Sridhar M.N. wrote:
> I was working on Time space declarations but it does'nt seem to
> work. The destination groups I have defined to block a particular
> category of sites are working perfectly. Its blocking all ads,
> hacking, porn perfectly but the time constraints I've defined
> does'nt seem to work. I see no errors in squidGuard.log either.
> Well here is the part of the code.
Please see my in-line comments below.
> dbhome /local/squidGuard/db
> logdir /local/squidGuard/logs
> time protime {
> weekly mtwhfa 09:00 - 16:00
The examples given in the documentation do not have embedded spaces
in the time frame, "09:00-16:00" instead of "09:00 - 16:00".
> }
> dest ads {
> domainlist blacklists/ads/domains
> urllist blacklists/ads/urls
The squidGuard configuration page <http://www.squidguard.org/config/>
provides this recommended structure for squidGuard.conf:
Path declarations
Time space declarations
Source group declarations
Destination group declarations
Rewrite rule group declarations
Access control rule declarations
I don't know if your defining the destination groups before the
source groups is causing a problem, but I've never come up with a
compelling reason to ignore the author's recommendation.
> --clip--
>
> src pro {
> ip 10.5.5.101
> 10.5.5.74
According to the documentation, (A) and (B) below are valid, but (C)
is not valid:
(A) 'ip 10.5.5.101 10.5.5.74'
(B) 'ip 10.5.5.101'
'ip 10.5.5.74'
(C) 'ip 10.5.5.101'
'10.5.5.74'
> within protime
> }
>
> src admin {
> --clip--
>
>
> acl {
> admin {
> pass all
> }
> pro {
> pass all
> }
>
> --clip---
>
> Is anything wrong in the configuration? Please lemme know. and
> thx in advance :-)
It's hard to debug a configuration when you're only given parts of
it, but from what you've shown me it appears that source pro outside
of protime would always be processed by your default acl (which is
not shown).
I have not used a time constraint with a source definition, but I've
been using it very successfully within the acl block. (It wouldn't
take much to rewrite yours in that format.) Here's a sample of
how I'm using it:
logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db/block
time acceptable-hours {
weekly * 05:00-24:00
}
src admin {
user rick
ip 192.168.44.3
}
src parents {
user rick cindy
ip 192.168.44.4
}
src gameroom {
ip 192.168.44.4
}
src office {
ip 192.168.44.1
ip 192.168.44.3
ip 192.168.44.5
ip 192.168.44.10
}
# --- Destintation group definitions ---
<snip>
# acl
acl {
office {
pass allow !porn ..<snip>... !warez all
}
parents {
pass allow !porn ..<snip>... !warez all
}
admin {
pass allow !porn ..<snip>... !warez all
}
gameroom within acceptable-hours {
pass allow !porn ..<snip>... !warez all
} else {
pass allow none
redirect http://192.168.44.10/403time.html
}
default {
pass allow none
redirect http://192.168.44.10/403noaccess.html
}
}
Hope that helps!
Rick Matthews
