Matthew Trey wrote:
> 
> Pardon me, you are correct.  I never noticed that in the absence of a
> redirect in one ACL, squidguard uses the redirect in the default URL.

And in the absence of ANY redirects, squidGuard passes everything.

> > squidGuard cannot "block".  squidGuard can only "redirect".
> > squidGuard cannot "block".  squidGuard can only "redirect".
> > squidGuard cannot "block".  squidGuard can only "redirect".
> 
> no reason to be a jerk, once was enough =)

Sorry, sticking keyboard. :)

> In light of this corrrection a redirect rule is needed or your ACL 
> in fact will not work. thanks for pointing that out Rick =)

Just trying to help. :)

That's also why I included a sample squidGuard.conf file a few
posts back.  There are several things in there that will help you 
with your squidGuard configuration, testing and debugging.  Even
if you ignore everything else in there, I highly recommend that
you add a log statement to each of your destination groups, i.e.:

dest porn {
    domainlist      blacklists/porn/domains
    urllist         blacklists/porn/urls
    redirect        http://yourserver.com/whatever...
    log             blocked.log
}

Rick


> 
> -----Original Message-----
> From: Rick Matthews [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 01, 2004 10:23 PM
> To: Matthew Trey; [EMAIL PROTECTED]
> Subject: RE: Not blocking
> 
> 
> Matthew Trey wrote:
> > that is true, once squidguard is up and running with this config it
> > will simply pass nothing, with no notice that anything was blocked.
> 
> That statement is incorrect.  Without a redirect statement,
> squidGuard will PASS EVERYTHING, NOTHING WILL BE BLOCKED.
> 
> squidGuard cannot "block".  squidGuard can only "redirect".
> squidGuard cannot "block".  squidGuard can only "redirect".
> squidGuard cannot "block".  squidGuard can only "redirect".
> 
> The interface between squid and squidGuard is very limited.  Squid
> passes the information to squidGuard and waits for an answer from
> squidGuard.  squidGuard's response to squid is one of two things:
> a blank line (approved), or a new url.  Those are the only two
> choices.  Without a redirect statement squidGuard ALWAYS returns
> a blank line.
> 
> > Provided we figure out the lack of rule matching,
> 
> Everything will be approved in the absence of redirect statements.
> 
> Rick
> 
> P.S. squidGuard cannot "block".  squidGuard can only "redirect".
> 
> 
> 
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Matthew Trey
> > Sent: Monday, March 01, 2004 6:05 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Not blocking
> >
> >
> >
> >
> > Rick Matthews wrote:
> >
> > > squidGuard won't redirect without a redirect statement.
> >
> > Yup.
> >
> > that is true, once squidguard is up and running with this config it will
> > simply
> > pass nothing, with no notice that anything was blocked.  Provided we
> figure
> > out the
> > lack of rule matching, I do suggest adding a redirect rule, directly below
> > the pass
> > rule pointing to either a simple html file or cgi script, or really
> anything
> > you want.
> >
> > this will let the user know the content was blocked rather than getting no
> > info at all.
> >
> >
> >
> 
> 
> 

Reply via email to