[squid-users] squidguard hierarchy (fwd)

From: Dan Kubilos <dan@dont-contact.us>
Date: Wed, 24 Oct 2001 12:20:50 -0700 (PDT)

I am having a hard time configuring the following:

I work for a school district. I want a squid/squidguard server at each
school site and two parent caches at the district office. All school
traffic to the internet passes through district office.

Since I need to filter all traffic school proxies should either block
access and redirect to the squidGuard.cgi on the local server or pass the
request to the parents. These parents never pass direct connects but pass
traffic to another filtering proxy "iprism" which is built on squid.

The problem I'm having is that the school site squid box will NOT stop
forwarding requests that should be handled locally.

relevant configs are
squid.conf
cache_peer squid1.oxnardsd.org parent 3128 3130 no-query round-robin
cache_peer squid2.oxnardsd.org parent 3128 3130 no-query round-robin

redirect_program /usr/bin/squidGuard -c /etc/squid/squidGuard.conf
acl localhost src 127.0.0.1/255.255.255.255
always_direct deny all
always_direct allow localhost
never_direct deny localhost
never_direct allow all

squidGuard.conf
*** version one ***
default {
       pass !porn all
                redirect
http://204.147.17.6/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass
=%t&url=%u }

*** version two ***
default {
       pass !porn all
                redirect
http://127.0.0.1/cgi-bin/squidGuard.cgi?clientaddr=%a&srcclass=%s&targetclass
=%t&url=%u }

If I use version one of the squidGuard.conf the "Access Denied" cgi
returns correctly *but* the request is coming from the parent proxy
furthes up the hierarchy. The apache access shows.

204.147.17.33 - - [23/Oct/2001:22:44:28 -0700] "GET
/cgi-bin/squidGuard.cgi?clientaddr=216.202.168.213&srcclass=default&targetclass=porn&url=http://www.playboy.com/
HTTP/1.0" 200 823 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"

If I use verion two of the conf the browser returns a 404 file not found
error. The parent proxy does not have the cgi script.

I also tried adding
hierarchy_stoplist squidGuard.cgi

to no avail.

I'm running
squid 2.3.SATBLE4 and
SquidGuard: 1.1.4 Sleepycat Software: Berkeley DB 2.7.7:

Thanks 

-- 
Dan Kubilos     __\o_ ^
K-8 Tech Coord
http://www.oxnardsd.org
Received on Wed Oct 24 2001 - 13:24:52 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:03:06 MST