Re: [squid-users] squid and squidguard from İsmail ÖZATAY on 2008-08-26 (squid-users)

From: İsmail ÖZATAY <ismail_at_ismailozatay.net>
Date: Wed, 27 Aug 2008 08:01:24 +0300

Marcus Kool yazmış:
> Hi Ismail,
>
> I would add a redirect statement to the int_net acl rule.
>
> observation: blocking porn without blocking proxies is the same as
> blocking nothing.
> You might want to try ufdbGuard: it is faster than squidguard, and has
> additional features for enforcing Google SafeSearch and verifying
> HTTPS traffic (certificates and optionally blocking HTTPS to IP
> addresses instead of FQDNs).
>
> -Marcus
>
>
> İsmail ÖZATAY wrote:
>> Hi ,
>> I am using 2.6.STABLE6 on CentOS 5.2 + squidguard 1.3 & p1,p2,p3 +
>> berkeley db 2.7. Everything seems ok without any problem but when i
>> use redirect_program in squid.conf my internal network connect
>> bypassing the squidguard. I searched something but can not fix it ?
>> Can anybody help me ? Here is my config;
>>
>> squidGuard.conf
>> -----------------
>> logdir /usr/local/squidGuard/log
>> dbhome /usr/local/squidGuard/db
>>
>> src int_net {
>> ip 192.168.0.0/24
>> }
>> dest porn {
>> domainlist BL/porn/domains
>> urllist BL/porn/urls
>> }
>> acl {
>> int_net {
>> pass !porn all
>> }
>> default { pass none
>> redirect http://www.google.com.tr
>> }
>> }
>>
>>
>>
>> squid.conf
>> -----------
>> http_port 0.0.0.0:3128
>> acl all src 0.0.0.0/0.0.0.0
>> redirect_program /usr/local/bin/squidGuard -c
>> /usr/local/squidGuard/squidGuard.conf
>> acl manager proto cache_object
>> acl localhost src 127.0.0.1/255.255.255.255
>> acl to_localhost dst 127.0.0.0/8
>> acl SSL_ports port 443
>> acl Safe_ports port 80 # http
>> acl Safe_ports port 21 # ftp
>> acl Safe_ports port 443 # https
>> acl Safe_ports port 70 # gopher
>> acl Safe_ports port 210 # wais
>> acl Safe_ports port 1025-65535 # unregistered ports
>> acl Safe_ports port 280 # http-mgmt
>> acl Safe_ports port 488 # gss-http
>> acl Safe_ports port 591 # filemaker
>> acl Safe_ports port 777 # multiling http
>> acl CONNECT method CONNECT
>>
>> http_access allow manager localhost
>> http_access deny manager
>> http_access deny !Safe_ports
>> http_access deny CONNECT !SSL_ports
>>
>>
>>
>>
>>
>
>
Also i saw that this is a commercial product. Do you know any free
software like this ?
Received on Wed Aug 27 2008 - 05:01:39 MDT

This archive was generated by hypermail 2.2.0 : Wed Aug 27 2008 - 12:00:04 MDT