> -----Original Message-----
> From: Samir Faci [mailto:[EMAIL PROTECTED]
> Sent: August 6, 2004 4:28 PM
> To: [EMAIL PROTECTED]
> Subject: [squid-users] Configuring Squid to work with squidGuard...
>
>
> I have squidGuard working (i believe)  If i issue the following command:
>
> echo "http://www.zzm.com 64.125.84.23/- - GET" | squidGuard
> -c /etc/squidguard.conf -d

> Angela Burrell wrote:
> Why are you using that command?

I use squidGuard too and I couldn't really follow this approach...

Personally what I do is run squidGuard -C all (to recompile the databases
when I add a site.)

I did this only the first time as I have some uncompiled small databases, e.g. a whitelist which allows me to enable sites very quickly. I prefer to specify the database to compile.


Then I do squid -k reconfigure (which restarts squid) and squid
automatically starts squidGuard.

This is very dangerous if the permissions on the databases are wrong.
I have managed to crash a squid with at least 300 users online in the middle of a day.


Then look at the log files and verify that it's running (last line is
"squidGuard ready for requests")

Squidguard needs rw-Permissions on the database-files. Double check the permissions especially if the database compilation is done as root.


A safe way ist to start squidGuard as the squid-user logging to stdout/stderr.

su - proxy 'squidGuard -d'

If you see "squidGuard ready for requests" there, you will see it in the logfiles after the reconfigure.


Now go to a web browser on a client and try to access a blocked site. You should be shown a error page or redirected (whatever you configured it to do).

Recap:
1. squidGuard -C all (as root)
2. squid -k reconfigure
3. check to make sure squidGuard is running
4. Test with browser
5. if not working, do squid -k kill, then "squid" to start it up again.


In general this is the recipe I used as well and it works, although I did not compile from source. Everything on my machine comes from debian (woody) execpt the kernel (stock kernel did not support the hardware).


Additionally I have modified the page squidGuard is redirecting to. It's now a quick'n'dirty perl-cgi which offers a convenient way to reports false positives.

Regards, Hendrik Voigtl�nder

Reply via email to