Jaap Lelie wrote:
>
> I didn't know you can also have a log entry in the acl section..?
> So you mean like this.....
>
> acl {
> kids {
> pass !ads !aggressive !gambling !hacking !porn
> !violence !warez !local-block all
> }
> grownups {
> pass !ads !porn !local-block all
> log /var/log/squidGuard/all.log
> }
> default {
> pass none
> redirect http://www.google.com
> log /var/log/squidGuard/all.log
> }
> }
Yes, that works.
If you would like for squidGuard to log every block it makes, here's
how you can get full coverage:
- Log statements in all of your destination groups
- A log statement in each acl that ends with 'none'
Those two rules will cover everything.
I also find it handy to give each destination group a different log
file.
Hope that helps!
Rick
> At 13:14 09/26/2002 -0500, Rick Matthews wrote:
>
> > > I also noted that my all.log (where all dst rules are loggin to)
> > > isn't filled at all. Permissions are set correctly; the log is
> > > filled as soon as I remove all ident stuff.
> >
> >You need a logfile statement in your default acl as well. That's
> >probably the acl that processed your request.
> >
> >Rick
> >
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Jaap Lelie
> > > Sent: Thursday, September 26, 2002 11:25 AM
> > > To: Ian Spare; 'Neil Watson'; [EMAIL PROTECTED]
> > > Subject: RE: ident
> > >
> > >
> > > Shoot...
> > > My squidguard isn't identing as well. I've followed your tips below, and
> > > inserted a logentry to access.log. This is wat struck me as odd:
> > >
> > > 192.168.0.2 - - [26/Sep/2002:18:16:37 +0200] "GET
> > > http://msimg.com/m/r/footer_logo-md.gif HTTP/1.0" 200 1413
> > > TCP_CLIENT_REFRESH_MISS:DIRECT
> > >
> > > Does this :DIRECT somehow mean that things are bypassed? I also noted that
> > > my all.log (where all dst rules are loggin to) isn't filled at all.
> > > Permissions are set correctly; the log is filled as soon as I remove all
> > > ident stuff.
> > >
> > > Cheers!
> > > Jaap.
> > >
> > > At 09:20 09/25/2002 +0200, Ian Spare wrote:
> > >
> > >
> > > >You say that squid never looks up the id of the user? Is that true? If
> > it is
> > > >then you're quite obviously wasting your time messing around with
> > > >SquidGuard. If ident is working then you should be getting stuff in the
> > > >access.log for squid, the squid FAQ has plenty of stuff on this but very
> > > >briefly:
> > > >
> > > >make sure squid isn't built with "disable-ident-lookups"
> > > >have lines like this in the squid.conf
> > > >acl all_ident ident src 0.0.0.0/0.0.0.0
> > > >ident_lookup_access allow all_ident
> > > >cache_access_log /var/log/squid/access.log
> > > >
> > > >Then if you're not seeing lines like this in the access.log then I fail to
> > > >see to how SquidGuard will work either:
> > > >
> > > >1032938238.110 703 1.1.1.1 TCP_CLIENT_REFRESH_MISS/200 1492 GET
> > > >http://windowsupdate.microsoft.com/ident.cab username
> > > >ROUNDROBIN_PARENT/aproxy.somewhere.com application/octet-stream
> > > >
> > > >-----Original Message-----
> > > >From: Neil Watson [mailto:[EMAIL PROTECTED]]
> > > >Sent: Wednesday, September 25, 2002 00:59
> > > >To: [EMAIL PROTECTED]
> > > >Subject: ident
> > > >
> > > >
> > > >Rick,
> > > >
> > > >Thanks for your help. Alas no luck. The ads.log and the porn.log are
> > never
> > > >written to. I gather that squid and squidguard never look up the id
> > of the
> > > >user at the browser. Any suggestions.
> > > >
> > > >Neil Watson wrote:
> > > > > I've been trying to make squid and squiguard play nice for hours.
> > > > > Squid works fine on its own. I've installed squidguard to filter
> > > > > adult content. Squidguard never idents the user and therefore uses
> > > > > the default rule of deny.
> > > >
> > > >
> > > >Rick Mathews wrote:
> > > >I can help you get there. Make the changes to your config file
> > > >
> > > >that are marked below:
> > > >
> > > > > logdir /usr/local/squidGuard/log
> > > > > dbhome /usr/local/squidGuard/db
> > > > >
> > > >
> > > > > src neil {
> > > > > ip 10.0.0.10
> > > > > user neil
> > > > > }
> > > > >
> > > >
> > > > > dest porn {
> > > > > domainlist porn/domains
> > > > > urllist porn/urls
> > > >
> > > >
> > > >
> > > >add> logfile porn.log
> > > >add> redirect
> > > >http://webserver/images/title.php?size=15&text=denied
> > > >
> > > >
> > > > > }
> > > > >
> > > >
> > > > > dest ads {
> > > > > domainlist ads/domains
> > > > > urllist ads/urls
> > > >
> > > >
> > > >
> > > >add> expressionlist ads.expressions # see attached
> > > >add> logfile ads.log
> > > >add> redirect http://webserver/images/1x1.gif # see
> > > >attached
> > > >
> > > >
> > > > > }
> > > > > acl {
> > > > > neil {
> > > > > pass !ads !porn all
> > > > > }
> > > > >
> > > >
> > > > > default {
> > > > > pass none
> > > > > redirect http://webserver/images/title.php?size=15&text=denied
> > > > > }
> > > > > }
> > > >
> > > >
> > > >
> > > >Create:
> > > >/usr/local/squidGuard/log/porn.log
> > > >/usr/local/squidGuard/log/ads.log
> > > >Give them the same ownership and permissions as squidGuard.log.
> > > >
> > > >
> > > >- Make the config changes above and issue 'squid -k reconfigure'.
> > > >- Check the messages in squidGuard.log for errors.
> > > >- Enter a known-blocked porn url in your browser and hit enter.
> > > >- The last (or one of the last) entries in squid's access.log will show
> > > >the request, along with squid's understanding of your ip and ident.
> > > >- The last entry in /usr/local/squidGuard/log/porn.log will show how
> > > >squidGuard handled the request, including the ip and ident received
> > > >from squid, and the source group and destination group from your
> > > >squidGuard.conf file.
> > > >
> > > >
> > > >--
> > > >Neil Watson
> > > >Network Administrator
> > > >watson-wilson.ca
> > > >
> > > >
> > > >---
> > > >Incoming mail is certified Virus Free.
> > > >Checked by AVG anti-virus system (http://www.grisoft.com).
> > > >Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
> > >
> > >
> >
> >
> >---
> >Incoming mail is certified Virus Free.
> >Checked by AVG anti-virus system (http://www.grisoft.com).
> >Version: 6.0.391 / Virus Database: 222 - Release Date: 09/19/2002
>
>
