This package implements a 'Redirector' process to use with squid v1.1.x
(http://squid.nlanr.net/) to allow Intranet (restricted) or Internet
(full) access with URL deny and redirection for sites that are not deemed
acceptable for a userbase all via a single proxy port.
The package is implemented as 2 Perl5 (http://www.perl.com/perl/) scripts.
The redirector.pl script is installed in the squid bin directory
(ie. /usr/local/squid/bin) and is started by the squid process. The following
2 entries need to be enabled in your squid.conf file:
redirect_program /usr/local/squid/bin/redirector.pl
redirect_children 10
The number of children to start depends on your machine/usage profile.
We run 32 children on a SGI Challenge L/4x250Mhz R4400/512MB/20GB that
receives 600-900K requests/day with a loadavg of 0.9-2.5 so YMMV.
Client IP access is controlled via the ACL config file (default:
/usr/local/squid/etc/acl-client.conf) that has the following format:
<IP/FQDN/Network/DN><whitespace><Permissions 1=Intranet 2=Internet>
121.2.29.4 1
110.3. 1
.wotsit.duh.com 1
110.3.4.2 2
192.129.41. 2
myhost.your.com 2
The priority ordering for matching an ACL is (with fallthru to next):
IP %AclIP constant lookup time
FQDN %AclFQDN constant lookup time
Network @AclNet variable lookup time
SubDN @AclSubDN variable lookup time
URL denial/redirection is controlled via the ACL URL file (default:
/usr/local/squid/etc/acl-url.conf) that has the following format:
<URL>[<whitespace><Redirected URL>]
http://www.playboy.com/
.*tp://.*.sex.com/
ftp://ftp.netscape.com/ ftp://ftp.mylocal.com/
ftp://sunsite.unc.edu/ ftp://ftp.leo.org/
A running squid process needs to be sent a 'kill -[HUP|TERM] squid-pid'
signal to cause a reread of both config files after any changes.
Set the following variables at the top of redirector.pl to suit your site:
$IntranetURL = "siemens|sni|scn|sbs|sietec|snat|rolm|bosch";
$DenyURL = "http://www.support.your.com/cgi-bin/redirector-deny.pl";
$AclDir = "/usr/local/squid/etc";
$AclClientFile = "$AclDir/acl-client.conf";
$AclUrlFile = "$AclDir/acl-url.conf";
$LogFile = "/var/adm/squid/redirector.log";
$Logging = 1;
$Proxy = "proxy.fth.sbs.de";
$Port = 81;
Note: make sure the $IntranetURL variable is correctly set for your site!
The redirector-deny.pl script should be installed on a WWW server that
allows cgi-bin scripts and has the Perl5 CGI.pm module already installed
(http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html).
Its purpose is too display informative error messages to the user that
accessed a squid proxy running with the redirector.pl script. We run 3
squid's in various locations with a central www server that logs all
denial/redirect messages.
Set the following variables at the top of redirector-deny.pl for your site:
$DefaultURL = "http://www.your.com/";
$SupportURL = "http://www.your.com/";
$SupportImg = "http://www.support.your.com/logo.gif";
$SupportEmail = "support\@your.com";
$SupportMisc = " or FAX +1 911 977 3500";
$LogFile = "/var/adm/redirector.log";
Available from ftp://ftp.sbs.de/pub/www/cache/redirector/redirector.tar.gz
Please report all bugs/ideas to me.
-- Iain Lea iain@sbs.de <http://www.sbs.de/~iain> +49 911 978 3120 "We all enter this world in the same way: naked; screaming; soaked in blood. But if you live your life right, that kind of thing doesn't have to stop there." -- Dana GouldReceived on Sun Feb 23 1997 - 02:18:13 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:34:31 MST
