Ryan Nix wrote: > All I would like Squidguard to do, is all access to all websites > EXCEPT those found in the squidguard audio-video and porn databases. > I would also like any IP address on the internal network to have > access to the Squid server.
Access to the Squid server should be set with the acls in your squid.conf; squid server access is required before squidGuard even gets a chance to see the transaction. Having said that, see below for an example on how to include ip in your squidGuard.conf file. Here's a sample squidGuard.conf file. Delete the destination sections that you don't need, add the one the do, and make any necessary modifications. Here are a few notes (more notes after the sample squidGuard.conf file): - Check your squid access.log to verify the internal ip addresses that you are using. - squidGuard does not "block", it "redirects". And the only way it can redirect is if your squidGuard.conf file includes redirect statement(s). - You are not required to use the squidGuard.cgi page in your redirect. You can redirect to a static page, such as: <http://home1.gte.net/res0pj61/test403.html>, or to a different page for each destination group. - An "allowed" group is not required. Sample squidGuard.conf file follows. Hope that helps! Rick # Sample squidGuard.conf file # Path declarations * Note 1 * logdir /usr/local/squidGuard/log dbhome /usr/local/squidGuard/db # Source group declarations * Note 2 * src mynet { ip 192.168.0.0/24 } dest porn { domainlist blacklists/porn/domains urllist blacklists/porn/urls redirect http://yourserver.com/cgi? * Note 3,4 * log blocked.log } dest pornexp { expressionlist blacklists/porn/expressions redirect http://yourserver.com/cgi? log blocked.log } dest drugs { domainlist blacklists/drugs/domains urllist blacklists/drugs/urls redirect http://yourserver.com/cgi? log blocked.log } dest gambling { domainlist blacklists/gambling/domains urllist blacklists/gambling/urls redirect http://yourserver.com/cgi? log blocked.log } dest ads { domainlist blacklists/ads/domains urllist blacklists/ads/urls redirect http://yourserver.com/1x1.gif * Note 5 * log ads.log } dest adsexp { expressionlist blacklists/ads/expressions redirect http://yourserver.com/1x1.gif * Note 5 * log ads.log } dest allowed { domainlist blacklists/allowed/domains * Note 6 * urllist allowed/urls } # acl declarations * Note 7 * acl { mynet { pass allowed !ads !adsexp !porn !pornexp !drugs !gambling all } default { pass allowed none redirect http://yourserver.com/no-access.html*see-notes* log blocked.log } } -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- NOTES: 1. It's a good idea to include the path statements even if you are using the default locations. Be sure to set the ownership and permissions of the paths and the files. 2. If you have multiple source groups, remember that squidGuard processes them sequentially, and the first match defines the source. If you had the two sources mynet (192.168.0.0/24) and supervisor (192.168.0.10), you should define supervisor first, and then mynet. If you reversed the order the supervisor would always be identified as a member of mynet. 3. In order for the squidGuard.cgi page to work you it must be served by a web server that has been configured to allow cgi. If you are running Apache, look here for information: <http://httpd.apache.org/docs/howto/cgi.html> 4. The squidGuard.cgi redirect should read as follows (remove the '\'s and reassemble on one line): redirect http://192.168.44.1/cgi-bin/squidGuard.cgi?\ clientaddr=%a&clientname=%n&clientuser=%i&clientgroup=%s&\ targetgroup=%t&url=%u&lang=en 5. Your ads groups should redirect to a transparent 1x1 gif. You can <Right><Click> and download one from here: <http://mysite.verizon.net/rcb.k5wls/squidguard/1x1.gif> 6. No redirect or log statement needed in your allowed group. 7. You'll need a redirect and log statement to go with each pass statement _that_ends_with_'none'_. It is not required if the pass statement ends with 'all'. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Ryan Nix > Sent: Sunday, February 29, 2004 6:22 PM > To: Rick Matthews > Cc: Stephan M. Ott; [EMAIL PROTECTED] > Subject: Re: AW: AW: Not blocking > > > Hi Rick, > > All I would like Squidguard to do, is all access to all websites EXCEPT > those found in the squidguard audio-video and porn databases. I would > also like any IP address on the internal network to have access to the > Squid server. > > I believe I had the destination group setup before (I think) however > Squid wasn't working at all with that configuration. > > Ryan > > Rick Matthews wrote: > > >squidGuard is doing exactly what you are telling it to do. Nothing. > > > >You set 2 destination groups, and both are empty. > > > >Your access control list then tells squidGuard to pass everything. > > > >Do you have something you want squidGuard to do? > > > >Rick > > > > > > > > > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] Behalf Of Ryan Nix > >>Sent: Sunday, February 29, 2004 4:08 PM > >>To: Stephan M. Ott > >>Cc: [EMAIL PROTECTED] > >>Subject: Re: AW: AW: Not blocking > >> > >> > >>This is too weird. > >> > >>This seems to be the only sem-working/logging squidguard.conf file: > >> > >>2004-02-29 16:02:48 [3141] squidGuard 1.2.0 started (1078092168.639) > >>2004-02-29 16:02:48 [3141] squidGuard ready for requests (1078092168.640) > >> > >>dbhome /usr/share/squidGuard-1.2.0/db > >>logdir /var/log/squidGuard > >> > >>destination bl_porn { > >>} > >> > >>destination bl_audio-video { > >>} > >> > >>acl { > >> > >> default { > >> pass all > >> } > >>} > >> > >>This is really frustrating. I know why this thing took you three days to get it > >>working with no help. :) > >> > >> > >>Stephan M. Ott wrote: > >> > >> > >> > >>>Change the acl into > >>> > >>>acl { > >>> default { > >>> pass !bl_audo-video !bl_porn > >>> } > >>>} > >>> > >>>Leave the "all" away. > >>> > >>>Normally Squid shouldn't regard the all as it is positioned at the end, > >>>but this is the only thing which comes to my mind. > >>> > >>> > >>>-----Urspr�ngliche Nachricht----- > >>>Von: Ryan Nix [mailto:[EMAIL PROTECTED] > >>>Gesendet: Sonntag, 29. Februar 2004 19:26 > >>>An: Matthew Trey; [EMAIL PROTECTED]; [EMAIL PROTECTED] > >>>Betreff: Re: AW: Not blocking > >>> > >>>Still not blocking for some reason. /var/log/Squidguard/error.log and > >>>and access.log don't seem to be loging anything. > >>> > >>>However, /var/log/squid/access.log does: > >>> > >>>172.38.20.24 - - [29/Feb/2004:12:20:13 -0600] "GET > >>>http://www.cultureddb.com/ HTTP/1.0" 200 31798 TCP_MISS:DIRECT > >>>172.38.20.24 - - [29/Feb/2004:12:20:20 -0600] "GET > >>>http://www.mp3.com.com/ HTTP/1.0" 503 1476 TCP_MISS:NONE > >>>172.38.20.24 - - [29/Feb/2004:12:20:31 -0600] "GET http://www.mp3.com/ > >>>HTTP/1.0" 200 6362 TCP_MISS:DIRECT > >>>172.38.20.24 - - [29/Feb/2004:12:20:39 -0600] "GET > >>>http://playboy.com/tools/js/newhomepage.js HTTP/1.0" 200 3869 > >>>TCP_HIT:NONE > >>>172.38.20.24 - - [29/Feb/2004:12:20:39 -0600] "GET http://playboy.com/ > >>>HTTP/1.0" 200 41346 TCP_MISS:DIRECT > >>> > >>>Here is what I have in the squidguard.conf now: > >>> > >>>dbhome /usr/share/squidGuard-1.2.0/db > >>>logdir /var/log/squidGuard > >>> > >>>destination bl_audio-video { > >>> domainlist audio-video/domains > >>> urllist audio-video/urls > >>>} > >>> > >>>destination bl_porn { > >>> domainlist porn/domains > >>> urllist porn/urls > >>>} > >>> > >>>acl { > >>> > >>> default { > >>> pass !bl_audo-video !bl_porn all > >>> } > >>>} > >>> > >>> > >>>Any ideas? > >>> > >>> > >>> > >>>Matthew Trey wrote: > >>> > >>> > >>> > >>> > >>> > >>>>acl { > >>>> > >>>> default { > >>>> block !bl_audo-video !bl_porn > >>>> } > >>>>} > >>>> > >>>>this acl is the problem, your blacklists are set (Provided the path is > >>>>correct) > >>>> > >>>>however, the rule should be: > >>>> > >>>>pass !bl_audo-video !bl_porn all > >>>> > >>>>this is like: pass (not)bl_audo-video (not)bl_porn all > >>>>in other words, pass everything BUT bl_audo-video and bl_porn > >>>> > >>>>acl { > >>>> > >>>> default { > >>>> block !bl_audo-video !bl_porn > >>>> } > >>>>} > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>> > >>> > >>> > >>> > >> > >> > > > > > > > > > >
