> Is there a way to display the "who" information > without having to create separate pages for > each category?
Yes. You can redirect to a "more or less intelligent CGI page" like the one included with squidGuard (samples/squidGuard.cgi). squidGuard will do runtime string substitutions in the redirectors: %a is replaced with IP address of the client. %n is replaced with the domainname of the client or "unknown" if not available. %i is replaced with the user ID (RFC931) or "unknown" if not available. %s is replaced with the matched source group (client group) or "unknown" if no groups were matched. %t is replaced with the matched destination group (target group) or "unknown" if no groups were matched. %u is replaced with the requested URL. %p is replaced with the REQUEST_URI, i.e. the path and the optional query string of %u, but note for convenience without the leading "/". %% is replaced with a single "%". This would allow you to use a single redirect page and still show all of the information that you need. See the configuration page <http://www.squidguard.org/config/> for more details. Rick -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Daniel P. Hart Sent: Monday, November 12, 2001 4:01 AM To: [EMAIL PROTECTED] Subject: RE: news.com being blocked / best blacklist to use? - Slightly of Subject Hi, Is there a way to display the "who" information without having to create separate pages for each category? Cheers, Dan Hart > -----Original Message----- > From: Rick Matthews [mailto:[EMAIL PROTECTED]] > Sent: 12 November 2001 01:20 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: RE: news.com being blocked / best blacklist to use? > > > OK, now I understand what you meant. Maybe I can give you a > few pointers on getting to the bottom of this. > > Step 1: Know where you were going. If you use the standard > redirect statement in your squidGuard.conf file the blocked > url will be in the address field on your browser when you are > looking at your block page. > > Step 2: Know "who" stopped you. If your block page does not > give you that information, there is a low-tech way to know. > If you put your redirect statements in your dest blocks you > can use a different page for each block type. For example: > ----------------------------------------- > dest porn { > domainlist blacklists/porn/domains > urllist blacklists/porn/urls > redirect http://192.168.0.1/403prn.html > logfile /usr/local/squidGuard/log/porn.log > } > > dest pornexp { > expressionlist blacklists/porn/expressions > redirect http://192.168.0.1/403prnexp.html > logfile /usr/local/squidGuard/log/pornexp.log > } > > dest aggressive { > domainlist blacklists/aggressive/domains > urllist blacklists/aggressive/urls > redirect http://192.168.0.1/403agrsv.html > logfile /usr/local/squidGuard/log/aggressive.log > } > etc > ----------------------------------------- > > In this case, all three of these block screens (403prn.html, > 403prnexp.html, 403agrsv.html) are exactly the same, except > for the file name and the <title> html tag (for example > <title>403 Forbidden (prn)</title>). When a user hits the > porn block, the address field contains the url that triggered > the block, and the Internet Explorer title bar contains "403 > Forbidden (prn) - Microsoft Internet Explorer" > > Step 3: Find out why you were stopped. Go to the appropriate > directory (in this case, porn) and type: > > grep cnet.com domains | less > > Check that list for matches. Then type: > > grep cnet.com urls | less > > And check that list for matches. > > I would always start with the root domain and check all of > the matches. > > Step 4: Correct the problem (if there is one). If you are > running on the text files, simply delete the appropriate > entries and issue: > > squid -k reconfigure > > If you have created databases, create the approriate diff > files and go from there. > > Let me know if you need more. > > Rick > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Sunday, November 11, 2001 4:20 PM > To: Rick Matthews > Subject: Re: news.com being blocked / best blacklist to use? > > > Rick Matthews wrote: > > > > > I am finding that news.com is sometimes being blocked. > > > The home page loads, but some of the urls are blocked. > > > > Are you saying that http://www.news.com loads, but (1) some of the > > graphics on the page do not load? Or is it that (2) the > page has links > > that lead to blocked pages? > > Hi Rick, > > The situation is (2). The links are of the form > http://news.cnet.com/news/0-1005-200-7832292.html?tag=mn_hd > > I am not on the network that SG is running on, so > > I can't give you an exact URL. > > I don't understand this statement. If the issue is (2) above, point at > the blocked link on the http://www.news.com page (without clicking on > it) and read the url from the status line at the very bottom of the > internet explorer window. Mea culpa; I meant that "I am not on the network that SG is on at this time", since I am at home and not at work. > > Could it be that the numbered urls are being > > interpreted as IP addresses and therefore blocked? > > Would you please explain this question a bit further? You can specify a numeric IP address in octal and it will resolve (if the ip address was 255.255.255.0 the address would be ffffff00, for example - of course there is no such machine on the net) . Perhaps SG is looking at the numbers and checking against an octal representation of a blocked IP address? > I'm sure we can get this straightened out with just a bit more > information. I will post more info Monday when I am in front of the machine that connects to SG and can gather exact information. Cordially Patrick Giagnocavo [EMAIL PROTECTED]
