Sounds good. I have actually been very, very impressed even with the
default settings. I found that a few domains that should have been
filtered did not get filtered, even though the ip was correctly listed in
the filtered domains list. For example, the ip for sexplaza.com is listed
in the domains list, but the domain name itself is not listed, so the site
gets passed through the squidGuard. Then I created my own addendum list
where I added the domain name itself, and it works just fine. Perhaps the
solution to this may be to run a reverse DNS lookup on every IP number in
the blacklist and add the domain names to a separate domains list. I
initially thought that the application would do an IP to domain name
association.
I also created a 'passthru' list to allow for some domains that are getting
blocked to pass through. After I modified the 'porn/expressions' I started
getting filters on register.com, so I added them to my 'passthru' list.
I am in the process of writing an automated ftpget script to download the
black list at regular intervals (monthly or so) and may incorporate a
reverse DNS on the ip numbers.
The more I learn about this application the more I like it. I can't get
over how good the performance has been. Nice work, and thanks for all the help.
Regards,
Ruben Fagundo
At 04:15 PM 3/25/02 -0600, Rick Matthews wrote:
> > What I learned is that the system I was using to
> > test (win 98) was always falling into the "default"
> > category for some reason.
>
>Did the other response you received clear that up for you?
>
> > The "user" and "ip" were not registering as I
> > would have expected.
>
>I think your only surprise was the handling of user; ip probably
>works exactly as you expected. By your definition, in order to be a
>grownup you had to match ip 192.168.1.108 *and* user "joe_user".
>Just for some temporary satisfaction, why don't you change your
>source declarations to:
>
>src grownups {
> ip 192.168.1.108
>}
>src kids {
> ip 192.168.1.100-192.168.1.105 **or whatever**
>}
>
>I think it may make you feel better. :-)
>
> > ... but clearly, I needed to do a better job
> > at compensating for the default rule, to catch
> > things like this.
>
>Don't make a big deal out of it; just change it from "pass all" to
>"pass none" and you are covered.
>
>You're almost there...
>
>Rick
>
>
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of Ruben
>Fagundo
>Sent: Monday, March 25, 2002 8:41 AM
>To: Rick Matthews
>Cc: Squidguard Mailing List
>Subject: RE: squidGuard is not redirecting as I would have
>expected...
>
>
>
>Thanks for your response Rick. What I learned is that the system I
>was
>using to test (win 98) was always falling into the "default"
>category for
>some reason. The "user" and "ip" were not registering as I would
>have
>expected. The Linux box is my Primary Domain Controller, for the
>Windows
>network. I'm not sure if logging out and logging back in would have
>registered the user name, but clearly, I needed to do a better job
>at
>compensating for the default rule, to catch things like this.
>
>Thanks for your help,
>Ruben
>
>At 08:08 PM 3/24/02 -0600, Rick Matthews wrote:
> > > I am trying to use squidGuard as a porn filter
> > > for my house.
> >
> >That's the way I am using it, and it does a great job.
> >
> >You've done a good of covering all the bases and in your
> >documentation of the problem. I can't put my finger on a single
>item
> >as the reason it's not working for you, but I can point out issues
> >or potential issues:
> >
> >Your dbhome statement has no relationship to the actual location of
> >your db files. It is true that your destination group declarations
> >can specify the file locations by specifying a path relative to
> >dbhome *OR* by specifying an absolute path, which is the option
>that
> >you've taken. I would recommend, however that you use the other
> >method. Since your files are located in
> >/usr/local/squidGuard/blacklists/porn/domains, you could use:
> >dbhome /usr/local/squidGuard
> >domainlist /blacklists/porn/domains
> >or
> >dbhome /usr/local/squidGuard/blacklists
> >domainlist /porn/domains
> >
> >Let's examine your source group declarations:
> > > src grownups {
> > > ip 192.168.1.108
> > > user joe_user
> > > }
> > >
> > > src kids {
> > > user sally sue billy
> > > }
> >
> >I believe that says that in order to be in source grownups, you're
> >ip must be 192.168.1.108, *and* you must be logged on as
>"joe_user".
> >(Using userident match implies RFC931/ident lookup is enabled in
> >squid.conf and that the workstations must support RFC931.)
> >
> >No matter where you are, if you are logged on as sally, sue or
>billy
> >you are in source kids.
> >
> >If you don't match either of those two you're in luck! That means
> >you are in the "default" source and you can go anywhere on the web
> >that you'd like! (You probably want to change the default acl from
> >"pass all" to "pass none", and add another redirect at that point.)
> >
> >You may also find it helpful to specify separate log files while
>you
> >are debugging. In your porn destination group declaration, add the
> >line:
> >logfile /usr/local/squidGuard/log/porn.log
> >Then, if you are stopped by the porn destination group, it will be
> >logged in porn.log. If you are stopped by the default pass none
> >statement, it will be logged in squidGuard.log.
> >
> >Try those and hopefully you'll be up and running.
> >
> >Rick Matthews
> >
> >
> >-----Original Message-----
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED]]On Behalf Of Ruben
> >Fagundo
> >Sent: Sunday, March 24, 2002 3:39 PM
> >To: [EMAIL PROTECTED]
> >Subject: squidGuard is not redirecting as I would have expected...
> >
> >
> >
> >I am trying to use squidGuard as a porn filter for my house. I
> >have
> >successfully installed squidGuard on a RH 72 linux box. I
> >downloaded the
> >black list files, and used the following conf file, however, I
>bring
> >up the
> >browser and point it to my home page, and it works fine, but when I
> >point
> >it to one of the sites on the porn domains, it does NOT redirect
>the
> >URL as
> >I would have expected it to. My understanding is that it would
>have
> >redirected the results to the locat apache server with the cgi-bin
> >application that I installed there. I know the cgi app works
> >because I can
> >call it explicitely, and I know that I am using the squid proxy on
> >port
> >3128 as well, because the squid logs tell me that I am accessing
>the
> >pages
> >that I point the browser to, so the question remains, what am I
> >doing wrong?
> >
> >======= squidGuard.conf =============
> >
> >dbhome /usr/local/squidguard/db
> >logdir /usr/local/squidGuard/log
> >
> >src grownups {
> > ip 192.168.1.108
> > user joe_user
> >}
> >
> >src kids {
> > user sally sue billy
> >}
> >
> >dest porn {
> > domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> > urllist
>/usr/local/squidGuard/blacklists/porn/urls
> > expressionlist
> >/usr/local/squidGuard/blacklists/porn/expressions
> > redirect
> >http://192.168.1.5/cgi-bin/blocked?clientaddr=%a+clientname=%n+clie
>n
> >tident=%i+srcclass=%s+targetclass=%t+url=%u
> >}
> >
> >acl {
> >
> > grownups {
> > pass !porn all
> > }
> >
> > kids {
> > pass !porn all
> > }
> >
> > default {
> > pass all
> > }
> >}
> >
> >============ the process list (shows squidGuard is running)
> >==========
> >root 18134 0.0 1.8 3964 1160 ? S 16:01 0:00
> >squid -D
> >squid 18136 0.2 8.2 6992 5064 ? S 16:01 0:04
> >(squid) -D
> >squid 18137 1.8 2.4 3308 1528 ? S 16:01 0:37
> >(squidGuard) -d
> >squid 18138 1.8 2.4 3308 1528 ? S 16:01 0:36
> >(squidGuard) -d
> >squid 18139 1.8 2.4 3308 1528 ? S 16:01 0:37
> >(squidGuard) -d
> >squid 18140 1.8 2.4 3308 1528 ? S 16:01 0:36
> >(squidGuard) -d
> >squid 18141 0.0 0.5 1352 328 ? S 16:01 0:00
> >(unlinkd)
> >=============== squidGuard log file ============
> >cat squidGuard.log
> >2002-03-24 11:26:46 [17629] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 11:26:46 [17628] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 11:26:46 [17627] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 11:26:47 [17630] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 11:33:52 [17763] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 11:33:52 [17764] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 11:33:52 [17765] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 11:33:53 [17766] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 11:36:57 [17766] init urllist
> >/usr/local/squidGuard/blacklists/porn/urls
> >2002-03-24 11:36:57 [17763] init urllist
> >/usr/local/squidGuard/blacklists/porn/urls
> >2002-03-24 11:37:01 [17764] init urllist
> >/usr/local/squidGuard/blacklists/porn/urls
> >2002-03-24 11:37:01 [17765] init urllist
> >/usr/local/squidGuard/blacklists/porn/urls
> >2002-03-24 11:37:06 [17766] init expressionlist
> >/usr/local/squidGuard/blacklists/porn/expressions
> >2002-03-24 11:37:06 [17766] squidGuard 1.2.0 started
> >(1016987632.997)
> >2002-03-24 11:37:06 [17766] squidGuard ready for requests
> >(1016987826.133)
> >2002-03-24 11:37:06 [17763] init expressionlist
> >/usr/local/squidGuard/blacklists/porn/expressions
> >2002-03-24 11:37:06 [17763] squidGuard 1.2.0 started
> >(1016987632.757)
> >2002-03-24 11:37:06 [17763] squidGuard ready for requests
> >(1016987826.180)
> >2002-03-24 11:37:07 [17765] init expressionlist
> >/usr/local/squidGuard/blacklists/porn/expressions
> >2002-03-24 11:37:07 [17765] squidGuard 1.2.0 started
> >(1016987632.942)
> >2002-03-24 11:37:07 [17765] squidGuard ready for requests
> >(1016987827.360)
> >2002-03-24 11:37:07 [17764] init expressionlist
> >/usr/local/squidGuard/blacklists/porn/expressions
> >2002-03-24 11:37:07 [17764] squidGuard 1.2.0 started
> >(1016987632.843)
> >2002-03-24 11:37:07 [17764] squidGuard ready for requests
> >(1016987827.371)
> >2002-03-24 15:51:37 [18086] init domainlist
> >/usr/local/squidGuard/blacklists/porn/domains
> >2002-03-24 15:52:07 [18086] create new dbfile
> >/usr/local/squidGuard/blacklists/porn/domains.db
> >2002-03-24 15:52:08 [18086] init urllist
> >/usr/local/squidGuard/blacklists/porn/urls
> >2002-03-24 15:52:10 [18086] init expressionlist
> >/usr/local/squidGuard/blacklists/porn/expressions
> >2002-03-24 15:52:10 [18086] squidGuard 1.2.0 started
> >(1017003097.784)
> >2002-03-24 15:52:10 [18086] db update done
> >2002-03-24 15:52:10 [18086] squidGuard stopped (1017003130.373)
> >2002-03-24 16:01:25 [17766] squidGuard stopped (1017003685.202)
> >2002-03-24 16:01:25 [17765] squidGuard stopped (1017003685.204)
> >2002-03-24 16:01:25 [17764] squidGuard stopped (1017003685.207)
> >2002-03-24 16:01:25 [17763] squidGuard stopped (1017003685.209)
