Re: [squid-users] squid and squidguard

From: Marcus Kool <marcus.kool_at_urlfilterdb.com>
Date: Tue, 26 Aug 2008 12:46:02 -0300

Hi Ismail,

I would add a redirect statement to the int_net acl rule.

observation: blocking porn without blocking proxies is the same as blocking nothing.
You might want to try ufdbGuard: it is faster than squidguard, and has
additional features for enforcing Google SafeSearch and verifying
HTTPS traffic (certificates and optionally blocking HTTPS to IP addresses instead of FQDNs).

-Marcus

İsmail ÖZATAY wrote:
> Hi ,
> I am using 2.6.STABLE6 on CentOS 5.2 + squidguard 1.3 & p1,p2,p3 +
> berkeley db 2.7. Everything seems ok without any problem but when i use
> redirect_program in squid.conf my internal network connect bypassing the
> squidguard. I searched something but can not fix it ? Can anybody help
> me ? Here is my config;
>
> squidGuard.conf
> -----------------
> logdir /usr/local/squidGuard/log
> dbhome /usr/local/squidGuard/db
>
> src int_net {
> ip 192.168.0.0/24
> }
> dest porn {
> domainlist BL/porn/domains
> urllist BL/porn/urls
> }
> acl {
> int_net {
> pass !porn all
> }
> default { pass none
> redirect http://www.google.com.tr
> }
> }
>
>
>
> squid.conf
> -----------
> http_port 0.0.0.0:3128
> acl all src 0.0.0.0/0.0.0.0
> redirect_program /usr/local/bin/squidGuard -c
> /usr/local/squidGuard/squidGuard.conf
> acl manager proto cache_object
> acl localhost src 127.0.0.1/255.255.255.255
> acl to_localhost dst 127.0.0.0/8
> acl SSL_ports port 443
> acl Safe_ports port 80 # http
> acl Safe_ports port 21 # ftp
> acl Safe_ports port 443 # https
> acl Safe_ports port 70 # gopher
> acl Safe_ports port 210 # wais
> acl Safe_ports port 1025-65535 # unregistered ports
> acl Safe_ports port 280 # http-mgmt
> acl Safe_ports port 488 # gss-http
> acl Safe_ports port 591 # filemaker
> acl Safe_ports port 777 # multiling http
> acl CONNECT method CONNECT
>
> http_access allow manager localhost
> http_access deny manager
> http_access deny !Safe_ports
> http_access deny CONNECT !SSL_ports
>
>
>
>
>
Received on Tue Aug 26 2008 - 15:46:12 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 27 2008 - 12:00:04 MDT