect http://www.r9esd.k12.or.us/denied } d9 { pass r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all } hrcsd { pass r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all } d12 { pass d12.exceptions r9esd.exceptions !r9esd.adult !r9esd.nonacademic !in-addr !ads !adult !aggressive !drugs !forums !gambling !hacking !porn !proxy !publicite !redirector !violence !warez all } default { pass none redirect http://www.r9esd.k12.or.us/denied } } *************************** - Dave Karlson Director, Information Technology Region Nine Education Service District The Dalles, Oregon (voice) 541-298-3140 (fax) 541-298-3141 |
- REDIRECT vs REDIRECT 302: Dave Karlson
- RE: REDIRECT vs REDIRECT 302: Rick Matthews
- RE: REDIRECT vs REDIRECT 302: Rick Matthews
- RE: REDIRECT vs REDIRECT 302: Dave Karlson
- RE: REDIRECT vs REDIRECT 302: Rick Matthews
