Re: AW: [squid-users] SquidGuard not relaying??

And make sure to run these tests as your cache_effective_user, not root.

A very common error in SquidGuard setups is permission issues, preventing
SquidGuard from running correctly when called by Squid.

Regards
Henrik

On Tue, 14 Oct 2003 Werner.Rost@zfboge.com wrote:

> Did you check the squidguard installation without squid?
>
> ----------------------------------------------------------------------------
> -----
> First basic test: Does squidguard block a site from the blacklist?
> ----------------------------------------------------------------------------
> -----
> My own test shell for this case:
>
> #!/bin/sh
> #
> SG_HOME=/usr/local/squidGuard
> SG=/usr/local/bin/squidGuard
> SG_CONF=$SG_HOME/etc/squidguard.conf
>
> LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.0/lib
> export LD_LIBRARY_PATH
> echo "http://www.sex.com 10.23.4.134/- - GET" | \
> $SG -c $SG_CONF -d
>
> Output:
>
> 2003-10-14 08:49:49 [106687] Request(default/porn/-) http://www.sex.com
> 10.23.4134/- - GET
>
> http://boge-proxy/cgi-bin/squidGuard.cgi?clientaddr=10.23.4.134&clientname=&
> clintuser=&clientgroup=default&targetgroup=porn&url=http://www.sex.com
> 10.23.4.134- - GET
> <################# NO BLANK LINE: blocked!
> ###################
> 2003-10-14 08:49:49 [106687] squidGuard stopped (1066114189.332)
>
>
> ----------------------------------------------------------------------------
> --------
> Second basic test: Does squidguard show sites that are not part of the
> blacklist?
> ----------------------------------------------------------------------------
> --------
> My own test shell for this case:
>
> #!/bin/sh
> #
> SG_HOME=/usr/local/squidGuard
> SG=/usr/local/bin/squidGuard
> SG_CONF=$SG_HOME/etc/squidguard.conf
> LD_LIBRARY_PATH=/usr/local/BerkeleyDB.4.0/lib
> export LD_LIBRARY_PATH
> echo "http://www.google.de 10.23.4.134/- - GET" | \
> $SG -c $SG_CONF -d
>
> Output:
>
> 2003-10-14 08:52:43 [106728] squidGuard 1.2.0 started (1066114363.578)
> 2003-10-14 08:52:43 [106728] squidGuard ready for requests
> (1066114363.659)
> < ####### blank line: site is not blocked #########
> 2003-10-14 08:52:43 [106728] squidGuard stopped (1066114363.661)
>
>
> Mit freundlichem Gruß / regards
>
> Werner Rost
> GM-FIR - Netzwerk
>
> ZF Boge Elastmetall GmbH
> Friesdorfer Str. 175
> 53175 Bonn
>
> Tel. +49 228 38 25 - 420
> Fax +49 228 38 25 - 398
> mailto:werner.rost@zfboge.com
> www.zf.com/boge-elastmetall
>
>
>
>
> > -----Ursprüngliche Nachricht-----
> > Von: Dan Egli [mailto:dan@eglifamily.dnsalias.net]
> > Gesendet: Montag, 13. Oktober 2003 19:22
> > An: squid-users@squid-cache.org
> > Betreff: [squid-users] SquidGuard not relaying??
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Ok. Hopefully someone here can help me out. I tried sending
> > this to the squidguard list, but I think it's defunct or
> > somthing because I got no replies and didn't even get a copy
> > of my own messages.
> >
> > I'm trying to use squidGuard with squid to provide a filter
> > for our internet connection here at home. I installed the
> > blacklists, configured squidGuard to read the blacklist (at
> > least I THOUGHGT I did), configured squid to call squidGuard, etc...
> >
> > Problem 1: On a graphical browser (internet explorer,
> > netscape, mozilla, etc..) when traffic is directed to the
> > proxy, it just sits there, forever. Does not matter if the
> > site is blacklisted or not
> >
> > Problem 2: on a text only browser (tested using elinks), the
> > proxy allows access to ANY site, blacklisted or not. I called
> > elinks as: HTTP_PROXY='localhost:3128' elinks www.blacklsitedsite.com
> >
> > the result was that squid grabbed the home page from
> > blacklisted site and forwarded it to the browser. I know it
> > went through squid because in squid's access log I see a HTTP
> > MISS for the site.
> >
> > I'm including my squidGuard and squid config files. Can
> > anyone shed any light on whats up?
> >
> > thanks!!
> >
> > - --- Dan
> >
> > squidGuard.conf:
> >
> > #
> > # CONFIG FILE FOR SQUIDGUARD
> > #
> > # See http://www.squidguard.org/config/ for more examples
> > #
> >
> > dbhome /var/squidGuard/blacklists
> > logdir /var/log/squidGuard
> >
> > dest ads {
> > ~ log ads
> > ~ domainlist ads/domains
> > ~ urllist ads/urls
> > }
> >
> > dest audio-video {
> > ~ log audio-video
> > ~ domainlist audio-video/domains
> > ~ urllist audio-video/urls
> > }
> >
> > dest aggressive {
> > ~ log aggressive
> > ~ domainlist aggressive/domains
> > ~ urllist aggressive/urls
> > }
> >
> > dest drugs {
> > ~ log drugs
> > ~ domainlist drugs/domains
> > ~ urllist drugs/urls
> > }
> >
> > dest gambling{
> > ~ log gambling
> > ~ domainlist gambling/domains
> > ~ urllist gambling/urls
> > }
> >
> > dest hacking {
> > ~ log hacking
> > ~ domainlist hacking/domains
> > ~ urllist hacking/urls
> > }
> >
> > #dest mail {
> > # log mail
> > # domainlist mail/domains
> > # urllist mail/urls
> > #}
> >
> > dest porn{
> > ~ log porn
> > ~ domainlist porn/domains
> > ~ urllist porn/urls
> > }
> >
> > #dest proxy{
> > # log proxy
> > # domainlist proxy/domains
> > # urllist proxy/urls
> > #}
> >
> > dest violence{
> > ~ log violence
> > ~ domainlist violence/domains
> > ~ urllist violence/urls
> > }
> >
> > dest warez{
> > ~ log warez
> > ~ domainlist warez/domains
> > ~ urllist warez/urls
> > }
> >
> > #dest local-ok{
> > # domainlist local-ok/domains
> > # urllist local-ok/urls
> > #}
> >
> > #dest local-block{
> > # log local-block
> > # domainlist local-block/domains
> > # urllist local-block/urls
> > #}
> >
> >
> > acl {
> > ~ default {
> > ~ pass !aggressive !drugs !gambling !hacking !porn !violence
> > !warez all
> >
> > ~ redirect
> > 302:http://eglifamily.dnsalias.net/cgi-bin/squidGuard.cgi?clie
> > ntaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targetgroup
> > =%t&url=%u
> > ~ # redirect
> > 302:http://eglifamily.dnsalias.net/cgi-bin/squidGuard-simple.c
> > gi?clientaddr=%a&clientname=%n&clientident=%i&srcclass=%s&targ
> > etclass=%t&url=%u
> > ~ }
> > }
> >
> >
> > squid.conf:
> > (whole file is over 100k, but here's the redirector line)
> >
> > # TAG: redirect_program
> > # Specify the location of the executable for the URL redirector.
> > # Since they can perform almost any function there isn't
> > one included.
> > # See the FAQ (section 15) for information on how to write one.
> > # By default, a redirector is not used.
> > #
> > #Default:
> > # none
> >
> > redirect_program /usr/local/bin/squidGuard -c
> > /etc/squid/squidGuard.conf redirect_children 5
> >
> >
> >
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.1 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQE/it8GtwT22Jak4/4RAs2BAJ9lSG4p+7glE4y/5IY1NuwppuzBKQCg3YGV
> > uxxSkwbzqseYGcLwrwh2E3Y=
> > =Ylda
> > -----END PGP SIGNATURE-----
> >
> >
>
Received on Tue Oct 14 2003 - 01:33:41 MDT