Rick you are my hero!
is there any way to find out what variables in the expressionslist is
the culprit?
thanks for the tips. The dual log is awesome.
--jeff
On Thursday, February 13, 2003, at 05:11 PM, Rick Matthews wrote:
> Jeff Donovan wrote:
>>
>> i have a transparent proxy running squid 2.5 and squidguard.
>> everything is working fine.
>> however when I was surfing around i came to :
>> http://www.netbsd.org
>>
>> now that domain loads fine. but when i click on " Documentation/FAQ "
>>
>> I get redirected to my Denied file.
>> I greped my blacklists for the domain, url, and ip and nothing came
>> back. Then I manually searched ( what a bugger)
>
> It's not blocked here.
>
> As Darren has already mentioned, there are a few things that you can
> do when you are setting up squidGuard that will greatly simplify your
> research efforts:
>
> - Use squidGuard.cgi (from the /samples folder) for redirects. That
> will give you a redirect page that resembles this:
> <http://home1.gte.net/res0pj61/squidguard/redirect-sample.gif>
>
> - If you can't (or would prefer not to) run cgi, you can still
> redirect to a different page from each group. For example, you might
> redirect the porn group to <http://home1.gte.net/res0pj61/403prn.html>
> and the drugs group to <http://home1.gte.net/res0pj61/403drgs.html>.
>
> - For clarity and ease of use, add a redirect statement to every
> destination block. They could all point to the same location, or
> they might all be different. For starters, I'd recommend pointing
> everything but the ads group to the squidGuard.cgi page. The ads
> group should be redirected to a transparent 1x1.gif (or png).
>
> - For clarity and ease of use, add a log statement to every
> destination block. For starters, I'd recommend logging everything
> but the ads group to "blocked.log". The ads group should be
> logged to "ads.log". This will log the important information
> about every block, to greatly simply research.
>
> - If you use the logic presented in the first 2 tips above, you do
> not need a redirect statement in any acl sections where the
> pass statement ends with "all". You do need a redirect statement
> in the acl sections where the pass statement ends with "none".
>
> - If you are using an "allowed" destination group, remember that any
> domains entered there have a free pass, even if the domain or
> subdomains are listed in blocked destination groups. The allowed
> group should be listed first in your acl, "pass allowed !porn ...".
> It is not necessary to have a redirect and log statement in your
> allowed group.
>
> - Be extremely careful with expressionlists! As an example,
> remember that your porn expressionlist will define a combination
> that, if it appears in a url, will cause it to be classified as a
> porn url. Therefore, that combination should never appear in a
> non-porn url. (Repeat the previous two sentences for each group
> that contains an expressionlist, replacing "porn" with the name
> of the destination group.) I only use 2 expressionlists, both in
> areas where the terminology is fairly unique - porn and ads.
>
> - My expressionlists are not in the same destination groups with
> domains and urls. I have a porn group and a pornexp group, the latter
> containing only the porn expressionlist. I also have ads and adsexp
> groups. This is extremely helpful in debugging and correcting
> false blocks. Knowing the destination group that caused the block
> immediately tells you whether you have a database or expressionlist
> problem.
>
> - Separating the database files from the expressionlists also allows
> you to gauge the effectiveness of your expressionlist. Put the
> database before the expressionlist in your pass statement
> (pass !porn !pornexp...). You can then examine your blocked.log
> file knowing that if a url was blocked by pornexp, it was not in
> the porn databases and would have been approved except for the
> expressionlist.
>
> - More information on isolating expressionlist blocks for easier
> problem identification:
>
> Here's a small change that you can make to your squidGuard.conf file
> so that you will immediately know if you've been blocked by the porn
> database or by the porn expressionlist.
>
> Instead of setting up your porn destination group like this:
>
> -------- not this way --------------
> dest porn {
> domainlist porn/domains
> urllist porn/urls
> expressionlist porn/expressions
> redirect http://yourserver.com/whatever...
> logfile blocked.log
> }
> --------- end --------------------
>
> Break out the expressionlist and set it up like this:
>
> ------ Recommended ------------------
> dest porn {
> domainlist porn/domains
> urllist porn/urls
> redirect http://yourserver.com/whatever...
> logfile blocked.log
> }
>
> dest pornexp {
> expressionlist expressions
> redirect http://yourserver.com/whatever...
> logfile blocked.log
> }
> --------- end ---------------------
>
> Then replace [!porn] with [!porn !pornexp] in your acl and you'll
> have exactly the same coverage as before, but now your redirect
> page and blocked log will show:
>
> Target group = porn
> or
> Target group = pornexp
>
> I hope these help!
>
> Rick
>
>
>
>
>>
>
Received on Fri Feb 14 2003 - 06:12:18 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:23 MST
