First, you don't need a "allow" list since "all" is allowed except "deny" and "porn". All you need is to add or remove domains to/from your "deny" list. Just use a statement such as "pass !deny !porn all"
Then use a domains.diff file with your "deny" list which will allow you dynamic modifications of your list. When you want to block a site, add a line such as... +domain.i.want.to.block ... in your domains.diff. Then execute squidGuard -u et squid -k reconfigure. When you want to unblock a site, modify the line with (or add a line, in case the site is blocked by the "domains" list) : -domain.i.dont.want.to.block.anymore in your domains.diff. Then execute squidGuard -u et squid -k reconfigure. This is the way I do, and dynamically adding domains with squidGuard -u is quicker than recreating the whole database. HTH, R�mi. > -----Message d'origine----- > De : Tim Duncan [mailto:[EMAIL PROTECTED] > Envoy� : mercredi 11 ao�t 2004 18:51 > � : [EMAIL PROTECTED] > Objet : domain blocking/unblocking stops working > > > > > I work for a Library where we are required to accommodate > patrons request's to block or unblock specific urls and > domains immediately. > > When blocking a domain, and executing "squidguard -C > /var/lib/squidguard/db/blacklists/deny all" and "squid -k > reconfigure" the site is successfully blocked. The problem > is, later a Librarian may over rule the "block" and re-allow > the domain to be accessible once again. Removing the domain > name from the "deny" list and executing "squidguard -C > /var/lib/squidguard/db/blacklists/deny all" and "squid -k > reconfigure" the domain is not successfully unblocked. Adding > the domain to an "allow" list and executing "squidguard -C > /var/lib/squidguard/db/blacklists/allow all" and "squid -k > reconfigure" the site is successfully unblocked. The > squidGuard.log looks good with "squidGuard ready for > requests" after every squidGuard -C, and ownership of the > blacklists directories and files remain with "proxy" But > going back and forth on blocking/unblocking the same domain. > Does not work, the site either remains blocked or remains unblocked. > > Here is my squid.conf and squidguard.conf files. Any help is > greatly appreciated. > > ----Squid.conf---- > redirect_program /usr/bin/squidGuard -c > /etc/squid/squidGuard.conf redirect_children 14 > cache_effective_user proxy cache_effective_group proxy > cache_mem 8 MB cache_dir ufs /var/spool/squid/ 100 16 256 > visible_hostname bengal http_port 8000 acl all src > 0.0.0.0/0.0.0.0 acl localnet src 10.1.0.0/255.255.255.0 > http_access allow localnet http_access deny All > > EOF > -----SquidGuard.conf----- > > dbhome /var/db/squidGuard > logdir /usr/local/squid/logs > > destination allow { > domainlist allow/domains > urllist allow/urls > } > > destination deny { > domainlist deny/domains > urllist deny/urls > } > > destination porn { > domainlist porn/domains > urllist porn/urls > } > > acl { > default { > pass allow !deny !porn any > redirect > http://localhost/cgi/blocked?clientaddr=%a&clientname=%n&clien tuser=%i&c lientgroup=%s&url=%u } } EOF
