Re: Not blocking

[Ryan Nix]

Can anyone give me a good example of what is in their squid.conf file? 

Again, I want to allow unfettered access to all sites except those found 
in the squid guard database.

By the way, I ran squidguard -d and the syntax checks out so I should be 
mostly ready to go! 

Thanks again to everyone for their help!  :)

Rick Matthews wrote:

Matthew Trey wrote:
 

Pardon me, you are correct.  I never noticed that in the absence of a
redirect in one ACL, squidguard uses the redirect in the default URL.
   

And in the absence of ANY redirects, squidGuard passes everything.

 

squidGuard cannot "block".  squidGuard can only "redirect".
squidGuard cannot "block".  squidGuard can only "redirect".
squidGuard cannot "block".  squidGuard can only "redirect".
     

no reason to be a jerk, once was enough =)
   

Sorry, sticking keyboard. :)

 

In light of this corrrection a redirect rule is needed or your ACL 
in fact will not work. thanks for pointing that out Rick =)
   

Just trying to help. :)

That's also why I included a sample squidGuard.conf file a few
posts back.  There are several things in there that will help you 
with your squidGuard configuration, testing and debugging.  Even
if you ignore everything else in there, I highly recommend that
you add a log statement to each of your destination groups, i.e.:

dest porn {
   domainlist      blacklists/porn/domains
   urllist         blacklists/porn/urls
   redirect        http://yourserver.com/whatever...
   log             blocked.log
}
Rick

 

-----Original Message-----
From: Rick Matthews [mailto:[EMAIL PROTECTED]
Sent: Monday, March 01, 2004 10:23 PM
To: Matthew Trey; [EMAIL PROTECTED]
Subject: RE: Not blocking
Matthew Trey wrote:
   

that is true, once squidguard is up and running with this config it
will simply pass nothing, with no notice that anything was blocked.
     

That statement is incorrect.  Without a redirect statement,
squidGuard will PASS EVERYTHING, NOTHING WILL BE BLOCKED.
squidGuard cannot "block".  squidGuard can only "redirect".
squidGuard cannot "block".  squidGuard can only "redirect".
squidGuard cannot "block".  squidGuard can only "redirect".
The interface between squid and squidGuard is very limited.  Squid
passes the information to squidGuard and waits for an answer from
squidGuard.  squidGuard's response to squid is one of two things:
a blank line (approved), or a new url.  Those are the only two
choices.  Without a redirect statement squidGuard ALWAYS returns
a blank line.
   

Provided we figure out the lack of rule matching,
     

Everything will be approved in the absence of redirect statements.

Rick

P.S. squidGuard cannot "block".  squidGuard can only "redirect".



   

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Matthew Trey
Sent: Monday, March 01, 2004 6:05 PM
To: [EMAIL PROTECTED]
Subject: RE: Not blocking


Rick Matthews wrote:

     

squidGuard won't redirect without a redirect statement.
       

Yup.

that is true, once squidguard is up and running with this config it will
simply
pass nothing, with no notice that anything was blocked.  Provided we
     

figure
   

out the
lack of rule matching, I do suggest adding a redirect rule, directly below
the pass
rule pointing to either a simple html file or cgi script, or really
     

anything
   

you want.

this will let the user know the content was blocked rather than getting no
info at all.