OK, now I understand what you meant. Maybe I can give you a few pointers
on getting to the bottom of this.
Step 1: Know where you were going. If you use the standard redirect
statement in your squidGuard.conf file the blocked url will be in the
address field on your browser when you are looking at your block page.
Step 2: Know "who" stopped you. If your block page does not give you
that information, there is a low-tech way to know. If you put your
redirect statements in your dest blocks you can use a different page for
each block type. For example:
-----------------------------------------
dest porn {
domainlist blacklists/porn/domains
urllist blacklists/porn/urls
redirect http://192.168.0.1/403prn.html
logfile /usr/local/squidGuard/log/porn.log
}
dest pornexp {
expressionlist blacklists/porn/expressions
redirect http://192.168.0.1/403prnexp.html
logfile /usr/local/squidGuard/log/pornexp.log
}
dest aggressive {
domainlist blacklists/aggressive/domains
urllist blacklists/aggressive/urls
redirect http://192.168.0.1/403agrsv.html
logfile /usr/local/squidGuard/log/aggressive.log
}
etc
-----------------------------------------
In this case, all three of these block screens (403prn.html,
403prnexp.html, 403agrsv.html) are exactly the same, except for the file
name and the <title> html tag (for example <title>403 Forbidden
(prn)</title>). When a user hits the porn block, the address field
contains the url that triggered the block, and the Internet Explorer
title bar contains "403 Forbidden (prn) - Microsoft Internet Explorer"
Step 3: Find out why you were stopped. Go to the appropriate directory
(in this case, porn) and type:
grep cnet.com domains | less
Check that list for matches. Then type:
grep cnet.com urls | less
And check that list for matches.
I would always start with the root domain and check all of the matches.
Step 4: Correct the problem (if there is one). If you are running on the
text files, simply delete the appropriate entries and issue:
squid -k reconfigure
If you have created databases, create the approriate diff files and go
from there.
Let me know if you need more.
Rick
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Sunday, November 11, 2001 4:20 PM
To: Rick Matthews
Subject: Re: news.com being blocked / best blacklist to use?
Rick Matthews wrote:
>
> > I am finding that news.com is sometimes being blocked.
> > The home page loads, but some of the urls are blocked.
>
> Are you saying that http://www.news.com loads, but (1) some of the
> graphics on the page do not load? Or is it that (2) the page has links
> that lead to blocked pages?
Hi Rick,
The situation is (2). The links are of the form
http://news.cnet.com/news/0-1005-200-7832292.html?tag=mn_hd
> > I am not on the network that SG is running on, so
> > I can't give you an exact URL.
>
> I don't understand this statement. If the issue is (2) above, point at
> the blocked link on the http://www.news.com page (without clicking on
> it) and read the url from the status line at the very bottom of the
> internet explorer window.
Mea culpa; I meant that "I am not on the network that SG is on at this
time", since I am at home and not at work.
> > Could it be that the numbered urls are being
> > interpreted as IP addresses and therefore blocked?
>
> Would you please explain this question a bit further?
You can specify a numeric IP address in octal and it will resolve (if
the ip address was 255.255.255.0 the address would be ffffff00, for
example - of course there is no such machine on the net) . Perhaps SG
is looking at the numbers and checking against an octal representation
of a blocked IP address?
> I'm sure we can get this straightened out with just a bit more
> information.
I will post more info Monday when I am in front of the machine that
connects to SG and can gather exact information.
Cordially
Patrick Giagnocavo
[EMAIL PROTECTED]
