Johan de Vries writes:
>
> I am trying to make a setup with squidGuard, but I have some troubles
<snip>
> The squid.conf is changed:
> On line 880 redirect_program /usr/local/bin/squidGuard
> On line 1460 http_access allow all
<snip>
Are you adding squidGuard to an established squid installation? Or
are you installing and debugging both squid and squidGuard at the
same time?
> The squidGuard.conf is put to 777 and contains:
> acl {
> default {
> pass none
> }
> }
> Still all pages are accessable
There's nothing that squidGuard can do with that config file.
squidGuard cannot "block", it can only "redirect". And the only
way that squidGuard can redirect is if you tell it how.
The documentation lists some testing procedures starting with about
number 10 on this page: <http://www.squidguard.org/install/>. There
are example configuration files listed here:
<http://www.squidguard.org/config/#Minimal>
Or, if you prefer, you can use this:
# ## Simple squidGuard.conf test file ##
# Path declarations
# It's a good idea to include the path statements even if you
# are using the default locations. Be sure to set the ownership
# and permissions of the paths and the files
logdir /usr/local/squidGuard/log
dbhome /usr/local/squidGuard/db
# Source group declarations
# Create a test source group that contains your ip
src testsource {
ip 192.168.0.25
}
# Destination group declarations
# Create a test destination group and domains file. Remember that the
# location is the combination of your dbhome and the domainlist
# specification. As listed here, this domains file would be located
# /usr/local/squidGuard/db/blacklists/testdest/domains
# The content of the domains file should be 'yahoo.com', w/o quotes.
# Don't forget path/file ownership and permissions.
# You can leave the redirect statetment below as is for your testing.
# Create 'blocked.log' in the same directory and with the same
# ownership and permisssions as your squidGuard.log file.
dest testdest {
domainlist blacklists/testdest/domains
redirect http://tinyurl.com/2zdr5
log blocked.log
}
# acl declarations
# This will allow you (192.168.0.25) to browse anywhere but testdest.
# If you try to go to yahoo.com you will be redirected.
# You can leave the redirect statetment below as is for your testing.
# If you try browsing from an undefined source (not 192.168.0.25),
# you will be processed by the default acl and redirected.
acl {
testsource {
pass !testdest all
}
default {
pass none
redirect http://tinyurl.com/2m5v5
log blocked.log
}
}
# ## End of Simple squidGuard.conf test file ##
Hope that helps!
Rick
>
> The current setup is:
> Redhat 7.3
> Squid 2.4.STABLE6
> squidGuard 1.2.0
> ./configure --with-sg-config=/usr/local/squidGuard/squidGuard.conf \
> --with-sg-logdir=/var/log/squidGuard
>
> The squidGuard.conf is put to 777 and contains:
> acl {
> default {
> pass none
> }
> }
>
> The squid.conf is changed:
> On line 880 redirect_program /usr/local/bin/squidGuard
> On line 1460 http_access allow all
>
> After a restart of squid the squidGuard logfile shows a: started
> and a: ready for requests
>
> Still all pages are accessable
> Squid is only responding to the http_acces parameter, and not to the squidGuard.conf
>
> When squidGuard.conf is messed up, then the log shows a: going into emergency mode
>
>
> Any suggestions ????
>
