Hey Rick,
I didn't know you can also have a log entry in the acl section..? So you
mean like this.....
acl {
kids {
pass !ads !aggressive !gambling !hacking !porn
!violence !warez !local-block all
}
grownups {
pass !ads !porn !local-block all
log /var/log/squidGuard/all.log
}
default {
pass none
redirect http://www.google.com
log /var/log/squidGuard/all.log
}
}
Thanks,
Jaap.
At 13:14 09/26/2002 -0500, Rick Matthews wrote:
> > I also noted that my all.log (where all dst rules are loggin to)
> > isn't filled at all. Permissions are set correctly; the log is
> > filled as soon as I remove all ident stuff.
>
>You need a logfile statement in your default acl as well. That's
>probably the acl that processed your request.
>
>Rick
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Jaap Lelie
> > Sent: Thursday, September 26, 2002 11:25 AM
> > To: Ian Spare; 'Neil Watson'; [EMAIL PROTECTED]
> > Subject: RE: ident
> >
> >
> > Shoot...
> > My squidguard isn't identing as well. I've followed your tips below, and
> > inserted a logentry to access.log. This is wat struck me as odd:
> >
> > 192.168.0.2 - - [26/Sep/2002:18:16:37 +0200] "GET
> > http://msimg.com/m/r/footer_logo-md.gif HTTP/1.0" 200 1413
> > TCP_CLIENT_REFRESH_MISS:DIRECT
> >
> > Does this :DIRECT somehow mean that things are bypassed? I also noted that
> > my all.log (where all dst rules are loggin to) isn't filled at all.
> > Permissions are set correctly; the log is filled as soon as I remove all
> > ident stuff.
> >
> > Cheers!
> > Jaap.
> >
> > At 09:20 09/25/2002 +0200, Ian Spare wrote:
> >
> >
> > >You say that squid never looks up the id of the user? Is that true? If
> it is
> > >then you're quite obviously wasting your time messing around with
> > >SquidGuard. If ident is working then you should be getting stuff in the
> > >access.log for squid, the squid FAQ has plenty of stuff on this but very
> > >briefly:
> > >
> > >make sure squid isn't built with "disable-ident-lookups"
> > >have lines like this in the squid.conf
> > >acl all_ident ident src 0.0.0.0/0.0.0.0
> > >ident_lookup_access allow all_ident
> > >cache_access_log /var/log/squid/access.log
> > >
> > >Then if you're not seeing lines like this in the access.log then I fail to
> > >see to how SquidGuard will work either:
> > >
> > >1032938238.110 703 1.1.1.1 TCP_CLIENT_REFRESH_MISS/200 1492 GET
> > >http://windowsupdate.microsoft.com/ident.cab username
> > >ROUNDROBIN_PARENT/aproxy.somewhere.com application/octet-stream
> > >
> > >-----Original Message-----
> > >From: Neil Watson [mailto:[EMAIL PROTECTED]]
> > >Sent: Wednesday, September 25, 2002 00:59
> > >To: [EMAIL PROTECTED]
> > >Subject: ident
> > >
> > >
> > >Rick,
> > >
> > >Thanks for your help. Alas no luck. The ads.log and the porn.log are
> never
> > >written to. I gather that squid and squidguard never look up the id
> of the
> > >user at the browser. Any suggestions.
> > >
> > >Neil Watson wrote:
> > > > I've been trying to make squid and squiguard play nice for hours.
> > > > Squid works fine on its own. I've installed squidguard to filter
> > > > adult content. Squidguard never idents the user and therefore uses
> > > > the default rule of deny.
> > >
> > >
> > >Rick Mathews wrote:
> > >I can help you get there. Make the changes to your config file
> > >
> > >that are marked below:
> > >
> > > > logdir /usr/local/squidGuard/log
> > > > dbhome /usr/local/squidGuard/db
> > > >
> > >
> > > > src neil {
> > > > ip 10.0.0.10
> > > > user neil
> > > > }
> > > >
> > >
> > > > dest porn {
> > > > domainlist porn/domains
> > > > urllist porn/urls
> > >
> > >
> > >
> > >add> logfile porn.log
> > >add> redirect
> > >http://webserver/images/title.php?size=15&text=denied
> > >
> > >
> > > > }
> > > >
> > >
> > > > dest ads {
> > > > domainlist ads/domains
> > > > urllist ads/urls
> > >
> > >
> > >
> > >add> expressionlist ads.expressions # see attached
> > >add> logfile ads.log
> > >add> redirect http://webserver/images/1x1.gif # see
> > >attached
> > >
> > >
> > > > }
> > > > acl {
> > > > neil {
> > > > pass !ads !porn all
> > > > }
> > > >
> > >
> > > > default {
> > > > pass none
> > > > redirect http://webserver/images/title.php?size=15&text=denied
> > > > }
> > > > }
> > >
> > >
> > >
> > >Create:
> > >/usr/local/squidGuard/log/porn.log
> > >/usr/local/squidGuard/log/ads.log
> > >Give them the same ownership and permissions as squidGuard.log.
> > >
> > >
> > >- Make the config changes above and issue 'squid -k reconfigure'.
> > >- Check the messages in squidGuard.log for errors.
> > >- Enter a known-blocked porn url in your browser and hit enter.
> > >- The last (or one of the last) entries in squid's access.log will show
> > >the request, along with squid's understanding of your ip and ident.
> > >- The last entry in /usr/local/squidGuard/log/porn.log will show how
> > >squidGuard handled the request, including the ip and ident received
> > >from squid, and the source group and destination group from your
> > >squidGuard.conf file.
> > >
> > >
> > >--
> > >Neil Watson
> > >Network Administrator
> > >watson-wilson.ca
> > >
> > >
> > >---
> > >Incoming mail is certified Virus Free.
> > >Checked by AVG anti-virus system (http://www.grisoft.com).
> > >Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
> >
> >
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
---
Outgoing mail is certified Virus Free.
http://www.lelie.net/notice.html
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
