Re: What am I doing wrong

Mon, 05 Jul 2004 14:19:02 -0700 

Greg Trigg escribi�/wrote/a �crit:

> Well, on the first part, both paths are correct.  My log files are 
> empty, though.  I want to use the files at dbhome to block IP's.  All I 

�?... are you sure squidGuard is running? When I do 'ps ax' in my
Debian GNU/Linux I see many processes like this one:

---

 3174 ?        S      0:03 (squidGuard) -c /etc/squid/squidGuard.conf

---

I suppose you have this kind of jobs running... If not, you
forgot enabling the 'redirect_program' option in squid.conf file.

> want to use this for is to block IP's.  Once I figure that out, I'll 
> move onto blocking certain IP's for users and many more for a user 
> called Torrent.  Most of the information in this conf file are from the 
> example that came with the standard Mandrake 10.0 install discs. 
> 
> I just looked at all of my lists for my src's and they are all empty.  
> So, if I need to use any of these, I guess I better do it the way you 
> do.  It looks like my conf file isn't written in a way to do what I'm 
> trying to do.
> 
> I commented out the acl's except for lansource and entered the ip of my 
> ethernet card.  The command to use the conf file didn't lock up the 
> terminal this time.  It still isn't blocking anything, though.

[snip]

Well... maybe you should backup your squidGuard.conf and start
with a little and clean config. 

I suppose you're trying to filter a LAN. At this point just
forget about time and user restrictions. Simply start a file 
adapting the following config:

--- squidGuard.conf start ---
logdir /var/log/squid
dbhome /var/lib/squidguard/db

src filtered {
    ip  192.168.213.20/32       # put your IP here
}

src lan {
    ip  192.168.213.0/24
}

dest pornsites {
     domainlist porn/domains
     urllist    porn/urls
}

dest hacksites {
     domainlist hacking/domains
     domainlist hacking/urls
}

acl {
     lan {
        pass all
     }
     filtered {
        pass !pornsites !hacksites all
        redirect http://www.disney.com/
     }
     default {
        pass none
        redirect http://www.disney.com/
     }
}

--- squidGuard.conf end ---

Test it with a couple of domains picked from the 'domains' files.

BTW, remember domains and url database files must me readable by
the user who's running the squidGuard process (often proxy).

I suppose you must see something at squidGuard.log. I used to see
"can't read db files" because domains and url files where owned
by root and only readable by him. When this happens squidGuard
doesn't work.

HTH, good luck!

-
Roberto

Reply via email to