Matthew Trey wrote:
>
> Pardon me, you are correct. I never noticed that in the absence of a
> redirect in one ACL, squidguard uses the redirect in the default URL.
And in the absence of ANY redirects, squidGuard passes everything.
> > squidGuard cannot "block". squidGuard can only "redirect".
> > squidGuard cannot "block". squidGuard can only "redirect".
> > squidGuard cannot "block". squidGuard can only "redirect".
>
> no reason to be a jerk, once was enough =)
Sorry, sticking keyboard. :)
> In light of this corrrection a redirect rule is needed or your ACL
> in fact will not work. thanks for pointing that out Rick =)
Just trying to help. :)
That's also why I included a sample squidGuard.conf file a few
posts back. There are several things in there that will help you
with your squidGuard configuration, testing and debugging. Even
if you ignore everything else in there, I highly recommend that
you add a log statement to each of your destination groups, i.e.:
dest porn {
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
redirect http://yourserver.com/whatever...
log blocked.log
}
Rick
>
> -----Original Message-----
> From: Rick Matthews [mailto:[EMAIL PROTECTED]
> Sent: Monday, March 01, 2004 10:23 PM
> To: Matthew Trey; [EMAIL PROTECTED]
> Subject: RE: Not blocking
>
>
> Matthew Trey wrote:
> > that is true, once squidguard is up and running with this config it
> > will simply pass nothing, with no notice that anything was blocked.
>
> That statement is incorrect. Without a redirect statement,
> squidGuard will PASS EVERYTHING, NOTHING WILL BE BLOCKED.
>
> squidGuard cannot "block". squidGuard can only "redirect".
> squidGuard cannot "block". squidGuard can only "redirect".
> squidGuard cannot "block". squidGuard can only "redirect".
>
> The interface between squid and squidGuard is very limited. Squid
> passes the information to squidGuard and waits for an answer from
> squidGuard. squidGuard's response to squid is one of two things:
> a blank line (approved), or a new url. Those are the only two
> choices. Without a redirect statement squidGuard ALWAYS returns
> a blank line.
>
> > Provided we figure out the lack of rule matching,
>
> Everything will be approved in the absence of redirect statements.
>
> Rick
>
> P.S. squidGuard cannot "block". squidGuard can only "redirect".
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Matthew Trey
> > Sent: Monday, March 01, 2004 6:05 PM
> > To: [EMAIL PROTECTED]
> > Subject: RE: Not blocking
> >
> >
> >
> >
> > Rick Matthews wrote:
> >
> > > squidGuard won't redirect without a redirect statement.
> >
> > Yup.
> >
> > that is true, once squidguard is up and running with this config it will
> > simply
> > pass nothing, with no notice that anything was blocked. Provided we
> figure
> > out the
> > lack of rule matching, I do suggest adding a redirect rule, directly below
> > the pass
> > rule pointing to either a simple html file or cgi script, or really
> anything
> > you want.
> >
> > this will let the user know the content was blocked rather than getting no
> > info at all.
> >
> >
> >
>
>
>
