is there any way to find out what variables in the expressionslist is the culprit?
thanks for the tips. The dual log is awesome.
--jeff
On Thursday, February 13, 2003, at 05:11 PM, Rick Matthews wrote:
Jeff Donovan wrote:i have a transparent proxy running squid 2.5 and squidguard. everything is working fine. however when I was surfing around i came to : http://www.netbsd.orgnow that domain loads fine. but when i click on " Documentation/FAQ " I get redirected to my Denied file. I greped my blacklists for the domain, url, and ip and nothing came back. Then I manually searched ( what a bugger)It's not blocked here. As Darren has already mentioned, there are a few things that you can do when you are setting up squidGuard that will greatly simplify your research efforts: - Use squidGuard.cgi (from the /samples folder) for redirects. That will give you a redirect page that resembles this: <http://home1.gte.net/res0pj61/squidguard/redirect-sample.gif> - If you can't (or would prefer not to) run cgi, you can still redirect to a different page from each group. For example, you might redirect the porn group to <http://home1.gte.net/res0pj61/403prn.html> and the drugs group to <http://home1.gte.net/res0pj61/403drgs.html>. - For clarity and ease of use, add a redirect statement to every destination block. They could all point to the same location, or they might all be different. For starters, I'd recommend pointing everything but the ads group to the squidGuard.cgi page. The ads group should be redirected to a transparent 1x1.gif (or png). - For clarity and ease of use, add a log statement to every destination block. For starters, I'd recommend logging everything but the ads group to "blocked.log". The ads group should be logged to "ads.log". This will log the important information about every block, to greatly simply research. - If you use the logic presented in the first 2 tips above, you do not need a redirect statement in any acl sections where the pass statement ends with "all". You do need a redirect statement in the acl sections where the pass statement ends with "none". - If you are using an "allowed" destination group, remember that any domains entered there have a free pass, even if the domain or subdomains are listed in blocked destination groups. The allowed group should be listed first in your acl, "pass allowed !porn ...". It is not necessary to have a redirect and log statement in your allowed group. - Be extremely careful with expressionlists! As an example, remember that your porn expressionlist will define a combination that, if it appears in a url, will cause it to be classified as a porn url. Therefore, that combination should never appear in a non-porn url. (Repeat the previous two sentences for each group that contains an expressionlist, replacing "porn" with the name of the destination group.) I only use 2 expressionlists, both in areas where the terminology is fairly unique - porn and ads. - My expressionlists are not in the same destination groups with domains and urls. I have a porn group and a pornexp group, the latter containing only the porn expressionlist. I also have ads and adsexp groups. This is extremely helpful in debugging and correcting false blocks. Knowing the destination group that caused the block immediately tells you whether you have a database or expressionlist problem. - Separating the database files from the expressionlists also allows you to gauge the effectiveness of your expressionlist. Put the database before the expressionlist in your pass statement (pass !porn !pornexp...). You can then examine your blocked.log file knowing that if a url was blocked by pornexp, it was not in the porn databases and would have been approved except for the expressionlist. - More information on isolating expressionlist blocks for easier problem identification: Here's a small change that you can make to your squidGuard.conf file so that you will immediately know if you've been blocked by the porn database or by the porn expressionlist. Instead of setting up your porn destination group like this: -------- not this way -------------- dest porn { domainlist porn/domains urllist porn/urls expressionlist porn/expressions redirect http://yourserver.com/whatever... logfile blocked.log } --------- end -------------------- Break out the expressionlist and set it up like this: ------ Recommended ------------------ dest porn { domainlist porn/domains urllist porn/urls redirect http://yourserver.com/whatever... logfile blocked.log } dest pornexp { expressionlist expressions redirect http://yourserver.com/whatever... logfile blocked.log } --------- end --------------------- Then replace [!porn] with [!porn !pornexp] in your acl and you'll have exactly the same coverage as before, but now your redirect page and blocked log will show: Target group = porn or Target group = pornexp I hope these help! Rick
